Cybersecurity Key to Protecting Critical Energy Infrastructure

Sam Winstel
Posted August 7, 2020

Modern, resilient natural gas and oil infrastructure is vital to maintaining U.S. energy affordability and economic competitiveness. As the industry undergoes rapid digitalization, reliability remains fundamental to energy operations, particularly as cybersecurity risks present emerging challenges.

The U.S. has been subject to an increasing volume of malicious cyberattacks from China, Russia and other foreign adversaries, posing a persistent threat to our national security and grid reliability. Within the next two years, 2.5 billion industrial devices will be brought online in the energy industry, meaning the need to protect our critical infrastructure assets has never been more urgent.

This week, the Senate Energy and Natural Resources Committee convened a hearing to examine efforts to improve cybersecurity in the energy sector, highlighting industry-government collaboration toward advanced technologies and appropriate public policies. Sen. Lisa Murkowski opened:

“The threat of cyberattacks by foreign adversaries and other sophisticated entities is real and it’s growing…We cannot allow hostile foreign nations to disrupt our way of life. Energy is the lifeline for all critical infrastructure sectors, and protecting our critical infrastructure is the first step in ensuring its continuity.”

To date, the energy industry has bolstered resilience to cyberthreats with comprehensive cybersecurity programs that minimize enterprise risks by embracing digitalization. Businesses have prioritized the protection of intellectual property and operational technology, pioneering upgrades to the visibility, monitoring and asset management capabilities for industrial devices and energy infrastructure networks.

According to a 2018 report from API and the Oil and Natural Gas Subsector Coordinating Council, voluntary frameworks and public-private solutions, rather than prescriptive federal regulations, offer businesses the know-how and flexibility to respond to the ever-changing security landscape.

During Wednesday’s congressional hearing, Thomas O’Brien, Senior Vice President and Chief Information Officer of PJM Interconnection, explained the value of industry-driven and cross-sector collaboration:

“The importance of working across the industry, and with our state and federal government partners – and even across other critical infrastructures like telecom, finance, water and gas – to share threat information and best practices cannot be overstated. Threat intelligence and learning from others in relation to threats and prevention is critical to managing any cybersecurity program.”

Additionally, Steven Conner, President of Siemens Energy, underscored the industry’s cybersecurity leadership through coalition building and information sharing. Siemens Energy has leveraged its expertise by establishing partnerships with the Energy Cybersecurity Alliance, the Cyber Emergency Response Team Collaboration and, most recently, the New York Power Authority to develop a cybersecurity research and innovation center.

The Department of Energy and Federal Energy Regulatory Commission have demonstrated additional support for broad cybersecurity solutions by introducing government frameworks for identifying vulnerabilities and promoting best practices. The National Institute of Standards and Technology’s Cybersecurity Framework has also been incorporated into recommendations across the U.S. private sector, helping organizations manage cyberthreats to the energy supply chain.

Today’s natural gas and oil industry is high-tech and digitally connected, making operations safer, more efficient and more environmentally friendly. Cooperative and adaptable approaches to cybersecurity and critical infrastructure protection – in coordination with federal, state and local governments – will allow the industry to deliver affordable, reliable energy and strengthen America’s national security.