Oil and Natural Gas Industry Forms New Information Sharing Initiative (ONG-ISAC)

The Oil and Natural Gas industry this week unveiled a new Information Sharing and Analysis Center (ONG-ISAC) to facilitate the exchange of information, help evaluate risks, and provide up-to-date security guidance to U.S. companies.

Designed to help protect infrastructure from cyber-attacks, the industry-owned and operated organization will be structured similar to other industry ISACs in order to:

• Allow participants to submit incidents either anonymously or with attribution via a secure web portal;

• Circulate information on threats and vulnerabilities among ONG-ISAC members, other ISACs, vendors, and the U.S. government;

• Provide industry participants with access to cyber security experts;

• Alert participants of cyber threats deemed ‘Urgent’ or ‘Elevated’ in near real-time; and,

• Coordinate industry-wide responses to computer-based attacks.

According to the ONG-ISAC website, the organization will employ the Traffic Light Protocol for information sharing, with members having the option of submitting information either anonymously or with attribution. Only ONG-ISAC members will receive information that is classified as Red or Amber; non-members will only receive information that is classified as White, the organization explained.

Headquartered in Washington, D.C., the ONG-ISAC will offer member benefits including:

• Guided, anonymous information sharing via a secure web portal

• Automated sharing of machine-readable threat indicators

• Real-time notifications for near real-time analyses

• Open access to community leaders and security analyst experts

• Discover threats and vulnerabilities from ONG-ISAC members, other ISACs, vendors, and the U.S. Government, all in one place

• Coordinated response between members during industry incidents

The American Petroleum Institute (API), a national trade association representing the oil and natural gas industry with more than 600 members, expressed its support for the newly formed ISAC.

“Computer-based attacks are one of the fastest-growing threats to American businesses and infrastructure,” said API Vice President Kyle Isakower. “The center builds on existing programs to help companies quickly identify and respond to threats against energy production and distribution systems such as refineries and pipelines and stay connected with law enforcement agencies.”

Membership rates vary from $2,000 per year for organization with revenue of less than $250 million, to $50,000 per year for organizations with annual revenues over $10 billion.