Category Archives: cybersecurity

Rebecca Massello Marrying Safety and Security – Natural Gas Utilities Build a Better Tomorrow

Promoting a culture of safety has long been the mantra for natural gas utilities. It is core to everything we do. The end goal is simple: protect the general public and our employees, while ensuring the continued safe and reliable delivery of natural gas to our customers. Carrying out this shared goal is the responsibility of every natural gas utility. Recognizing the importance of this role, the American Gas Association adopted the AGA’s Commitment to Enhancing Safety, which outlines voluntary actions being taken by AGA or individual operators.

Post September 11, we saw a new set of challenges on the home front and for critical infrastructure – security. Safe and reliable delivery of natural gas is critical to the health, safety, and economic well-being of our Nation, and natural gas utilities take this charge seriously. Natural gas utilities have historically taken measures to physically protect their assets from sabotage or unintentional harm. These physical security measures are often referred to as “guns, gates, and guards” and are intended to secure the perimeter and keep bad “things” out. As technology has continued to evolve, these tactics have become more advanced, employing technologies like microwave sensors, motion detectors, access controls, and alarms, all intended to give the operators more information and tools to protect their critical assets.

Beyond physical security, there is another rapidly evolving security threat – cyber adversaries. These adversaries can come in many forms, from nation states, to home grown extremists, to activists, to cyber criminals. Whoever the adversary, we face an uphill battle as we leverage an increasing amount of remote and automated technologies that help us to do our jobs more efficiently and reliably. Demonstrating this challenge, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has reported that the energy sector accounted for 20 percent of total reported incidents in 2016.[1] The increased deployment of automated technologies must also come with the appropriate cybersecurity controls to help ensure that cyber adversaries are not successful in their ultimate goal. To that aim, we apply a portfolio of tools, policies, procedures and practices intended to make it harder for the adversaries to access critical cyber networks and cause harm.

Today, we demonstrate that we are not just a culture of safety. We are a culture of safety AND security. Last year, the AGA Board of Directors approved AGA’s Commitment to Cyber and Physical Security, articulating our collective goal to stand up against the growing and dynamic security threats that exist. This commitment outlines our voluntary actions to identify, protect, detect, respond, and recover from threats and attacks. While we plan to keep the adversaries out and prevent attacks, we also know that some battles may be lost in this ongoing war, and we also plan how we will quickly recover and continue to reliably deliver critical services to our customers. All these guiding principles are outlined in this commitment statement.

There are approximately 2.5 million miles of pipelines making up the natural gas transmission and distribution infrastructure in the United States.[2] AGA’s members own and operate 2.2 million miles of this infrastructure. The signed letters of commitment to security that AGA has received to date collectively represent 2 million — or 90 percent — of AGA mileage, illustrating our dedication to these voluntary security actions.

As we march forward and carry out the principles outlined in this industry commitment, we continue to ensure that security is integral to everything we do. The security challenge is one that cannot be taken with complacency, and natural gas utilities are up to the challenge as we proactively take steps to help ensure that natural gas delivery continues to be safe, reliable, and secure into the future. For more on our commitment, click here.

[1] https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2016_Final_S508C.pdf

[2] Based on PHMSA Annual Report Data, April 2017

Posted in cybersecurity, safety | Comments Off on Marrying Safety and Security – Natural Gas Utilities Build a Better Tomorrow

Christina Nyquist Protecting Critical Energy

President Obama and the U.S. Department of Homeland Security have declared November to be National Critical Infrastructure Security and Resilience Month to “reflect on the important role our infrastructure plays in building a safe and prosperous Nation,” and to “recommit to strengthening and protecting these important assets.”

Comprising more than 2.4 million miles of pipelines throughout the United States, the nation’s natural gas delivery system is robust, extensive and resilient. It is a vital component of America’s critical infrastructure. Every day, more than 177 million Americans depend on the safe, reliable delivery of natural gas to run hospitals, schools and industrial facilities, heat and cool their homes and businesses, cook their meals, wash and dry clothes and fulfill many other essential needs. The men and women of the more than 200 local natural gas delivery companies that make up AGA’s membership work vigilantly to monitor, maintain and strengthen natural gas infrastructure to help ensure that natural gas can be safely and reliably delivered to the homes and businesses that depend on it for daily life, and to mitigate interruptions from storms and other severe weather conditions, physical and cyber threats and other disruptions.

Image Credit: DHS.gov

Image Credit: DHS.gov

Natural gas utilities are consistently upgrading and modernizing existing infrastructure to help ensure safety and reliability. In addition to continued infrastructure investment, AGA and its member companies have a number of programs in place to draw on the resources and expertise of natural gas utilities nationwide to help ensure that utilities can plan, prepare and respond to threats to security and energy delivery.

Mutual Assistance

During extreme weather events or other disaster scenarios, natural gas utilities can call on the AGA Mutual Assistance Program to reach out to other utilities throughout the nation for additional crews, resources and support. This program sent more than 400 personnel to help New Jersey utilities prepare and respond during 2011’s Hurricane Sandy, assisting those affected and restoring service to the homes and businesses impacted by the storm.

Threat Information Sharing

Natural gas utilities also work to enhance the security of natural gas operations against cyber threats that could result in service disruption, financial, property or information loss, or even injury or loss of life. In October 2014, AGA launched the Downstream Natural Gas Information Sharing Analysis Center, which allows natural gas utilities to access and share the information they need to understand cyber threats, protect their systems and customers and respond.

How You Can Help

We all have a part to play in natural gas safety and in protecting ourselves and critical infrastructure from security threats. As customers or members of communities where natural gas is used, you can help by:

  • Making sure natural gas appliances and fuel lines are properly maintained
  • Reporting the smell of natural gas immediately to your local natural gas utility
  • Calling 811 before any digging or excavation project to make sure utility lines are marked and you can avoid damaging them
  • Paying attention to safety communications from your local utility
  • Reporting suspicious activities to your local law enforcement officials
  • Engaging in smart online behavior and password protection to defend yourself and others from cyber intrusions or attacks. Learn more about cybersecurity at staysafeonline.org.
Posted in cybersecurity, Natural Gas, safety | Comments Off on Protecting Critical Energy

Lisa O'Leary October Marks National Cybersecurity Awareness Month 2014

In this day and age, nearly every aspect of our lives has become digital. Even when we’re not directly connected to the Internet, our critical infrastructure — the vast, worldwide connection of computers, data and websites supporting financial transactions, transportation systems, healthcare records, emergency response systems, personal communications and more — is and it impacts us all.

National Cybersecurity Awareness Month (NCSAM) – celebrated each October – was created to help engage and educate public and private sectors about the importance of staying safe online through special events and initiatives. Since its inception 11 years ago, NCSAM has grown exponentially, and information about online safety continues to adapt to the changing threats that exist, reaching consumers, small and medium-size businesses, corporations, educational institutions and people across the nation.

banner 300x250

According to the National Cybersecurity Alliance (NCSA), securing cyberspace, including the devices and networks we use, is a shared responsibility. Individual actions have a collective impact and using the Internet safely makes it more secure for everyone. If each person does their part by implementing stronger security practices, raising community awareness, educating family and friends, and training employees, our digital society will be safer and more resistant from cyber-attacks.

This year, each week of NCSAM has a theme to help focus on core issues:

  • Week 1 (October 1-3) – Stop. Think. Connect.
  • Week 2 (October 6-10) – Secure Development of IT Products
  • Week 3 (October 13-14) – Critical Infrastructure and The Internet
  • Week 4 (October 20-24) – Cybersecurity for Small- and Medium-Sized Businesses and Entrepreneurs
  • Week 5 (October 27-31) – Cybercrime and Law Enforcement

AGA will once-again be an active participant of NCSAM by posting blog articles related to the weekly themes, as well as daily content on our Facebook and Twitter pages using the official hashtag, #NCSAM. Let us know how your organization is informing utility customers about how to stay safe online in the comments section below. AGA will feature your efforts on our blog and social media accounts.

Posted in cybersecurity, education, events, safety, technology | Comments Off on October Marks National Cybersecurity Awareness Month 2014

Lisa O'Leary National Cybersecurity Awareness Month: Creating Strong Passwords

*AGA’s Director of Information Technology Nate Craft co-authored this article.

The internet is part of nearly every aspect of our lives from the home to work to play. With the swipe of a tablet or smartphone, you can manage your bank account, pay your bills, communicate with colleagues, friends and family around the world, and store and access information from virtually anywhere. However, it also means that our personal information is at a greater risk of being compromised than ever before – making cybersecurity one of our nation’s top priorities.

ncsam10_logoNational Cyber Security Awareness Month (NCSAM) – celebrated every October – was created as a collaborative effort between government and industry officials to educate the public and private sectors through special events and initiatives. Since its inception 10 years ago, NCSAM has grown exponentially, and information about protecting ourselves online continues to reach consumers, small and medium-size businesses, corporations, educational institutions and people across the nation.

So how do we protect ourselves from cyberattacks? The National Cybersecurity Alliance says everyone has a role in securing their part of cyberspace, including the devices and networks they use, starting with strong username and password combinations. Until a more secure method of authentication is conceived there are certain best practices you can utilize when creating a password to better secure your online accounts.

These best practices include:

  •  Use numbers and special characters in passwords: A common technique for “cracking” a password is known as a brute force attack in which a file containing a large list of common words is used to attempt to guess a password. By adding numbers and special characters to your password it will become more difficult to compromise your password via a brute force attack.
  • The longer the password the better: Longer passwords take longer to “crack” because they have more characters and are therefore more difficult to guess.  Most websites require a minimum password length of eight characters, but it is good idea to use a longer password. For example, a 12 character password is twice as strong as an eight character password.
  • Use a different password for every site: Using a different password for each site that you have an account on will ensure that if your password is compromised on one site it is not compromised on all the other sites for which you have accounts.
  • Use a password management application: There are several applications available that can store and maintain your passwords for you. These applications make use of modern cryptography in order to securely store your password in an encrypted file. Instead of remembering 20 passwords you only need to remember one password to unlock your password file.

As part of the month-long initiative, AGA will be posting weekly blog articles about cybersecurity topics, as well as daily content on our Facebook page and Twitter handle using hashtag #NCSAM. Let us know how your organization is informing utility customers about how to stay safe online in the comments section below. AGA will feature your efforts on our blog and social media accounts.

Posted in cybersecurity, energy, people, safety, technology | Comments Off on National Cybersecurity Awareness Month: Creating Strong Passwords