API report on protecting the oil and gas industry from cyberattacks

“Cybersecurity is a top priority for the natural gas and oil industry,” said API President and CEO Mike Sommers. “As the owners and operators of critical energy infrastructure, our companies are providing the leadership, proactive solutions and ongoing coordination with federal agencies to help prevent future cyberattacks. Natural gas and oil pipeline systems are purpose-built to be highly resilient and our members are leaders in cybersecurity, sharing cyber threat indicators and intelligence with each other and with the US government through the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC).”

In conjunction with the report, API launched a video highlighting the American natural gas and oil industry’s investment in people and cybersecurity technology to keep America’s energy infrastructure safe and operating reliably. This is a reminder to the Administration and policymakers on Capitol Hill that the natural gas and oil industry – an industry that provides cleaner, more reliable energy – is committed to investing its own capital to maintain and safeguard its infrastructure.

Key points in the report include:

• Companies acknowledge that cyberattacks can present ‘enterprise risks’ – risks that could compromise the viability of a company – and have developed comprehensive approaches to cybersecurity.
• Companies orient their information technology (IT) and industrial control systems (ICS) cybersecurity programs to leading frameworks and best-in-class standards, especially the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the ISA/IEC 62443 Series of Standards on Industrial Automation and Control Systems (IACS) Security.
• Cyber threats are not new or unique to pipelines; they are present across the energy system, including at coal and nuclear plants. Pipeline companies have layers of security in place to protect against cascading failure, which also include mechanical controls that are not capable of being overridden through any cyber compromise of ICS.
• The natural gas system is highly resilient because the production, gathering, processing, transmission, distribution and storage of natural gas is geographically diverse, highly flexible and elastic, characterised by multiple fail-safes, redundancies and backups.
• Reliance upon voluntary mechanisms including proven frameworks and public-private collaboration, rather than prescriptive standards or regulations, is the best way to bolster the cybersecurity of natural gas and oil companies and the energy infrastructure they operate, and to afford the necessary flexibility and agility to respond to a constantly-changing cyber threat landscape.

For more than 15 years, API has convened its member companies to address cybersecurity defence and to pioneer solutions in systems technology, network security and critical infrastructure protection. This information sharing within the industry and also between industry and government is a critical component of a robust and effective cyber defence strategy.

Read the article online at: https://www.worldpipelines.com/business-news/01112018/api-report-on-protecting-the-oil-and-gas-industry-from-cyberattacks/