The oil and natural gas industry considers collaboration to combat a growing tide of cybersecurity threats a priority. The American Petroleum Institute just released a report describing the industry’s resilience and preparedness.
The report, co-sponsored by the Oil and Natural Gas Subsector Coordinating Council (ONG SCC) and the Natural Gas Council, provided a peek for the public and lawmakers to understand the cybersecurity capabilities of the natural gas and oil industry.
“Natural gas and oil companies recognize that their assets are the targets of a growing number of increasingly sophisticated cyberattacks perpetrated by a variety of attackers including nation-states and organized international criminals,” said the report, which concludes that cyberattacks pose “enterprise risks” that can compromise the viability of a company, leading many companies to develop comprehensive cyber approaches.
The report listed numerous federal agencies that partner with the private sector over cybersecurity, including the Transportation Security Administration, the Department of Homeland Security and the Department of Energy.
Key points from the report:
- Companies acknowledge that cyberattacks can present “enterprise risks” – risks that could compromise the viability of a company – and have developed comprehensive approaches to cybersecurity.
- Companies orient their information technology (IT) and industrial control systems (ICS) cybersecurity programs to leading frameworks and best-in-class standards, especially the National Institute of Standards and Technology Cybersecurity Framework and the ISA/IEC 62443 Series of Standards on Industrial Automation and Control Systems (IACS) Security.
- Cyber threats are not new or unique to pipelines; they are present across the energy system, including at coal and nuclear plants. Pipeline companies have layers of security in place to protect against cascading failure, which also include mechanical controls that are not capable of being overridden through any cyber compromise of ICS.
- The natural gas system is highly resilient because the production, gathering, processing, transmission, distribution and storage of natural gas is geographically diverse, highly flexible and elastic, characterized by multiple fail-safes, redundancies and backups.
- Reliance upon voluntary mechanisms including proven frameworks and public-private collaboration, rather than prescriptive standards or regulations, is the best way to bolster the cybersecurity of natural gas and oil companies and the energy infrastructure they operate, and to afford the necessary flexibility and agility to respond to a constantly changing cyber threat landscape.