Compliance & Risks
API Releases New Standard for Pipeline Control Systems
The latest version comes weeks after US President Biden announced a memo, calling on the improvement of control systems cybersecurity. It also expands the coverage of previous editions, covering all control systems.
On August 18, 2021, the American Petroleum Institute (API) released the third edition of Standard 1164, Pipeline Control Systems Cybersecurity. The edition has been in development since 2017—a result of expert input from over 70 organisations, including the US’s Department of Energy, Cybersecurity and Infrastructure Security Agency, and the American Gas Association.
“The new edition API Std 1164 builds on our industry’s long history of engaging and collaborating with the federal government to protect the nation’s vast network of pipelines and other critical energy infrastructure from cyber-attacks,” API Senior Vice President of API Global Industry Services (GIS) Debra Phillips said.
Based on the National Institute of Standard and Technology’s (NIST) Cybersecurity Framework and NERC-CIP (Critical Infrastructure Protection) standards, the updated version expands the scope of previous edition, covering all control system cybersecurity.
The latest Standard 1164 out requirements to make pipeline cybersecurity assets more resilient against various threats, including ransomware. It also provides protections at critical connection points at the supply chain, particularly at pipelines and terminals. Moreover, enhanced risk assessment guidelines and a framework for building a robust industrial automation control (IAC) security program are included in the document.
Additionally, the new edition highlights the natural gas and oil’s industry’s continued dedication to protection the US’s critical infrastructure from threats and other disruptive cyberattacks. It also came weeks after US President Biden released a memo to call on the improvement of critical infrastructure control systems.
Industry standards and best practices are paramount in ensuring critical infrastructures and their operations are secured against malicious threats and other vulnerabilities. With threat actors becoming more sophisticated, government agencies and private enterprises must future proof their control systems and cybersecurity frameworks to minimise the risk of cyber attacks that could cause them millions of dollars and disruptions.
To learn more about best practices and risks associated with smart factories, check out these forward-looking white papers from our team of expert at Trend Micro: