Protecting Infrastructure Against Cyber Threats
Posted June 12, 2018
Administration officials continue to push the idea of propping up failing coal and nuclear plants to ensure the health of the U.S. power system by asserting that the nation’s natural gas infrastructure is at heightened risk of cyber attack and other threats. There’s simply no substantiated evidence supporting their claim.
Here’s what you need to know about the security of our country’s natural gas infrastructure and industry’s efforts to guard against potential cyber threats:
Cybersecurity is a Top Priority
First, the natural gas and oil industry has prioritized and continues to enhance cybersecurity efforts designed to protect pipeline systems and other infrastructure as well as intellectual property. These risks are not new and command attention at the highest levels across industry from corporate boards and senior executive staffs. It’s on everyone’s radar.
Teaming Up With Government, Industry Partners
Natural gas and oil companies work closely with federal officials to address cybersecurity threats. Individual company cybersecurity programs are oriented with a cybersecurity framework established by the government’s National Institute of Standards and Technology (NIST) – a framework widely used by other industries and sectors. Companies also develop security regimes using other information security and industrial control systems standards.
In terms of implementation, these programs are based on market-leading solutions and shared practices.
More than 50 natural gas and oil companies – including a number of the nation’s largest natural gas pipeline operators – share cyber threat intelligence with each other and the federal government through the Oil and Natural Gas Information Sharing and Analysis Center. The ONG-ISAC is the primary means by which the U.S. Energy Department and other federal agencies already share cyber threats and work with the private sector to keep U.S. pipelines safe.
False Narrative on Threats
Again, the idea that U.S. natural gas infrastructure is vulnerable/more vulnerable to threats is false. That’s not to say cyber threats to pipelines aren’t real. But there’s no equating an elevated threat level with higher vulnerability. If there is a specific, credible threat to a pipeline or the system, then that information should be shared with industry so it can be acted upon immediately. The fact is pipeline operators continuously respond to threats and are improving the quality and sophistication of their defenses while collaborating with the federal government. Key points:
- Natural gas pipeline companies recognize the need to protect the use of automated controls – or industrial control systems. These aren’t unique to our industry; they’re prevalent across energy systems, including at coal and nuclear plants.
- The ISA/IEC 62443 Series of Standards on Industrial Automation and Control Systems Security (which are referenced by the NIST framework) have been adopted widely by natural gas pipeline operators.
- The natural gas system is highly resilient because production, gathering, processing, transmission, distribution and storage is highly flexible and elastic, characterized by multiple fail-safes, redundancies and back-ups.
As we say, the misguided assertion that there’s heightened risk to natural gas infrastructure that then threatens the health of the national electricity grid follows other attempts to justify bailouts for uneconomical coal and nuclear plants. These have included claims the grid needs a more diverse fuel supply and that natural gas supplies to fuel power generation have been affected by extreme weather events. We’ve posted rebuttals on those claims a number of times in recent months, including here and here.
Now there are false alarms about security, with Federal Energy Regulatory Commissioners Neal Chatterjee and Richard Glick suggesting that the Energy Department should oversee the security of natural gas pipelines instead of TSA – even though TSA deals with cybersecurity threats every day and the natural gas and oil industry already works with TSA on pipeline issues. The nation’s natural gas infrastructure doesn’t need new oversight (and, possibly, new layers of regulation).
The national electricity grid is healthy and well-supplied from a fuel standpoint, with natural gas leading the way as a fuel source for generating power. There’s no emergency, as some in the administration have asserted.
Neither is there a lack of concern or preparation or investment in protecting the nation’s natural gas infrastructure from cyberattack. Cybersecurity is a top priority for the industry, with our companies working closely together and with federal officials to address potential threats.
Let’s close with some of what is being said about the administration’s cybersecurity gambit, as a justification for coal and nuclear bailout scheme:
Dena E. Wiggins, Natural Gas Supply Association:
“Propping up aging and uneconomic power plants through the Defense Production Act, the Federal Power Act or other unnecessary federal intervention is a short-sighted action that drives up customer costs and undermines well-functioning power markets. It is an inappropriate use of the federal government’s emergency powers that is even more egregious when even the regional power grid authorities at PJM say there is no emergency. We need to move away from a narrow focus on resuscitating individual projects and refocus the discussion on what lies at the heart of resiliency – the ability to reliably serve power customers in the most cost-efficient manner over both the short and the long-term.”
John E. Shelk, Electric Power Supply Association:
“There was no emergency when coal and nuclear interests sought federal relief and there is none today that justifies such unprecedented Executive Branch intervention in the economic life of the country. The economic consequences are profound for power suppliers and consumers. This proposed federal action is a bell that cannot be called back once it is rung. Forever more suppliers and consumers will be at the whim of the fuel preferences of whoever happens to be in office. This needlessly raises costs for consumers and merely shifts the risk of premature retirement to newer, more efficient power plants that compete with coal and nuclear.”
John Hughes, Electricity Consumers Resources Council:
“Any action taken by the Department of Energy today to use 202(c) and DPA to prop up uneconomic coal and nuclear plants is unnecessary, anticompetitive and would increase the price of electricity to businesses and consumers, resulting in a substantial loss of U.S. manufacturing capacity jobs.”
Todd Snitchler, API Market Development Group Director:
“The Administration’s draft plan to provide government assistance to those coal and nuclear power plants that are struggling to be profitable under the guise of national security would be unprecedented and misguided. The natural gas and oil industry is committed to strengthening national security and is playing a leading role in reducing our decades long dependence on foreign energy. … Cleaner and abundant U.S. natural gas and the infrastructure that supports it is powering one in three homes and businesses today and serving as a critical partner in renewable generation. As an industry we stand ready to do our part to protect our nation’s energy and national security.”
About The Author
Mark Green joined API after a career in newspaper journalism, including 16 years as national editorial writer for The Oklahoman in the paper’s Washington bureau. Previously, Mark was a reporter, copy editor and sports editor at an assortment of newspapers. He earned his journalism degree from the University of Oklahoma and master’s in journalism and public affairs from American University. He and his wife Pamela have two grown children and six grandchildren.