U.S. Energy Secretary Ernest Moniz announced in June a public-private partnership to strengthen protection of the nation’s oil and natural gas infrastructure from cyber attacks. Led by the Department of Energy and in collaboration with industry experts, the Department of Homeland Security and other stakeholders, the initiative will create a tool that allows owners and operators to assess their cyber security capabilities and prioritize their actions and investments to improve cyber security.
“As cyber threats continue to increase in frequency and sophistication, helping critical infrastructure owners and operators across the energy sector identify opportunities to strengthen their own cyber security capabilities is a top priority,” Moniz said. “Building on the successes in the electricity industry, this initiative for the oil and gas sector is an important step in moving us closer to achieving the department’s vision of resilient energy delivery systems that can survive a cyber incident while sustaining critical functions.”
Officials from the DOE, the White House, Homeland Security, other federal agencies, Carnegie Mellon University’s Software Engineering Institute and the Oil & Natural Gas Sector Coordinating Council met on June 27 with representatives from the sector to launch this initiative. Over the next several months, the DOE will host a series of meetings during which the initiative’s participants will collaborate to create a draft maturity model. More than a dozen owners and operators are expected to participate in a subsequent pilot program that will assess the maturity model’s effectiveness and validate results. Following the pilot, the model will be updated and released to the industry.
The new Oil and Natural Gas Cybersecurity Capability Maturity Model (ONG-C2M2) will leverage the Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2). The ES-C2M2 tool was developed last year as part of a White House initiative to support the private sector and utilities to determine their current cyber security resources and identify additional steps to help strengthen their defenses. The ES-C2M2 is now used across the electricity industry.
Maturity models, which rely on best practices to identify an organization’s strengths and weaknesses, are widely used by other sectors to improve performance, efficiency and quality. When the ONG-C2M2 is completed it will be used by the oil and natural gas sector to offer critical benefits to help identify the unique strengths and weaknesses of the industry.