For the power, oil, and natural gas industries, a growing array of physical and electronic threats, coupled with decaying infrastructures and strained budgets is a recipe for disaster. Over the past few years, countless broadcasts of threats, risks, and actual incidents have been reported. From computer system hackings to gas pipeline failures, the energy industry is under continuous pressure to preserve and upgrade the resiliency of our critical infrastructures. However, until resilience is secured and infrastructures have been upgraded, companies must continue to prioritize safety and preparedness best practices.
Reliable operations are crucial to the economic stability of companies, communities, and commerce. There has been a surge by public and private stakeholders to identify steps to improve the cyber resilience of computer-based systems that manage operational processes in the power, oil, and natural gas industries. These industries are also keenly aware of the inherited deteriorating infrastructures that support their operations.
Until effective, sustainable policies, regulatory compliance initiatives, and corporate budgets embrace widespread modernization and effectively mitigate for infrastructure resilience, companies should ensure emergency management programs and business continuity plans are current and effective. In an effort to maximize preparedness and minimize inherent risks, an emergency management program should provide:
- A system for assessing and prioritizing incidents
- Streamlined and standardized response methods
- Communication and notification procedures
- Roles and responsibilities for corporate and incident level response teams
- Optimized training, drills and exercises
- A demonstrated commitment to safety
According to experts, the maze of infrastructure that support the energy industries and end users requires extensive upgrades to effectively meet the nation’s energy demands. Ensuring the resilience, reliability, safety, and security of energy transmission, storage, and distribution (TS&D) infrastructure is vital.
According to the Quadrennial Energy Review (QER), the TS&D, “includes approximately 2.6 million miles of interstate and intrastate pipelines; 414 natural gas storage facilities; 330 ports handling crude petroleum and refined petroleum products; and more than 140,000 miles of railways that handle crude petroleum, refined petroleum products, LNG and coal.”
The QER was developed to identify the threats, risks, and opportunities for U.S. energy and climate security. The goal of the review is to enable the federal government to translate policy goals into a set of integrated actions. In April 2015, the QER recommended the following actions:
- Establish a competitive program to accelerate pipeline replacement and enhance maintenance programs for natural gas distribution systems. The Department of Energy should establish a program to provide financial assistance to:
- Incentivize cost-effective improvements in the safety and environmental performance of natural gas distribution systems
- Enhance direct inspection and maintenance programs
- Update and expand state energy assurance plans. The Department of Energy should establish a program to provide financial assistance to:
- Improve the capacity of states and localities to identify potential energy disruptions, quantify their impacts, share information, and develop and exercise comprehensive plans that respond to those disruptions and reduce the threat of future disruptions.
- Establish a competitive grant program to promote innovative solutions to enhance energy infrastructure resilience, reliability, and security.
Facility and supply chain management should be a crucial aspect of business continuity planning. At a minimum, the following planning considerations should be taken into account in order to safeguard critical operations:
- Establish preventive inspection and maintenance schedules for all systems and equipment.
- Ensure that key safety and maintenance personnel are thoroughly familiar with all building systems, such as alarms, utility shutoffs, elevators, etc.
- Establish company-wide computer security, download, and backup practices in order to secure technologies and communications networks.
- Determine the impact of service disruptions and mitigate if possible (generators, fuel, relocating inventory, back up suppliers etc.)
- Establish procedures for restoring systems.
NOTE: The April 2015 QAR can be read in its entirety here.