The U.S. Department of energy announced last week a new public-private partnership to strengthen protection of the nation’s oil and natural gas infrastructure from cybernetic attacks. Led by the Energy Department in collaboration with industry experts, the Department of Homeland Security, and other stakeholders, the initiative will create a tool that allows owners and operators to assess their cybersecurity capabilities and prioritize their actions and investments to improve cybersecurity.
“As cyber threats continue to increase in frequency and sophistication, helping critical infrastructure owners and operators across the energy sector identify opportunities to strengthen their own cybersecurity capabilities is a top priority,” said Secretary Moniz. “Building on the successes in the electricity industry, this initiative for the oil and gas sector is an important step in moving us closer to achieving the Department’s vision of resilient energy delivery systems that can survive a cyber incident while sustaining critical functions.”
Officials from the Energy Department, the White House, the Department of Homeland Security, other Federal agencies, Carnegie Mellon University’s Software Engineering Institute, and the Oil & Natural Gas Sector Coordinating Council met with representatives from the sector to launch this initiative. Over the next several months, the Department will host a series of meetings during which the initiative’s participants will collaborate to create a draft maturity model. More than a dozen owners and operators are expected to participate in a subsequent pilot program that will assess the maturity model’s effectiveness and validate results. Following the pilot, the model will be updated and released to industry.
The new Oil and Natural Gas Cybersecurity Capability Maturity Model (ONG-C2M2) will leverage the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2). The ES-C2M2 tool was developed last year as part of a White House initiative to support the private sector and utilities to determine their current cybersecurity resources and identify additional steps to help strengthen their defenses. The ES-C2M2 is now used across the electricity industry.
Maturity models, which rely on best practices to identify an organization’s strengths and weaknesses, are widely used by other sectors to improve performance, efficiency and quality. When the ONG-C2M2 is completed it will be used by the oil and natural gas sector to offer critical benefits to help identify the unique strengths and weaknesses of the industry.
The Energy Department has a long history of working closely with Federal partners, including the Department of Homeland Security, and private partners on cybersecurity of critical energy infrastructure. The Cybersecurity Maturity Model and Self Evaluation Survey Tool align with the Roadmap to Achieve Energy Delivery Systems Cybersecurity, which was developed by industry, facilitated by the Energy Department, and released in September of 2011.