Daily Archives: May 1, 2017

Rebecca Massello Marrying Safety and Security – Natural Gas Utilities Build a Better Tomorrow

Promoting a culture of safety has long been the mantra for natural gas utilities. It is core to everything we do. The end goal is simple: protect the general public and our employees, while ensuring the continued safe and reliable delivery of natural gas to our customers. Carrying out this shared goal is the responsibility of every natural gas utility. Recognizing the importance of this role, the American Gas Association adopted the AGA’s Commitment to Enhancing Safety, which outlines voluntary actions being taken by AGA or individual operators.

Post September 11, we saw a new set of challenges on the home front and for critical infrastructure – security. Safe and reliable delivery of natural gas is critical to the health, safety, and economic well-being of our Nation, and natural gas utilities take this charge seriously. Natural gas utilities have historically taken measures to physically protect their assets from sabotage or unintentional harm. These physical security measures are often referred to as “guns, gates, and guards” and are intended to secure the perimeter and keep bad “things” out. As technology has continued to evolve, these tactics have become more advanced, employing technologies like microwave sensors, motion detectors, access controls, and alarms, all intended to give the operators more information and tools to protect their critical assets.

Beyond physical security, there is another rapidly evolving security threat – cyber adversaries. These adversaries can come in many forms, from nation states, to home grown extremists, to activists, to cyber criminals. Whoever the adversary, we face an uphill battle as we leverage an increasing amount of remote and automated technologies that help us to do our jobs more efficiently and reliably. Demonstrating this challenge, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has reported that the energy sector accounted for 20 percent of total reported incidents in 2016.[1] The increased deployment of automated technologies must also come with the appropriate cybersecurity controls to help ensure that cyber adversaries are not successful in their ultimate goal. To that aim, we apply a portfolio of tools, policies, procedures and practices intended to make it harder for the adversaries to access critical cyber networks and cause harm.

Today, we demonstrate that we are not just a culture of safety. We are a culture of safety AND security. Last year, the AGA Board of Directors approved AGA’s Commitment to Cyber and Physical Security, articulating our collective goal to stand up against the growing and dynamic security threats that exist. This commitment outlines our voluntary actions to identify, protect, detect, respond, and recover from threats and attacks. While we plan to keep the adversaries out and prevent attacks, we also know that some battles may be lost in this ongoing war, and we also plan how we will quickly recover and continue to reliably deliver critical services to our customers. All these guiding principles are outlined in this commitment statement.

There are approximately 2.5 million miles of pipelines making up the natural gas transmission and distribution infrastructure in the United States.[2] AGA’s members own and operate 2.2 million miles of this infrastructure. The signed letters of commitment to security that AGA has received to date collectively represent 2 million — or 90 percent — of AGA mileage, illustrating our dedication to these voluntary security actions.

As we march forward and carry out the principles outlined in this industry commitment, we continue to ensure that security is integral to everything we do. The security challenge is one that cannot be taken with complacency, and natural gas utilities are up to the challenge as we proactively take steps to help ensure that natural gas delivery continues to be safe, reliable, and secure into the future. For more on our commitment, click here.

[1] https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2016_Final_S508C.pdf

[2] Based on PHMSA Annual Report Data, April 2017

Posted in cybersecurity, safety | Leave a comment