It is difficult to overlook that Cyber Attacks threaten the industry. The pipeline business is no exception as the use of IT technology in the pipeline business is common. Operating most of the pipeline infrastructure without IT technology is virtually impossible because of the requirements of the customers and other stakeholders like the local community, which is looking for safe operation of the pipeline infrastructure and an uninterrupted supply of the products the infrastructure transports. The general consensus in the industry is that the benefit of using IT technology outweighs the risk of Cyber Security threats and the required investments in the defense against them.
In the Operational Technology (OT) systems that are used to actually operate the pipelines in real-time more and more IT technology is being used. The OT systems communicate with the IT systems used in the pipeline management systems. Due to the way OT systems function the approach of Cyber Security for OT systems is different from the approach for IT systems even though the underlying technology being used is the same.
A challenge that pipeline operators are facing is that the IT technology and infrastructure used in their pipeline management systems, both at OT and IT level, is changing over time and so are the Cyber Threats. A related question to be answered is whether the main challenge for a pipeline operator related to Cyber Security defense is of a technical or organizational nature. Experience shows that the organizational aspects are more challenging.
In this paper the organizational aspects of Cyber security defense for pipeline management systems are described. Elements described include the approach, the steps (design, implementation and operation), should only the IT department of the pipeline operator be involved, outsourcing or not, and elements that could impact the selection of a service provider.