Federal Policy, Programs, and Legislation (Cybersecurity)
AGA is a primary resource for its members to stay abreast of Federal government cybersecurity-related policies and initiatives.
Below are some helpful resources for the Federal cybersecurity policies and initiatives that AGA is tracking.
The White House
Cybersecurity National Action Plan
On February 9, 2016, President Obama released the Cybersecurity National Action Plan (CNAP) that takes near-term actions and puts in place a long-term strategy to enhance cybersecurity awareness and protections. According to the Administration, cybersecurity is one of the most important challenges we face as a Nation. Government, businesses, and individuals need to join together to address this challenge, and a continued partnership with the owners and operators of critical infrastructure will improve cybersecurity and enhance the Nation’s resiliency. This AGA synopsis highlights areas of greatest relevance to natural gas operations.
U.S. Department of Homeland Security (DHS)
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)
ICS-CERT works to reduce risks within and across all critical infrastructure sectors by partnering with law enforcement agencies, the intelligence community, and governments as well as control systems owners, operators, and vendors. ICS-CERT also collaborates with international and private sector Computer Emergency Response Teams (CERTs) to share control systems-related security incidents and mitigation measures.
U.S. Department of Energy (DOE)
Roadmap to Achieve Energy Delivery Systems
The Roadmap outlines a strategic framework over the next decade among industry, vendors, academia and government stakeholders to design, install, operate, and maintain a resilient energy delivery system capable of surviving a cyber incident while sustaining critical functions.
DOE Cybersecurity for Energy Delivery Systems
The CEDS program assists energy sector asset owners and operators by developing cybersecurity solutions for energy delivery systems through integrated planning and a focused research and development effort. CEDS co-funds projects with industry partners to make advances in cybersecurity capabilities for energy delivery systems.
Transportation Security Administration (TSA)
Transportation Security Administration Pipeline Security Guidelines
AGA encourages operators to incorporate the 2011 guidelines, primarily Chapter 7, into their cybersecurity programs. This chapter allows for operator flexibility while complementing other existing cybersecurity guidelines or standards. This guideline was developed with the assistance of industry and government members of the Pipeline Sector and Government Coordinating Councils, industry association representatives, and other interested parties.
National Instiute of Standards and Technology (NIST)
NIST Cybersecurity Framework
Executive Order 13636, Improving Critical Infrastructure Cybersecurity directed NIST to work with stakeholders to develop a voluntary framework – based on existing standards, guidelines, and practices – for reducing cyber risks to critical infrastructure.