Protecting Critical Infrastructure
Malware. Data breaches. Insider threats. Cyber espionage. It’s not a question of if you will be attacked but when. In fiscal year 2016, ICS-CERT responded to 290 incidents with the energy sector accounting for 59 of those incidents. As cyber threats evolve, the oil and natural gas industry faces unique challenges with the increasingly interconnected delivery of services to a common consumer and supplier base.
To protect our nation’s critical infrastructure, the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) was created in 2014 to provide shared intelligence on cyber incidents, threats, vulnerabilities, and best practices to enhance security in the industry.
ONG-ISAC serves as a central point of coordination and communication to aid in the protection of exploration and production, transportation, refining, and delivery systems of the ONG industry, through the analysis and sharing of trusted and timely cyber threat information, including vulnerability and threat activity specific to ICS and SCADA systems.
The mission of the ONG-ISAC is structured around four cornerstones:
Facilitating information sharing for our members
The ONG-ISAC acts as a dynamic cybersecurity hub for members to communicate and coordinate against network and ICS cyber attacks. The ONG-ISAC enriches intelligence through analysis.
Get access to shared intelligence in near real-time, in a trusted and secure manner.
Confidentiality is essential in creating a secure and trusted environment. The ONG-ISAC employs the Traffic Light Protocol (TLP) for information sharing. Members have the option of sharing information either anonymously or with attribution. Only ONG-ISAC members receive information that is classified as TLP Green, Amber, and Red; non-members only receive information that is classified as TLP Clear.
Traffic Light Protocol for Sharing Information
Authorized information recipients
Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person.
Recipients may share TLP:AMBER+STRICT information only with members of their own organization on a need-to-know basis to protect their organization and prevent further harm.
Recipients may share TLP:AMBER information with members of their own organization and its clients on a need-to-know basis to protect their organization and its clients and prevent further harm.
Recipients may share TLP:GREEN information with peers and partner organizations within their community, but not via publicly accessible channels. Unless otherwise specified, TLP:GREEN information may not be shared outside of the cybersecurity or cyber defense community.
Recipients may share this information without restriction. Information is subject to standard copyright rules.
Want to know more about our memberships?
Industry members are oil and natural gas companies.
Trade and industry associations, academic institutions, research organizations and ISACs/ISAOs.
Collaborators are companies that provide subject matter expertise as it relates to information technology and cybersecurity.