Embed Size (px)
Citation preview
LET’S TALK ABOUT HOW INDUSTRY IS ADVANCING
CYBERSECURITY
© Copyright 2018, all rights reserved. Digital Media | DM2018-116 |PDF
As the owners and operators of some of the nation’s most critical infrastructure, industry companies take seriously the protection of industrial control systems and prevention of disruptions to the energy delivery system that can impact national security and the public. According to federal officials, cyberattacks are increasing across many industries, which has the attention of corporate executives in the natural gas and oil industry and reinforces the ongoing efforts to keep our nation’s pipelines and other natural gas and oil facilities safe.
Even so, because natural gas is the leading fuel for generating electricity, there have been calls for congressional hearings to discuss threats to the U.S. natural gas pipeline network. So, let’s talk about what industry is and has been doing to advance cybersecurity.
ACTIONS, NOT PROCESSES, PROTECT OUR INFRASTRUCTURE
The risks our industry faces are not new. The natural gas and oil industry addresses these threats at the highest levels by corporate boards and senior executive staffs. This is seen in:
Ü Close cooperation with federal officials in multiple agencies
Ü Individual company cybersecurity programs that are aligned the federal government’s National Institute of Standards and Technology (NIST) Cybersecurity Framework and the ISA/IEC 62443 Series of Standards on Industrial Automation and Control Systems (IACS) Security, both of which are used widely by other industries and sectors
Ü 52 natural gas and oil companies – including a number of the nation’s largest natural gas pipeline operators – share cyber threat intelligence with each other and with the federal government as members of the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC)
SYSTEMATIC MANAGEMENT, FLEXIBILITY AND AGILITY
The industry’s comprehensive approach toward cybersecurity is based on robust governance, systematic risk-based management and multi-dimensional programs that use the best international cybersecurity standards and proven frameworks, such as the NIST Cybersecurity Framework.
CYBERSECURITY IS A TOP PRIORITY FOR THE NATURAL GAS AND OIL INDUSTRY.
Natural gas and oil companies have developed intricate approaches to cybersecurity similar to industry’s approach to managing risks of safety: robust governance, systematic risk-based management, and multi-dimensional programs based on best-in-class standards and proven frameworks
This approach spans the breadth of the natural gas and oil industry, from the wellhead to pipelines to the supplying of power generators and natural gas utilities to refining and gasoline stations.
We believe relying on this approach and these frameworks, with public-private cooperation at the center, is superior to prescriptive regulation – that is, to new layers of regulation and government management, which some advocate. Quickly evolving cyber threats can render prescriptive regulations either incomplete, misguided, or obsolete before they can even be reformulated by regulators. Industry’s current approach provides the needed flexibility and agility to meet the ever-changing nature of cyber threats.
PROVEN RESILIENCE AND PREPARATION FOR ALL HAZARDS
Industry’s infrastructure is highly automated and relies on complex industrial control systems. These controls include supervisory control and data acquisition, process control networks and distributed control systems, which keep operations running. Yet the natural gas industry and its infrastructure are resilient in the face of cyberthreats, extreme weather and direct physical attacks. That’s what the Natural Gas Council found in a report issued earlier this year.
In addition, in order to respond and recover from potential cyber incidents in the same way as we do for other all other hazards, industry:
Ü Plans for and conducts exercises that test responses various threat scenarios
Ü Applies initiatives and activities developed by government, industry or through partnerships to address a wide array of potential threats and hazards
Ü Shares threat and risk information in classified briefings
Ü Constantly works to improve information sharing
Ü Develops situational awareness reports
The industry welcomes a cybersecurity discussion because a lot of hard work – not always apparent to the public eye – is already ongoing and continually strengthening the nation’s energy infrastructure. Those efforts continue to ensure the safe and reliable delivery of natural gas to customers of all types throughout the year.
FROM THE REPORT:
The physical operations of natural gas production, transmission and distribution make the system inherently reliable and resilient. Disruptions to natural gas service are rare. When they do happen, a disruption of the system does not necessarily result in an interruption of scheduled deliveries of natural gas supply because the natural gas system has many ways of offsetting the impact of disruptions. [T]here is low risk of single point of disruption (regardless of cause) resulting in uncontrollable, cascading effects.
