New Cybersecurity Standard for Pipelines Provides Comprehensive Approach to Cyber Defense
The American Petroleum Institute (API) published its third edition of Standard 1164, Pipeline Control Systems Cybersecurity, underscoring the natural gas and oil industry’s ongoing commitment to protecting the nation’s critical infrastructure from malicious and potentially disruptive cyber-attacks.
In development since 2017, the edition is a result of expert input from more than 70 organizations, including state and federal regulators within FERC, TSA, PHMSA, CISA, DoE, NIST, as well as Argonne National Laboratory, the American Gas Association, Interstate National Gas Association of America, the Association of Oil Pipe Lines and numerous pipeline operators.
It is based on the NIST (National Institute of Standards and Technology) Cybersecurity Framework and NERC-Critical Infrastructure Protection standards and significantly expands the scope compared to the previous edition of the standard to cover all control system cybersecurity instead of solely supervisory control and data acquisition systems.
“The new edition API Std 1164 builds on our industry’s long history of engaging and collaborating with the federal government to protect the nation’s vast network of pipelines and other critical energy infrastructure from cyber-attacks,” API Senior Vice President of API Global Industry Services Debra Phillips said. “This standard will help protect the nation’s critical pipeline infrastructure by enhancing safeguards for both digital and operational control systems, improving safety and preventing disruptions along the entire pipeline supply chain.”
This framework has an adaptive risk assessment model that provides operators with an appropriate degree of flexibility to proactively mitigate against the rapidly evolving cyber threat matrix, Phillips said.
“This premier standard helps the operator manage cyber-risks associated with control system cybersecurity environments by providing requirements and guidance for proper isolation of control system environments from non-control system environments,” American Gas Association Senior Vice President for Safety, Operations and Security Christina Sames said.
This expansion of the standard supports the Biden administration’s national security priorities as well as the United Nations Sustainable Development Goal 9 for resilient infrastructure. The updated standard establishes requirements to harden pipeline cybersecurity assets against a range of threats, including those posed by ransomware. It provides enhanced protections at critical connection points along the supply chain, specifically at pipelines, terminals, and refineries. Additionally, it includes improved risk assessment guidelines, a comprehensive model for implementing pipeline cybersecurity, and a framework for building out a robust industrial automation control security program as part of the U.S. Transportation Security Administration required corporate security program.
“API Std 1164 reflects state-of-the-art cybersecurity protections tailored specifically to pipeline operations,” Association of Oil Pipe Lines President and CEO Andy Black said.
This new edition pairs with other API standards to form a framework that is integral to industry’s ongoing work to counter cyber threats, including:
- API 780 – Provides tools to conduct effective security risk assessments, which are used to identify threats to facilities as well as countermeasures to those threats. Last October, API 780 was certified as an anti-terrorism technology by the U.S. Department of Homeland Security (DHS) under the Support Anti-terrorism by Fostering Effective Technologies Act of 2002. This provides liability protection if API members and others using API 780 have a terrorist attack at one of their facilities.
- Recommended Practice 1173 – Pipeline Safety Management Systems provides pipeline operators with safety management system requirements that when applied provide a framework to reveal and manage risk, promote a learning environment, and continuously improve pipeline safety and integrity.
Related News
Related News
- Energy Transfer Subsidiary Selects KTJV for Lake Charles LNG Export Project
- Phillips 66 to Shut LA Oil Refinery, Ending Major Gasoline Output Amid Supply Concerns
- FERC Sides with Williams in Texas-Louisiana Pipeline Dispute with Energy Transfer
- U.S. Appeals Court Blocks Kinder Morgan’s Tennessee Pipeline Permits
- ConocoPhillips Eyes Sale of $1 Billion Permian Assets Amid Marathon Acquisition
- U.S. Appeals Court Blocks Kinder Morgan’s Tennessee Pipeline Permits
- Malaysia’s Oil Exports to China Surge Amid Broader Import Decline
- U.S. LNG Export Growth Faces Uncertainty as Trump’s Tariff Proposal Looms, Analysts Say
- Marathon Oil to Lay Off Over 500 Texas Workers Ahead of ConocoPhillips Merger
- Valero Considers All Options, Including Sale, for California Refineries Amid Regulatory Pressure
Comments