API members treat cybersecurity as a top priority, and along with the Oil and Natural Gas Subsector Coordinating Council (ONG SCC) released a report describing the industry’s resilience and preparedness to defend itself and energy consumers against malicious cyber threats and providing insight for policymakers into the comprehensive cybersecurity programs of the natural gas and oil industry.
Key points from the report include:
Companies acknowledge that cyberattacks can present “enterprise risks” – risks that could compromise the viability of a company – and have developed comprehensive approaches to cybersecurity.
Companies orient their information technology (IT) and industrial control systems (ICS) cybersecurity programs to leading frameworks and best-in-class standards, especially the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the ISA/IEC 62443 Series of Standards on Industrial Automation and Control Systems (IACS) Security.
Cyber threats are not new or unique to pipelines; they are present across the energy system, including at coal and nuclear plants. Pipeline companies have layers of security in place to protect against cascading failure, which also include mechanical controls that are not capable of being overridden through any cyber compromise of ICS.
The natural gas system is highly resilient because the production, gathering, processing, transmission, distribution and storage of natural gas is geographically diverse, highly flexible and elastic, characterized by multiple fail-safes, redundancies and backups.
Reliance upon voluntary mechanisms including proven frameworks and public-private collaboration, rather than prescriptive standards or regulations, is the best way to bolster the cybersecurity of natural gas and oil companies and the energy infrastructure they operate, and to afford the necessary flexibility and agility to respond to a constantly-changing cyber threat landscape.
File Size: 11.7 MB
No comments:
Post a Comment