Over the past year, the nation’s natural gas utilities have examined their security, performed vulnerability assessments, and made appropriate enhancements to their security programs. Such enhancements included supplementing current emergency plans with terrorist risk elements, strengthening physical barriers, tightening control access, adjusting frequency of patrols, and confirming response and recovery actions with local law and emergency officials. As the industry has assessed their risk from terrorist attack, these basic principles have prevailed:
Actions taken in response to terrorist threats must be REASONABLE.
Our industry has taken RESPONSIBILITY for securing our critical assets - have in the past and will continue to in the future.
Educate and REASSURE the government agencies, Congress, and the states that the industry has focused on security both pre and post 9/11 - and will continue to take steps that are appropriate based on the true vulnerability or threat.
Approaching the one-year anniversary of the attack on America, below are the critical infrastructure protection programs AGA and the industry have completed or continue to pursue.
AGA’s Natural Gas Security Committee, in partnership with INGAA’s Security Task Group, developed security guidelines for the industry that were submitted in June 2002 to DOT's Office of Pipeline Safety. Also submitted was the "Security Guidelines for the Natural Gas Industry" to DOE. The report provides an approach for vulnerability assessment, a critical facility definition, detection/deterrent methods, response and recovery, cyber security, and relevant operational standards.
AGA and its members participated in homeland security workshops sponsored by the Office of Homeland Security (OHS) and the RAND Corporation. The purpose of this effort was to define the nature of the modeling, simulation and analysis that is needed to help protect the Nation's critical assets, systems, and infrastructures. The input provided by the industry will be incorporated into the President’s National Physical Infrastructure Protection Plan (September 2002 release).
Threat Alert Notification
AGA has continued to disseminate threat alerts received from OHS, FBI, DOE, and DOT. Many of our members also receive those alerts directly from the government entities. AGA participates in weekly FBI briefings and is working with the Energy ISAC to strengthen their information sharing and threat dissemination solution.
A joint AGA and INGAA project is underway to study the supply response to a catastrophic outage (i.e. possible terrorist attack) and what impact those conditions would have to customers during peak and other usage periods. The study will initially focus on the Northeast and Mid-Atlantic. Using modeling and simulation tools, the participating distribution and transmission companies will use the findings to review existing gas allocation and emergency operations plans. In addition, recommendations will be made for mitigating regulatory barriers that may hinder timely restoration.
For the past year, in the development of guidelines and communicating industry status to the federal government and state regulators, AGA and member company representatives have been working closely with INGAA, API, APGA, EEI, NERC, Natural Gas Council, NARUC, and state/regional gas associations. In terms of government partnerships, the industry has been in constant contact with representatives at all levels of the Office of Homeland Security, DOT, DOE, FERC, FEMA and FBI.
Congressional interest in security is very high and has resulted in the introduction of legislation that includes AGA supported provisions addressing critical infrastructure protection, FOIA, antitrust, and terrorism insurance. Specific legislative initiatives that AGA has played a role in shaping include National Energy Policy, Pipeline Safety, Critical Infrastructure Information Protection (FOIA & Antitrust), Cost Recovery (NARUC Resolution), Cyber Security, and Terrorism Insurance.
The Automation and Telecommunications Committee, in collaboration with GTI and EPRI, is developing an encryption protocol standard to protect gas and electric SCADA systems from cyber attack. The results will assist member companies in improving the security of their SCADA systems by evaluating the benefits of encrypting SCADA signals. Other cyber initiatives include the Technology Advisory Council sponsored Vulnerability Assessment and Managed Security Services Program, membership in the Partnership for Critical Infrastructure Security (PCIS), and Advisory Committee member for the Energy ISAC.
Close to 100 member companies have participated in AGA committees focused on infrastructure security over the past year. These committees include: Security, Integrity & Reliability Committee (Industry CEOs), Natural Gas Security Committee (physical), Operating Section Managing Committee, Technology Advisory Council (cyber), Operations Safety Regulatory Action Committee, Automation and Telecommunications (SCADA), Gas Control (Regional Planning), Supplemental Gas (LNG), Risk Management (Insurance), and Legal Committee.
Information Sharing & Workshops
Over the past year, AGA has held numerous workshops and forums to discuss and share information related to security. These have included the Natural Gas Security Summit, Energy IT Conference & Expo, Operations Conference, Fall Committee Meetings (special International Security Roundtable), Leadership Conference Calls, Regional Association Conference Calls, SCADA Encryption Workshops and joint AGA Natural Gas Security Committee and EEI Security Committee meetings.
Developed at the request of the board level Security, Integrity & Reliability Committee, AGA published the "Natural Gas Utilities: Security and Reliability" publication. This brochure highlighted security initiatives in the industry and will be used by AGA and its members in communicating with consumers, regulators, and the media. Other communication channels used to provide information about infrastructure security include the AGA website (www.aga.org), Executive Bulletin, American Gas magazine, media interviews, and letters to the editor.