Upping Our Game

CybersecurityBlue Dividing RuleUpping Our GameThe natural gas industry is continuing its proactive stance on cyber safetyAG Image with Caption NEWAlthough cybersecurity has long been a priority for natural gas utilities, it’s impossible to measure progress without some sort of template or baseline.For that reason, the American Gas Association partnered with the U.S. Department of Energy and others from across the energy sector to develop a self-evaluation tool that looks at an organization’s cybersecurity posture.The Cybersecurity Capability Maturity Model, or C2M2, created in 2011, breaks down more than 300 cybersecurity practices across 10 domains and allows an organization to assess itself against common cybersecurity practices.“AGA has strongly advocated for the use of the self-evaluation tool as an important addition in the natural gas industry’s commitment to continued cybersecurity improvement—and a majority of members have done so,” AGA Security, Operations and Engineering Services Specialist Kegan Gerard told American Gas.For a version that’s more user-friendly than the DOE-provided Excel workbook, AGA provides access to a secure online portal for members to complete an online assessment that walks them through the 10 domains, he said. AGA has also conducted a series of workshops for utility representatives that included guided walk-throughs of the model and deep dives for specific domains.“The industry recognizes that cyber and physical security are two core elements of ensuring reliable delivery of energy to our communities, and we should be continually improving our security posture,” Gerard said.More recently, AGA staff and more than 25 pipeline and utility companies participated in an industrial control system training exercise offered by Idaho National Labs, a national leader in cybersecurity.“Lab employees shared information about threats and tactics they see, as well as tactics that can be used to mitigate the threats,” Gerard said.The participants divided into two teams—red for attackers and blue for defenders—and did a hands-on simulation of protecting a chemical plant under attack. “We could see things through the eyes of an adversary, which gave us a better understanding of how to combat the attack,” he said.Exercises such as this are important in keeping cybersecurity of primary importance. AGA is currently working with the DOE in updating C2M2 to ensure it incorporates emerging cybersecurity practices and aligns with the National Institute of Standards and Technology Cybersecurity Framework, Gerard said.American Gas - June 2019Sensus USA Inc.User GuideMastheadPresident’s MessageBearing a Special MessageClear ChoicePilot ProposalDigestThink Beyond PinkSeeking SolutionsSmall Solution, Big ResultsPromptly PleaseUpping Our GameBurns McDonnellAround The WorldPeoplePlacesIllinoisCaliforniaNew YorkTexasEnduro PipelineVirginiaIowaMichiganMissouriA Bright Dividing LineRometStrong Ambition2019 AGA Membership DirectoryAmerican Gas AssociationAmerican GasHighland EquipmentJobsA.Y. McDonaldImproving the Air Quality of LifeAd IndexNext IssueWhen You Plant a SeedNatural Gas Odorization Conference & ExhibitionPipetel