As major security breaches began making headlines more than a decade ago, the leadership of Southwest Gas designated cybersecurity as a top priority, focusing on employee training and building business continuity through relationships within the company and with industry partners, security partners, local and federal law enforcement, and regulators.
Through these relationships and in alignment with proven methods, the utility developed comprehensive plans that are regularly tested and adaptable to threats—proactive steps that have earned Southwest Gas national recognition as one of the world’s top 50 organizations driving exceptional security projects and initiatives.
CSO, a principal information source to help security leaders make critical decisions about risk and security practices according to Foundry, awarded Southwest Gas the CSO50 award, which recognizes industry-leading vision and investments in cybersecurity that result in resilience and innovation.
“Southwest Gas is part of the nation’s critical infrastructure—homes and businesses depend on us, so we can’t risk the safe and reliable delivery of natural gas to an interruption from a cyberattack,” Raied Stanley, Southwest Gas vice president, information services, and chief information officer, told American Gas.
Cybersecurity efforts have been evolving over the past decade. In 2020, Southwest Gas invested in a quantitative risk management initiative aimed at improving the risk analysis process with a focus toward building leadership’s understanding of new and evolving threats and increasing the company’s overall cyber defenses, he said.
Southwest Gas adopted the nationally recognized Factor Analysis of Information Risk, or FAIR, quantitative risk analysis model. “Unlike other risk assessment models that focus their output on qualitative color charts or numerical weighted scales, the FAIR model speaks quantitatively to all areas of the business in the language businesses are most accustomed to—dollars and cents,” Stanley said.
Current world events have not changed the utility’s cybersecurity strategic objectives since the company already knew it could be a critical infrastructure target, but its partnerships have become even more important, Stanley said.
“Our collaborations with the American Gas Association, Downstream Natural Gas–Information Sharing Analysis Center, FBI, Cybersecurity Infrastructure Security Agency and the Transportation Security Agency keep us up to date with the latest information and helps ensure Southwest Gas is positioned to take appropriate precautions and respond quickly when necessary,” Stanley said.
Southwest Gas is the only utility named to the CSO50 Awards list, which also includes companies such as Accenture, FedEx, Kraft Heinz Company and Verizon.
