In addition to cooler temperatures, October brings National Cybersecurity Awareness Month. Cybersecurity has always been a priority for the interstate natural gas pipeline industry. INGAA recognizes that with the increase in natural gas demand and accompanying infrastructure, comes an increased responsibility to protect and defend our country’s critical infrastructure from cyber threats.
INGAA and its member companies work diligently to secure and protect the U.S. natural gas system from cyber threats through ongoing and regular collaboration with federal government agencies. These federal agencies, such as the FBI, the Department of Transportation, and the Department of Homeland Security (DHS) have access to classified threat intelligence data and broad understanding of practices and approaches for mitigating cybersecurity risks. This access, paired with the industry’s understanding of its own critical infrastructure, results in strong collaboration and even stronger security for natural gas pipelines. This collaboration is key to protecting our nation’s natural gas infrastructure from cyber threats and mitigating the impacts of rare, but serious attacks.
“The growing threat of nation-state backed attacks requires a coordinated and comprehensive approach across all critical infrastructure and across all Federal agencies supporting national security.”— INGAA Testimony before the U.S. House Subcommittee on Cybersecurity, Infrastructure Protection & Innovation, Subcommittee on Transportation and Maritime Security, and Committee on Homeland Security.
Last year, DHS established the Cybersecurity and Infrastructure Security Agency (CISA), which is responsible for protecting the nation’s critical infrastructure by coordinating and fostering partnerships between a range of government and private sector groups. The Pipeline Cybersecurity Initiative, a cross-agency partnership between the Transportation Security Administration (TSA), DHS’s CISA and Department of Energy (DOE), was created to identify trends and assess the unique cybersecurity risks that pipeline operators face. INGAA and our member companies strongly support the initiative and believe it gives operators and regulators a greater understanding of risks. This understanding leads to better-informed actions that can be adapted when risks change.
“In this environment of rapidly evolving cyber threats, it is important that we take an approach that enables flexibility and allows us to quickly adapt and update protocols… We need the flexibility and ability to build on our baseline practices to look forward towards addressing the threats of the future.”—Don Santa, President and CEO of INGAA
INGAA’s member companies deploy a multifaceted security strategy that implements additional systems and protocols like the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The framework outlines ways to employ five strategic functions: identify, protect, detect, respond and recover. Pipeline operators also utilize resources like the Downstream Natural Gas Information Sharing and Analysis Center (ISAC),the Oil and Natural Gas Information Sharing and Analysis Center (ONGISAC) and CISA’s National Cyber Awareness System to dispense information across the industry in real-time, ensuring rapid response to security incidents and threats.
In addition to preventative measures outlined above, pipeline operators also monitor in real-time flow-rates and pressures on pipeline segments through their Supervisory Control and Data Acquisition (SCADA) systems, having backup control and data rooms in alternate locations to ensure quick recovery in the event of a cyber-attack. In the event any of these backup systems are compromised, pipeline operators can also manually control pipelines to ensure product continues to be delivered to customers.
INGAA and our members are strongly committed to ensuring the security, reliability and resilience of natural gas transmission pipelines. In a world of ever-evolving cyber threats, INGAA will continue to support its member companies and the federal government to maintain the safety and security of our nation’s natural gas pipeline infrastructure.
About the author: Mike Isper serves as INGAA’s Director of Security, Reliability and Resilience and has over 13 years of direct pipeline security experience from both the public and private sectors.