Cyber Attack Responsibility and Accountability

By ARUME

Imagine the scenario: you wake up to the news that gas stations across the country are experiencing disruptions due to a cyberattack. As a gas station owner, this could be a disaster for you. Beyond the initial chaos, there are important questions to consider: who's accountable if your station gets hacked, and what can you do to prepare and recover if you’re affected?

Who's On The Hook If A Station Gets Hacked?

In most cases, the responsibility falls on the gas station owner/operator. Here's why:

  • You control the equipment: The security of devices like TCP/IP cards installed for inventory management or environmental compliance is your responsibility. You choose the installer and you should ensure that proper security measures are implemented.
  • Third-party services: Even when using third-party services like environmental compliance monitoring, the accountability often lies with you. While these service providers might claim they weren't aware of creating a vulnerability, the owner/operator is ultimately responsible for the security of their systems.

Does Traditional Insurance Cover Cyber Attacks?

Even with specific cybersecurity insurance, you might not be eligible for coverage if your tank gauges have known vulnerabilities. Insurance companies view a cyber attack as an avoidable event if you haven't taken basic security precautions. It is advised to discuss this with your business insurance, to consider cybersecurity specific insurance, but most of all, consider the security and vulnerabilities of your station(s).

How To Prepare For An Attack

The good news: you can take steps to minimize the risk of a cyberattack and be better prepared to respond if one occurs. This is covered in a dedicated article, but here's an overview:

  • Securing your tank gauges: Learn about best practices for securing your tank gauges and the importance of moving away from vulnerable communication methods like polling tank gauges using TCP/IP without protection.
  • Developing a recovery plan: Having a plan in place will help you get your gas station back up and running as quickly as possible after a cyberattack.

By being proactive and taking cybersecurity seriously, you can protect your business, your customers, and the nation's critical energy infrastructure.