On Sept. 13, Massachusetts’ Merrimack Valley was rocked by a series of gas line explosions leaving one person dead and many injured. In the towns of Lawrence and Andover, houses were destroyed and thousands of people left without gas heading into the New England winter. As clean-up began from the tragedy, there was chatter in local cybersecurity circles that the devastation could have been the result of a cyberattack.
As it turned out, preliminary results from the National Transportation Safety Bureau investigation into the Merrimack Valley explosions suggests that faulty maintenance work triggered inaccurate pressure readings, which led to the explosions.
However, it’s still important for Columbia Gas — and every other utility — to have a risk management plan for worst-case scenarios. Organizations need to have cyber-risk mitigation plans in place just as they do for physical disasters.
Both Massachusetts Senators Elizabeth Warren and Ed Markey stated that they believe Columbia Gas did not have an adequate risk management plan for this type of potential disaster. Moving forward, evaluating cyber risk be given the same attention as replacing old iron pipes.
…
