In the face of shifting threats, effective cybersecurity
calls for multifaceted strategy and
public-private partnerships BY kimBerlY denBow
h e a dway
All HAnds on deck
I
n an era of complex and ever-changing cyber threats,
America’s investor-owned natural gas utilities are meeting daily challenges with skilled personnel, robust system
protections, an industry commitment to security, and a successful ongoing cybersecurity partnership with the federal
government. Cybersecurity professionals employ a suite of
mechanisms in robust programs that aim to manage cyber
risks. Because of the diversity of operating systems across
the natural gas industry, no single patch or technology can
protect against all attacks. Operators apply a myriad
of practices to help secure networks, assess cyber
vulnerabilities, and integrate alerts from the U.S.
Department of Homeland Security’s Industrial
Control System Cyber Emergency Response
Team, or ICS-CERT.
ICS-CERT is a key participant in a publicprivate partnership between utilities and government, along with the other divisions in the
government intelligence community as well as
the Transportation Security Administration and the
U.S. Department of Energy. In simple terms, the government intelligence community understands cyber vulnerabilities, natural gas utilities understand their operations, and the
two come together in a constructive partnership to help protect
targeted critical infrastructure. Cyberthreats are hardly new, but
the impact of the threats has matured. The attackers’ techniques
are increasingly sophisticated, and the payloads are more complex. The natural gas sector is protecting two very different types
of networks: the enterprise network that involves customer and
financial data, and the operational network that includes control
systems. Potential targets must remain proactive in understanding
the attacks and the attackers, in identifying the threats and vulnerabilities, and in mitigating emerging risks.
They must also remain engaged with government to promote
better sharing of information and understanding of key issues.
AGA members continue to be active contributors. Examples of
40
AmericAn GAs april 2013
this engagement include the testimony of Gary Hayes, CIO of
Centerpoint Energy, before the U.S. House of Representatives
Committee on Homeland Security regarding cybersecurity, and
the presentations of Kevin Burke, CEO of Consolidated Edison,
and Rob Mims, managing director of Information Security of
AGL Resources, at conferences of the National Association of
Regulatory Utility Commissioners.
The escalation of cyberthreats is a leading concern. At AGA, we
believe the best thing government can do is partner with industry
and share actionable cybersecurity data that government intelligence is already collecting. An environment focused on
compliance rather than security will hinder timely acclimation to changing threats and threat actors.
Finally, government needs to provide industry
with safe harbors and liability protection to ensure
the free flow of information. Industry has to be
able to share data on cyberattacks without worry
that the information will leak to the press or impact
the market, and without concern that there could be
unwarranted legal repercussions.
AGA plays an important role in cybersecurity as a facilitator, an educator, and an advocate. The AGA Cybersecurity Strategy
Task Force actively addresses cybersecurity issues involving cyberrisk management, industry awareness and education, and advocacy
to governmental stakeholders.
Further, AGA regularly participates in working sessions and
classified meetings with the DHS, the FBI, the Secret Service, the
Department of Energy, the National Security Agency, the TSA,
the White House national security staff, and others.
The nation can’t realistically achieve 100 percent protection
against cyberattacks. But by working collaboratively, the natural
gas industry can continue to ensure the safe and reliable delivery
of the foundation fuel for our nation’s energy future. u
Kimberly Denbow is director, Engineer Services, at AGA, and chair of
the Oil & Natural Gas Coordinating Cybersecurity Working Group.
Table of Contents for the Digital Edition of American Gas - April 2013