API member companies share the objectives of policy makers regarding cybersecurity of the oil and natural gas industry – to protect critical infrastructure, to provide reliable energy for society, to safeguard public safety and the environment and to protect the intellectual property (IP) and marketplace competitiveness of companies. As operators and service providers of energy critical infrastructure in the United States and globally, protecting assets from cyber-attacks is a priority of API’s member companies.
Cybersecurity is a priority for the oil and natural gas industry in order to protect intellectual property and to protect industrial control systems (ICS) – also referred to as operational technology (OT).
Industry-Government Collaboration & Public Policy
API members companies are actively engaged with governments to strengthen collaboration on cybersecurity and to determine appropriate public policy – based on the following principles:
- API member companies believe that the private sector should retain autonomy and the primary responsibility for protecting companies’ assets against cyber-attacks.
- API member companies support voluntary collaboration and information sharing between the private sector and governments in order to protect critical infrastructure and the intellectual property of the oil and natural gas industry from cyber-attacks, especially through the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC).
- API member companies believe that governments should have the primary responsibility for deterring cyberattacks by nation states and organized criminal elements, including against the oil and natural gas industry.
- API member companies support the Cybersecurity Framework as the pre-eminent standard for companies’ cybersecurity programs and for policy making globally because it is (a) comprehensive, (b) a risk management approach, (c) scalable to different types and sizes of companies, and (d) widely used across the oil and natural gas and other industry sectors.
- API member companies urge policy makers to take a measured and coordinated approach to any potential new cybersecurity laws or regulations for the oil and natural gas industry, ideally based on a common understanding with industry on risks and based on the Cybersecurity Framework.
- API member companies treat cybersecurity as a top priority, and as owners and operators of critical energy infrastructure are providing the leadership, proactive solutions and ongoing coordination with federal agencies to help prevent future cyberattacks. The Oil and Natural Gas Subsector Coordinating Council (ONG SCC) recently released a report with API detailing the industry’s resilience and preparedness to defend itself against cyber threats: Defense-in-Depth: Cybersecurity in the Natural Gas and Oil Industry
Convening of the Oil and Natural Gas Industry
Since 2006, API has convened the annual Cybersecurity Conference & Expo in the United States, which brings together leading cybersecurity experts from oil and natural gas companies, government, academia and vendors. Since 2017, API has partnered with IOGP to convene the annual API-IOGP Europe Cybersecurity Conference.
API members treat cybersecurity as a top priority, and along with the Oil and Natural Gas Subsector Coordinating Council (ONG SCC) released a report describing the industry’s resilience and preparedness to defend itself and energy consumers against malicious cyber threats and providing insight for policymakers into the comprehensive cybersecurity programs of the natural gas and oil industry.