AGA Supports Intent of TSA Cybersecurity Regulations

Washington, D.C. €“ The American Gas Association (AGA) supports today€™s announcement by the Transportation Security Administration (TSA) of new regulations for pipeline cybersecurity. 

€œWe support the intent of the recently issued Pipeline Security Directive. TSA is headed in the right direction and we look forward to identifying concrete measures to bolster our common mission of pipeline security and public safety,€ said Kimberly Denbow, AGA€™s Managing Director, Security and Operations. 

TSA€™s Security Directive indicated that pipeline operators must alert the government of cyber incidents. AGA has been at the forefront of public-private partnerships in the cybersecurity space including founding the Downstream Natural Gas Information Sharing and Analysis Center (DNG-ISAC) in 2015, the premiere cyber and physical threat sharing and analysis organization for the natural gas industry in the U.S. and Canada facilitating situational awareness and threat communication between operators and the federal government. In addition, AGA€™s Peer Cyber Review Program allows member utilities to consult with peer utility cyber subject matter experts and walk through a comprehensive AGA-developed assessment that aligns with TSA Pipeline Security Guidelines. 

Last week, the American Gas Association Board of Directors passed a resolution to support reasonable cybersecurity regulations. Elements of reasonable regulation would allow risk-based methodology; support a framework organized by the function€™s identity, protect, detect, respond and recover; permit operator flexibility to pivot to a constantly evolving cyber threat landscape; and align with natural gas industry cybersecurity guidelines and standards for operational technology. This is the next step in the evolution of€¯AGA’s Commitment to Cyber and Physical Security, which was developed to€¯demonstrate€¯dedication to ensuring that natural gas pipeline€¯infrastructure€¯remains€¯resilient to growing and dynamic cyber and physical security threats.€¯