Cyber and Facility Security


At the beginning of 2020, PHMSA announced its intent to inspect 100% of the regulated pipeline control rooms in the United States in the coming 3 years. Although the pandemic has slowed progress on this initiative the plan remains active.

With COVID-19 disruptions, domestic protests and riots, and foreign actors attacking our energy infrastructure, 2020 could charitably be described as turbulent. This volatility has made us look more closely at how we conduct our business and put safety and security front of mind in both our professional and personal lives.

Cybersecurity, facility security, controlled access, and hiring practices have all seen heightened scrutiny by operators, consultants, and those who regulate our industry. Pipeline operators have been put on notice that as PHMSA comes to inspect their control room management programs, they will also be having a conversation about security. As of now, PHMSA has not issued a set of inspection questions concerning security beyond what is currently required in the federal regulations but we can expect more focused and deeper review of current security protocols. .

So, how should operators prepare for such a discussion? DHS/TSA has several resources on their website, The Cybersecurity and Infrastructure Security Agency (CISA) guidance and their cybersecurity website,, are also useful sources of information.

The most important element of the conversation is planning and preparation for a cyberattack. Most operators have already suffered such attacks and experienced the impact of bad actors inside their systems; however, without proper safeguards and monitoring, cyberattacks may go unnoticed until infrastructure is compromised. Multiple disruptions of energy services (gas pipelines) have already occurred in recent months.

Be prepared, be proactive, be safe.

For questions concerning this topic and other federal or state regulatory matters, please feel free to reach out to our Regulatory Compliance group on our website or directly via email, or