AGA Cybersecurity Procurement Language Tool

The AGA Cybersecurity Strategy Task Force has prepared this tool to assist AGA members with identifying appropriate cybersecurity language to include in procurement contracts. The specific language provided in this tool is based on the Cybersecurity Procurement Language for Energy Delivery Systems, published in April, 2014 jointly by the Energy Sector Control Systems Working Group, the Pacific Northwest National Laboratory, and Energetics Incorporated, with funding from the U.S. Department of Energy. The accompanying spreadsheet tools helps users identify recommended contract language based on risk tolerance and the type of purchase (e.g., hardware, software, and/or services). (Prepared April, 2017)

Cybersecurity Procurement Language Resources

These documents provide sample language and security requirements for the information and procurement process.

Threat Analysis

The material is presented in the form of a slide deck to serve as a guidance or template for AGA member company cybersecurity professionals to use to engage corporate leadership in discussion of leading gas utility cyber-based threats and general industry practices. Due to the extent of operational diversity across the natural gas utility industry, the content of this slide deck is intentionally presented at a high-level; deferring to the presenter to interject company-specific actions and measures. (Prepared August, 2014)

Other Cybersecurity Initiatives

This one-pager discusses how the Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (ONG-C2M2) and CSF align.

AGA technical note on protection natural gas pipeline SCADA infrastructure from cybersecurity threats. (Prepared June 28, 2012)

Developed by the AGA Gas Control Committee (GCC) and the Automation & Telecommunication (A&T) Committee, AGA 12, Part 1 is intended to serve as a guideline for voluntary implementation of a comprehensive cyber security posture. It focuses on providing background information for improved assessment of a company’s cyber security posture, suggesting policies for a comprehensive cyber security plan and offering a sample test plan for operator implementation. (Prepared March 14, 2006)