Cybersecurity is a Core Value of the Natural Gas Industry
Safety and security are core values for America’s natural gas utilities, and innovation by America’s natural gas utilities has continued to make natural gas service for homes and businesses more affordable, reliable, cleaner, safer and more secure.
As we’ve become a more connected and efficient industry, we have become an attractive target for increasingly sophisticated cyber criminals. But America’s investor-owned natural gas utilities are meeting the threat daily with skilled personnel, robust cybersecurity system protections, an industry commitment to security and a successful ongoing cybersecurity partnership with the Federal government. AGA and its member companies are committed to investing in leading security technologies, utilizing best practices and training and promoting an industrywide vigilant security culture to help fortify our security defenses.
The industry is working hard every day to stay ahead of those that seek to do us harm, which requires flexibility, collaboration and trust between industry and government. We ask that regulators take these elements into consideration when developing cybersecurity regulations. Static mandates and penalties are not going to keep our 2.6 million miles of natural gas pipelines safe from rapidly evolving cyber threats.
In May, the American Gas Association Board of Directors passed a resolution to support reasonable cybersecurity regulations and we support the intent of the Transportation Security Administration’s Pipeline Security Directives. We are headed in the right direction, and we look forward to identifying permanent and concrete measures to bolster our common mission of pipeline security and public safety.
A new requirement of one of TSA’s Security Directives requires pipeline operators to alert the government of cyber incidents within 12 hours. AGA has been a strong supporter of increasing intelligence sharing between government and the private sector in the cybersecurity space including founding the Downstream Natural Gas Information Sharing and Analysis Center (DNG-ISAC) in 2015. This platform is the premiere cyber and physical threat sharing and analysis organization for the natural gas industry in the U.S. and Canada. The DNG-ISAC facilitates situational awareness and threat communication between operators and the federal government. In addition, AGA’s Peer Cyber Review Program allows member utilities to consult with peer utility cyber subject matter experts and walk through a comprehensive AGA-developed assessment that aligns with TSA Pipeline Security Guidelines. In August, we collaborated with other energy industry trade associations on what we believe is the most efficient way to put effective pipeline cyber regulations in place, the third edition the American Petroleum Institute (API) standard 1164 on Pipeline Control Systems Cybersecurity.
AGA’s Managing Director, Security and Operations Kimberly Denbow testified before the House Homeland Security Committee’s Subcommittee on Cybersecurity, Infrastructure Protection and Innovation on September 1. Kimberly noted that AGA supports the provisions necessary for a workable incident reporting framework as laid out in the Cyber Incident Reporting for Critical Infrastructure Act of 2021. Making slight alterations, particularly regarding private sector involvement, can make this bill even stronger. This cyber incident reporting legislation has the potential to advance constructive reporting requirements. The key to meeting this potential lies with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and its commitment to the partnership.
TSA has been a valued partner on increasing cybersecurity vigilance since its founding in the aftermath of September 11, 2001. They understand, as well as we do, that our time is best spent protecting critical infrastructure rather than simply complying with one-size fits all regulations. For our customers and our communities, we will continue to stay one step ahead of the threat.