The NCCoE, together with the U.S. Department of Energy, the MITRE Corporation, and industry stakeholders, are building the draft Profile and will publish it for public comment soon.
LNG is natural gas that has been cooled to a liquid state—at about -260° Fahrenheit—for shipping and storage. Liquefying natural gas makes it possible to transport natural gas to places where pipelines cannot reach.
This Profile will help identify opportunities for managing cybersecurity risks in the LNG lifecycle. LNG systems may be vulnerable to cyber-attacks due to intrinsic system risks, which include remotely managed third-party systems and vulnerable onboard technologies (e.g., Programmable Logic Controllers (PLCs), Global Positioning System (GPS), and Automatic Identification System (AIS)). This could lead to overflowing fuel tanks, accidental release of LNG, and other risks that make LNG inaccessible, or cause serious impacts when returned to its gaseous state.
To help jurisdictions across the United States safeguard LNG, the NCCoE together with industry stakeholders developed the Profile around high-level, mission-oriented goals (“Mission Objectives”) of LNG infrastructure. These Mission Objectives do not address every technical aspect of the LNG process since technical components of LNG systems vary widely and cannot be captured in their entirety within a single Profile. However, the Profile will help the LNG sector focus on critical operations that require attention and leave the individual stakeholders to implement specific cybersecurity controls that are best suited for their circumstances.
To help LNG organizations across the United States provide cybersecurity for their systems, the NCCoE working with industry stakeholders developed a CSF Profile to help the LNG Industry manage its cybersecurity based on prioritized mission objectives.