Securing the midstream

Oil pipelines are a prime target for cyberattacks, with vulnerabilities that threaten not only operational integrity but also national security, economic stability and environmental safety. Despite growing awareness of these threats, the midstream industry remains plagued by fragmented regulations, legacy systems and an expanding attack surface. With the increasing convergence of operational technology (OT) and information technology (IT) and the proliferation of new digital tools, operators face challenges that are technical, logistical and cultural.  The question isn’t whether pipeline systems will be attacked, but whether the sector is adequately prepared to defend against and recover from those attacks.

The state of cybersecurity in midstream operations

When assessing the cybersecurity posture of midstream operators, the picture is decidedly mixed. The companies responsible for transporting oil and gas range from large multinationals with vast resources to small, budget-constrained operators. As a result, the sector’s security practices vary widely, creating a patchwork of strengths and vulnerabilities. While high-profile incidents like the Colonial Pipeline attack of 2021 have shone a spotlight on the risks, progress across the industry has been uneven. The incident, which disrupted fuel supplies across the US East Coast for days, demonstrated just how exposed midstream systems are. It also revealed the catastrophic ripple effects that can occur when these systems are compromised. 

Yet, even as the attack prompted governmental agencies like the Transportation Security Administration (TSA) to issue directives for pipeline security, the lack of a unified regulatory framework has left many operators to fend for themselves. Unlike the power grid, which is governed by the NERC Critical Infrastructure Protection (CIP) standards, pipelines fall under TSA jurisdiction, where guidelines lack enforceable teeth. While TSA’s directives encourage operators to address vulnerabilities, the absence of rigorous compliance requirements means that implementation is inconsistent. Adding to the challenge is the sector’s resistance to more stringent oversight. Many operators prefer voluntary measures to avoid the costs and operational disruptions that more prescriptive regulations might entail. This dynamic leaves the sector vulnerable to evolving threats, even as attacks grow more sophisticated and damaging.

A sector under siege

The cyber threats facing midstream operators have evolved from nuisance-level incidents to attacks capable of inflicting widespread economic and societal harm. What was once a primarily IT-focused issue has expanded into a crisis encompassing both IT and OT domains. Ransomware attacks continue to dominate the threat landscape. The Colonial Pipeline attack was a reminder of the sector’s vulnerability to such campaigns, where attackers encrypt critical IT systems and demand payment for their release. While the attack did not directly target the pipeline’s OT systems, the operational shutdown that followed highlighted the interconnectedness – and fragility – of midstream operations.

Beyond ransomware, advanced persistent threats orchestrated by nation-states represent an even more insidious risk. These sophisticated attacks often infiltrate OT systems, where they gather intelligence or manipulate processes over long periods without detection. The consequences of such breaches can be catastrophic, ranging from pipeline failures to large-scale environmental disasters.

Insider threats, whether intentional sabotage or unintentional errors, add another layer of complexity. A careless click on a phishing email or a failure to follow proper security protocols can expose critical systems to attackers. This risk is compounded by the industry’s reliance on third-party vendors, whose own vulnerabilities can become entry points for cyber adversaries. The sector’s increasing reliance on IIoT devices, remote sensors and automation has also broadened the attack surface. While these technologies enhance operational efficiency and visibility, they often lack robust security measures, making them an attractive target for attackers seeking to exploit weak points. Challenges unique to midstream operations

What sets the midstream sector apart from other parts of the energy industry is its operational complexity. The nature of pipeline operations introduces cybersecurity challenges that are distinct and difficult to overcome.

One of the most significant challenges is the sector’s vast geographic footprint. Pipelines stretch across thousands of miles, often traversing state and national borders. This sprawling infrastructure creates an expansive attack surface that is difficult to monitor and secure comprehensively. Securing a pipeline is not like securing a refinery; we’re not just talking about a single location. You’re dealing with remote assets spread across entire regions. Adding to this complexity is the prevalence of ageing infrastructure and legacy systems.

  Many pipeline systems were designed decades ago, long before cybersecurity was a concern. These older systems often lack the computational capacity to support modern security tools, making retrofits expensive and technically challenging. The convergence of IT and OT systems further complicates matters. IT systems like billing and scheduling are now increasingly integrated with OT systems that control the physical operations of pipelines. While this integration offers efficiency gains, it also creates new vulnerabilities. A breach in an IT system can cascade into the OT environment, disrupting operations and potentially causing physical harm.

Applying lessons learned

All this underscores the need for a more proactive and consequence-driven approach to cybersecurity in the midstream sector. Operators cannot afford to wait for the next crisis to act. One critical lesson is the importance of prioritising high-impact assets. Instead of trying to secure every component equally, operators should focus on systems and assets that, if compromised, would have the greatest impact on safety, uptime and revenue. This approach requires detailed risk assessments and a deep understanding of operational interdependencies. Another lesson is the value of early detection and rapid response. Many attacks succeed because anomalies – such as failed commands or unauthorised access attempts – are not recognised or addressed in time. Implementing real-time monitoring systems and investing in advanced analytics tools can help operators detect and respond to threats before they escalate. Collaboration is also essential. The midstream sector involves multiple stakeholders, including operators, regulators and third-party vendors. Effective cybersecurity depends on close communication and shared intelligence among these parties. The seams in this system – whether between companies, states, or nations – are where attackers are most likely to strike.

Securing the future: strategies for resilience

If it’s going to strengthen its defences, the midstream sector must embrace a multi-faceted approach to cybersecurity that combines technology, governance and culture. First, operators must improve visibility and monitoring. Real-time data collection and analytics tools, powered by artificial intelligence and machine learning, can help identify anomalies across IT and OT systems. These tools not only enhance threat detection but also support better decision-making during incidents. Next, segmentation between IT and OT systems is critical. By maintaining clear boundaries between these environments, operators can prevent breaches in one domain from spreading to the other. At the same time, robust communication protocols must ensure that operational efficiency is not compromised.

Addressing the challenge of legacy infrastructure requires targeted investments. While wholesale replacement of ageing systems may be impractical, incremental upgrades – such as adding intrusion detection systems, secure communication protocols and firewalls – can significantly reduce risk. Finally, operators must manage third-party risks. This includes conducting regular audits of vendors, ensuring compliance with stringent security requirements, and monitoring for vulnerabilities in equipment and software provided by third parties.

To access the full version of this article and get a free trial subscription to World Pipelines, sign up here!

Read the article online at: https://www.worldpipelines.com/special-reports/06022025/securing-the-midstream/