Cyber Security How Cyber Security Helps to Transport Gas Safely Across the Continent
Operating and maintaining a gas pipeline involves numerous safety concerns. Cyber security assessment is one of the solutions that helps to maintain safety parameters - especially when handling such explosive and flammable goods such as natural gas...
The pipeline organization, which was incorporated in the USA in the early 1900s, is one of the largest combinations of natural gas and electric utility companies. While large interstate natural gas pipelines may serve major wholesale users such as industrial or power generation customers directly, it is the distribution system that actually delivers natural gas to most retail customers, including
A gas utility‘s central control center continuously monitors flow rates and pressures at various points in its distribution system. Sophisticated computer programs are used to evaluate the delivery capacity of the network and ensure that all customers receive adequate supplies of gas at or above the minimum pressure level required by their gas appliances.
Computers are the Backbone of Today's Gas Economy
Today’s natural gas transmission and distribution systems are heavily dependent upon computer technology and supervisory control and data acquisition (SCADA) systems to operate safely and efficiently. For gas utilities, the challenges involved in ensuring effective cyber security are similar to those faced by bulk electric system and local power distribution providers, except that natural gas systems transport molecules, not electrons, and are equipped with safety devices, which are, in most cases, manually operable as federally required.
But all of these groups depend on communication infrastructures, computer technologies and people, to safely and efficiently transport the energy product to the end-user.
Risk Factors for Pipeline Operators
Designing, operating, and maintaining a pipeline facility to meet essential availability, reliability, safety, and security needs as well as process control requirements requires careful evaluation and analysis of all the risk factors. Attacks on a cyber system may involve only the cyber components and their operation, but those impacts can extend into the physical, business, human, and environmental systems to which they are connected.
A cyber event, whether caused by an external adversary, an insider, or inadequate policies and procedures, can initiate a loss of system control, resulting in negative consequences.
The user recognized the importance of the cyber security profile of its gas distribution pipelines and equipment. An operational incident underscored the need to better manage networks and data access. It had become clear that the company required expertise in the niche market of IT security as applied to critical control networks.
Taking The Risk out Of Gas Operations – What to Consider
Honeywell Industrial IT Solutions provided quality service and professional results to the client on more than one occasion. In this instance, they needed help assessing and remediating the cyber security vulnerabilities of their gas distribution pipelines and equipment. Their solutions for oil and gas pipelines promote safety, environmental responsibility, and efficient operations.
Honeywell’s industrial cyber security expertise has been evolving over the last decade, combining best practices from traditional IT with the needs of a complex process control environment. The cyber security vulnerability assessment is designed to examine the three core facets of an organization’s cyber security:
- People: What is the cyber security awareness level in the organization? Are staff members following security policies and procedures? Have they been adequately trained to implement the security program?
- Process: What are the cyber security policies and procedures in place in the organization? Do these policies and procedures meet key requirements?
- Technology: What cyber security technologies are in use in the organization? How are these technologies configured and deployed?
The assessment process takes inventory of all cyber assets, how they are connected and programmed. This includes servers, network switches, user terminals, desktop and laptop PCs, PLCs and controllers, terminal racks, wireless transmitters and receivers and mobile devices on the network.
Through the assessment, Honeywell’s team documented the vulnerabilities in all facets of the client’s pipeline operation, interpreted and assessed the associated cyber security threats, and provided a
roadmap to mitigate risks. This included:
- Site and system assessment—Review of particular site and system-specific vulnerabilities
- Policy and procedures assessment—Review of current policy and procedure documents.
- Compliance assessment—Review of operations and processes against applicable compliance standards and best practices
- Security baseline—Gauges progress against current status and operating model for security
- Risk assessment—Identifies appropriate levels of security for each asset
The final analysis included suggestions for improvement by order of importance, a project plan and order-of-magnitude costs for budgetary purposes. Going forward, Honeywell will help the client further develop or refine and execute their cyber security program.
Benefits of cyber Security for Gas Networks
As a result of cyber security vulnerability assessment solution provided by the company, a natural gas pipeline company was able to empirically identify and quantify all of the steps required to improve the security and reliability of its natural gas distribution pipeline network, and therefore increase the uptime and availability of its system.
The cyber security assessment identified all critical gaps within the enterprise. Once gaps were identified, the company helped the customer develop, implement and manage a comprehensive information security program to ensure current compliance with applicable industry regulations and ongoing protection of information and systems.