Cybersecurity for the Natural Gas Industry Infrastructure

Article excerpt

Dave McCurdy is currently President and CEO of the American Gas Association (AGA). He previously served in the US House of Representatives where he chaired the House Intelligence Committee. Mr. McCurdy has been involved in cybersecurity policy for over 20 years. He presented these proposals for securing the national critical infrastructure on May 21, 2013 before the House Committee on Energy and Commerce as part of the hearing on Cyber Threats and Security Solutions.

AGA represents more than 200 local energy companies that deliver natural gas to more than 71 million residential, commercial and industrial gas customers in the United States. AGA is an advocate for local natural gas utility companies and provides a broad range of programs and services for member natural gas pipelines, marketers, gatherers, international gas companies and industry associates. Today, natural gas meets almost one-fourth of U.S. energy needs.

Natural gas is the foundation fuel for a clean and secure energy future, providing benefits for the economy, our environment and our energy security. Alongside the economic and environmental opportunity natural gas offers our country comes great responsibility to protect its distribution pipeline systems from cyber attacks. Technological advances over the last 20 years have made natural gas utilities more cost-effective, safer, and better able to serve our customers via web-based programs and tools. Unfortunately, the opportunity cost of a more connected, more efficient industry is that we have become an attractive target for increasingly sophisticated cyber terrorists. This said, America's investor- owned natural gas utilities are meeting the threat daily via skilled personnel, robust cybersecurity system protections, an industry commitment to security, and a successful ongoing cybersecurity partnership with the Federal government.

Government-Private Partnerships & Cybersecurity Management: A Process that Works for Natural Gas Utilities

America's natural gas delivery system is the safest, most reliable energy delivery system in the world. This said, industry operators recognize there are inherent cyber vulnerabilities with employing web-based applications for industrial control and business operating systems. Because of this, gas utilities adhere to myriad cybersecurity standards and participate in an array of government and industry cybersecurity initiatives. However, the most important cybersecurity mechanism is the existing cybersecurity partnership between the federal government and industry operators. This partnership fosters the exchange of vital cybersecurity information which helps stakeholders adapt quickly to dynamic cybersecurity risks.

Background: The Homeland Security Act of 2002 provides the basis for Department of Homeland Security (DHS) responsibilities in protecting the Nation's critical infrastructure and key resources (CIKR). The Act assigns DHS the responsibility for developing a comprehensive plan for securing CIKR. This plan, known as the National Infrastructure Protection Plan (NIPP), identifies 18 critical infrastructure sectors within which natural gas transportation is a subsector of the Energy and Transportation Sectors. The NIPP states that more than 80 percent of the country's energy infrastructure is owned by the private sector, and that the Federal Government has a statutory responsibility to safeguard critical infrastructure. For this reason, information-sharing amongst industry operators and the government intelligence community is critical to cyber infrastructure protection.

AGA-Government Cybersecurity Partnerships: Natural gas utilities work with government at every level to detect and mitigate cyber attacks. In particular, AGA works closely with the Transportation Security Administration, Pipeline Security Division, the government entity designated to oversee physical and cybersecurity operations of distribution pipelines. AGA views our relationship with TSA as a true partnership that benefits all stakeholders because it allows government and pipeline owner/operators to exchange cybersecurity information typically not shared in a regulatory compliance-driven environment. …