latest-news-headlines Market Intelligence /marketintelligence/en/news-insights/latest-news-headlines/gas-sector-focused-on-resilience-defenses-as-cyberrisk-mounts-experts-say-57041872 content esgSubNav
Log in to other products


Looking for more?

Contact Us
In This List

Gas sector focused on resilience, defenses as cyberrisk mounts, experts say


Essential Energy Insights - March 2021


what is the impact of the eu sustainable finance disclosure regulation sfdr


Episode 8: What the SolarWinds compromise means for information security


Infographic Q4 20 US Power Forecast

Gas sector focused on resilience, defenses as cyberrisk mounts, experts say

As cybersecurity threats to the energy space mount, gas industry advocates said the sector remains focused on fielding and recovering from the onslaught of attacks.

Redundancies in the U.S. interstate natural gas pipeline system reduce the chances of a successful attack threatening gas distribution across the nation, panelists noted Feb. 10 at the National Association of Regulatory Utility Commissioners Winter Policy Summit in Washington, D.C.

There has been an uptick in threats to the sector over the last decade, Zoe Cadore, policy adviser with the American Petroleum Institute, acknowledged but she took exception with what she said is a misconception that interstate pipelines are uniquely susceptible to cybersecurity attacks.

"We're not worried in the sense that we have in place the methods that are needed to ensure that the infrastructure is going to be protected or if there is a breach that we would be able to respond quickly and adequately, but at the same time we're not arrogant in the sense that we don't think that there isn't more to do," Cadore said in an interview. "We're constantly developing new practices. We're constantly testing the system to ensure that we're aware of every possible threat and that we know how to respond to every possible threat but also to prevent that threat."

She expressed confidence in pipeline companies' expertise and prevention methods, as well as their collaborations with the government. She touted the mutual relationship of these collaborations: The industry relies on the federal government for protection from foreign adversaries, and the government also relies on the industry to protect the nation's natural gas assets.

"As of today, there has yet to be a successful cyberattack within our interstate pipeline system," she said.

While communication is crucial to understanding the threats facing the sector, isolation in certain areas can also be an advantage. Sharla Artz, senior vice president of government and external affairs of the Utilities Technology Council — which focuses on telecommunications in energy infrastructure — said utilities often build and operate their own communication networks for "mission-critical functions," such as emergency shutoffs. While the industry relies on telecommunications companies for some services, it also established its own systems to ensure especially high reliability standards in the interest of safety and security.

Following natural disasters, there have been a few instances when commercial carriers' networks failed while utilities' private communications systems remained up and running, she noted.

"We engineer our systems in such a degree to prevent single points of failure," Artz said. "We build in a lot of redundancy into our systems to have that high level of reliability just because we're required for lots of standards reasons or requirements from the state, et cetera."

Redundancy and resilience are a necessary part of weathering today's cyber climate, according to Brian Finch, a partner with Pillsbury law firm with expertise in cybersecurity threats. Echoing sentiments from a prior discussion at the conference, Finch said there is "no such thing as the elimination of the cyberrisk."

"We are always, always vulnerable and no matter what is done there will always be another methodology, another way to bring risk and effectuate harm," Finch, who has advocated on behalf of the American Gas Association and other utility-related groups, said.

Beyond considering methods of prevention, utility commissioners must also focus on helping the private sector quickly recover from an attack, he said. A successful cyberattack does not equate to failure, he added, noting that even the best minds in the defense community cannot stop all enemy probes.

"I think there's a great level of confidence that if something — God forbid — were to happen, that we'd be in a good position to fairly quickly recover from that," Finch said in an interview, later adding that cyberattacks are "just part of the overall global game that's been going on for a millennia, and this is just the new venue and form in which it's happening, and so in that sense it's not overly worrisome."