December 2021, Vol. 248, No. 12
Executive Profile
Meet INGAA’s New Security Director
Maggie O’Connell is the new director of Security, Reliability and Resilience at INGAA. Her a background is as a policy analyst and regulatory affairs specialist, focusing on physical and cybersecurity issues at the American Fuel and Petrochemical Manufacturers Association (AFPM).
In these roles, she tracked all relevant legislation and rulemakings affecting the industry, developed policy recommendations on behalf of the association, managed AFPM’s Cybersecurity Committee, and represented the organization on the Oil and Natural Gas and Chemical Sector Coordinating Councils.
In this interview, O’Connell discusses her new role with INGAA, working with governmental entities, and cybersecurity and physical threats to infrastructure.
Can you tell us a little about your background and how you got involved in cybersecurity?
Prior to joining INGAA, I most recently worked at the American Fuel and Petrochemical Manufacturers Association (AFPM) as a policy analyst and regulatory affairs specialist. During my time at AFPM, I focused on physical and cybersecurity issues, tracking all relevant legislation and rulemakings, developing policy recommendations on behalf of the association and managing AFPM’s Cybersecurity Committee.
In addition, I served as assistant vice chair of the Chemical Sector Coordinating Council, and I am currently a member of the Department of Homeland Security’s Industrial Control Systems Joint Working Group (ICSJWG), the Department of State’s Overseas Security Advisory Council (OSAC) Energy Security Working Group, Women in Security Working Group and Cybersecurity Committee.
Cybersecurity and physical security are two issue areas I am very interested in and passionate about, and I enjoy keeping up with the latest developments, providing feedback on potential regulatory actions and practices.
How do INGAA and its members feel about a move toward mandatory requirements vs. voluntary oversight in protecting pipelines from cyberattacks?
INGAA members are already subject to several mandatory cybersecurity requirements, and likewise champion a hybrid of regulatory policies and voluntary programs. INGAA, as an association, supports policies that allow for our members to respond to the evolving threat landscape in a way that is nimble and appropriate to their risk-based security programs. In doing so, our members participate in a number of voluntary initiatives and programs to ensure their systems remain protected and secured.
One such program is the Cybersecurity and Infrastructure Security Agency’s (CISA) CyberSentry program, which was developed to enhance the cyber-resilience of organizations that own or operate critical infrastructure. Our members also utilize the National Institute of Standards and Technology (NIST) Cybersecurity Framework and take advantage of assessment opportunities through the Transportation Security Administration (TSA), CISA, Department of Energy (DOE), Federal Energy Regulatory Commission (FERC) and other peer reviews and independent third-party assessments to identify opportunities to improve and enhance their cybersecurity programs.
Additionally, pipeline operators use platforms like the Downstream Natural Gas Information Sharing and Analysis Center (DNG ISAC) and the Oil and Natural Gas Information Sharing and Analysis Center (ONG ISAC) to share information across the industry in real time, enabling companies to rapidly respond to security incidents and threats within our nation’s natural gas infrastructure network.
Together with our members, we work regularly and collaboratively with government agencies to share threat intelligence that helps inform our industry’s actions. Strong collaboration and information-sharing between the government and private sector is essential to mitigating cyber-risks and threats; thankfully, this collaboration is already widely in place.
How have recent cyberattacks affected INGAA’s approach to cybersecurity?
This year we have seen an uptick in cyberattacks across multiple sectors, which as a result, has heightened awareness of these kinds of risks for all companies, not just within the energy industry. Our members remain unyielding in their commitment to ensure the safe, secure and reliable delivery of natural gas to consumers across the country, while recognizing that continuous review and updates, when necessary, are imperative to security programs.
INGAA and its members support balanced regulation and legislation in the cybersecurity space; however, these policies must allow operators the flexibility to respond as necessary to a wide range of cybersecurity risks. Without it, pipeline operators can be confined when responding to a cyber-threat, creating additional vulnerabilities and risks to their critical infrastructure networks.
What do INGAA members cite as their top priority in improving their own companies’ cybersecurity programs?
The security of both cyber- and physical assets has always remained a top priority for INGAA members. Operating approximately 200,000 miles of pipelines that deliver vital energy resources to end-users across the United States, our members work diligently to secure and protect their systems and are strongly committed to ensuring the reliability and resiliency of our nation’s natural gas transmission network. The private sector owns and operates approximately 85% of all critical infrastructure assets in the country, so owners and operators have first-hand knowledge of how to protect these assets.
We understand there is always room for improvement, which is why our members proactively work with government agencies like TSA, CISA, DOE, FERC and other independent third parties to review their cybersecurity programs and determine opportunities to enhance their networks. Through the collective expertise of the private sector and government agencies, we can strengthen our security posture as an industry and work together to better understand current risks and identify actions to address those dangers.
Comments