Maintaining the security of our nation’s cyber networks is vital to protecting the country’s natural gas infrastructure. Online threats continue to change, thus our industry must remain active, engaged and vigilant. Whether we’re discussing the 2.4 million miles of natural gas pipeline or the cyber networks that help our businesses to operate, safety is the number one priority for AGA and our more than 200 utility members.
Recognizing the ever changing cybersecurity landscape, it’s important to accept that you won’t be able to block every intrusion out there. It is critical that resources are dedicated towards both detecting an intrusion and limiting the ability of a cyber attacker to transverse the organization’s network. Many of our members are working with the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), part of the U.S. Department of Homeland Security, to accomplish this goal.
“A robust cybersecurity program has detection as a priority,” says AGA Director of Engineering Services Kimberly Denbow. “With a solid detection program, the operator increases the chances of slowing down the assault or stopping it before any critical functions or information is compromised.”
This layered approach, known as the “defense in depth” strategy is used by operators to protect control systems. Think of this as multiple doors an intruder would need to go through in order to access the inside of a closet in your home. Each door is rigged with a sensor or some type of detection mechanism. If the intruder made it into your house and to the closet, the chances of actually getting to your possessions inside the closet are significantly decreased because of the delays caused by the “layers,” or doors, and sensors that would be highlighted at each point.
It is important that companies continuously update and adapt their action plans in order to prepare for and detect potential cybersecurity attacks. Only through an environment that fosters increased operator awareness of cyber attacks and intrusion activities, increased information sharing, and increased training, can operators deploy customized cybersecurity platforms and mechanisms most suitable in a time-sensitive setting for their individual and distinct operational criteria. Government – private partnerships are critical to this end, and AGA is committed to these efforts and helping our membership reduce the risk of cybersecurity attacks that could significantly affect their businesses and the nation’s energy infrastructure.