Cybersecurity and the natural gas delivery system

Editor’s Note:  The authors are correct, “Public-private partnerships are the foundation for effective critical infrastructure protection and resilience strategies, and that timely, trusted information sharing among stakeholders is essential to the security of the  nation’s critical infrastructure.”  Public-private partnerships and approrpiate information sharing will need to be the cornerstone of any critical infrastructure cyber defense regulatory regime if it is to be effective, irrespective of whether the protections are mandatory, voluntary or hybrid.

From: Politico/Opinion Contributor


America’s natural gas utilities operate more than two million miles of  pipelines – the safest energy delivery system in the nation. Nothing is more  important to us than the safe and reliable delivery of natural gas to the more  than 177 million Americans who use it for heating, cooking, and hot water, as  well as the industries such as steel and chemical manufacturers that are  experiencing a rebirth due to the abundance of affordable natural gas.

Our nation is the top producer of this clean energy source, which provides an  opportunity to meet our national goals of boosting our economy, improving our  environment and increasing our energy security. We envision a future where  natural gas runs a significant number of our vehicles, generates power and  supports other forms of renewable energy. Utilities will continue to build the  21st-century energy infrastructure to deliver the promises of natural gas.

This new era of energy delivery comes with new challenges.  Ensuring the protection and resilience of the nation’s critical infrastructure  is a shared responsibility among multiple stakeholders. When it comes to  critical infrastructure operators, there are two types of companies: those that  have been hacked and those that have been and don’t know it yet. Our industry is  working with government at every level to detect and mitigate these cyber  attacks.

Natural gas utilities actively engage in cybersecurity management, with the  primary objectives of minimizing cyber vulnerabilities and increasing a system’s  ability to detect malicious cyber traffic, mitigating impact, and implementing  security measures that do not disrupt the safe and reliable delivery of natural  gas to customers.

Cybersecurity effectiveness in the natural gas industry is maximized in the  diversity of the protective approaches employed. In general, operators across  the industry use the “defense in depth” strategy to protect their control  systems. This military strategy, adapted to cybersecurity defense, seeks to  delay the advance of an attacker and entails the “layering” of tools and  mechanisms as appropriate for the particular operating system so to protect  against, detect, and mitigate compromise. This strategy begins with corporate  cybersecurity governance consisting of policies, standards and guidelines.  Constantly changing risks are regularly assessed and mitigated.

Public-private partnerships are the foundation for effective critical  infrastructure protection and resilience strategies, and that timely, trusted  information sharing among stakeholders is essential to the security of the  nation’s critical infrastructure.

We have encouraged all of our member companies to take advantage of the  cybersecurity tools available through our partnerships with the Transportation  Security Administration’s Pipeline Security Division and the U.S. Department of  Homeland Security’s Industrial Control Systems Cyber Emergency Response Team.  Officials from DHS have met with our board of directors and member companies to  review and assess threats.

There is no silver bullet. Cybersecurity is a continuous process that  requires companies to constantly manage their cyber risk. This entails assessing  business, process control, IT, and personnel safety systems for related  weaknesses and balancing the cost of addressing vulnerabilities with impacts on  safety, reliability, deliverability and cost-efficiency.

There is general agreement in basic principles for  cybersecurity legislation, including: expanded cybersecurity information sharing  between the government and the private sector; liability protections for  companies that share sensitive information with the government; federal support  for cybersecurity research and development; and, criminal penalties for  violations.

When crafting cybersecurity legislation or a related executive order,  government should focus on what industry vitally needs: more robust  cybersecurity information sharing between the government and private industry  that delivers real-time communication, technical assistance and mitigation  strategies. Furthermore, prescriptive regulation not only hinders a robust  cybersecurity program but weakens through standardization. Policy that  standardizes cybersecurity processes ignores the fact that system diversity is  key to thwarting cyber attacks. Furthermore, any policy that changes the  existing and successful cybersecurity partnerships could potentially undermine  the productive working relationships already in place.

The American Gas Association represents more than 200 local energy companies  committed to the safe and reliable delivery of clean natural gas. We work to  make sure utilities are informed, involved, protected, and represented  accurately in policy discussions and work in collaboration with others in the  both the natural gas and utility industry. Maintaining the safety and trust of  our customers is our top priority.

December is critical infrastructure protection and resilience month, an  opportunity to examine the systems that are the lifeblood of our nation and how  we can protect them from current and future threats. As we approach a new year,  we will continue to work with the relevant federal agencies to keep our nation’s  natural gas pipelines safe while we urge lawmakers in Washington, D.C. and  throughout the country to take strong but prudent steps on this vital issue.  Most importantly, we will take the actions necessary to continue to deliver  safe, efficient energy to all Americans.

Ron Jibson is the incoming chairman of the Board of Directors of the  American Gas Association for 2013 and the Chairman, President and CEO of Questar  Corp. in Salt Lake City.

Dave McCurdy is the president and CEO of the American Gas Association and  a former Chairman of the House Intelligence Committee.


Leave a Reply

Your email address will not be published.

Please Answer: *