Cyberattacks on US energy systems have become unavoidable, and enough have been successful that the sector and its regulators are increasingly focused on mitigation, response, and recovery.
Within the past 6 months, news has surfaced that hackers breached an industrial control system at a US power plant, infiltrated a third-party data system used for scheduling gas flows on pipelines, and broke into email accounts at the US Federal Energy Regulatory Commission. To date, no major effects have been reported, but the energy industry is confronting the risks.
Preparation is similar in ways to how utilities respond to a natural disaster: preparing for an event, communicating throughout the storm, deploying assets to recover, and relying on mutual assistance within the industry.
"Mutual assistance is something that's normal when you have weather-related outages but not necessarily the norm in cybersecurity," said Gladys Brown, who leads the National Association of Regulatory Utility Commissioners' committee on critical infrastructure. "Over the last 18 months, they've been doing more and more of that."
One key difference is that storm damage is more predictable than the effects of a cyberattack, so mutual assistance in the case of a cyber incident has to be up and running with far less notice.
The April attack on the third-party systems highlighted the vulnerability that energy companies also expose themselves to when they inevitably engage an outside entity to manage some part of their business.
Jim Linn, a cyber expert affiliated with the American Gas Association, compared the incident to a hack into retail chain Target's systems in 2013 that resulted in customer data being stolen.
Linn is the executive director at the Downstream Natural Gas-Information Sharing and Analysis Center (DNG-ISAC). It coordinates sharing of cyberthreat information. To limit cyberthreat entry points, DNG-ISAC members have been developing procurement guidelines for safely choosing third parties and incorporating government recommendations, according to Linn.
"We're still wrestling through that, having the right agreements in place, having the right protections in place," he said.
Read the full story here.
Don't miss our latest HSE content, delivered to your inbox twice monthly. Sign up for the HSE Now newsletter. If you are not logged in, you will receive a confirmation email that you will need to click on to confirm you want to receive the newsletter.
3 Oct 2019
- Calgary, Alberta, Canada
Being Human - reserve your place at this one-day course
3 - 4 Oct 2019
- Calgary, Alberta, Canada
For a better understanding of geomechanical factors, attend this course
1 Nov 2019
- Bali, Indonesia
Don't miss out!
9 - 11 Nov 2019
- Abu Dhabi, UAE
The programme combines expert input, case studies, and immersive scenarios from the E&P and other industries to embed your learning and enable you to progress to the next level of your career.
10 Nov 2019
- Abu Dhabi, United Arab Emirates
Safety Leadership focuses on the ‘Human Factors’ (HF) which complement technical training to optimize reliability, safety, compliance, efficiency and risks within a team-based environment.
This course will help you develop a better understanding of factors that could impact your daily economic decisions as well as establish a new set of applicable tools to use in your professional career.
Through this workshop, attendees will go through the different processes involved in strategic planning including the elements of organizational SWOT, business scenario and options development, elaboration of strategic options and communication to stakeholders.
HSE Now is a source for news and technical information affecting the health, safety, security, environment, and social responsibility discipline of the upstream oil and gas industry.
©2003-2019 Society of Petroleum Engineers, All Rights Reserved.