Trend Micro -
On August 18, 2021, the American Petroleum Institute (API) released the third edition of Standard 1164, Pipeline Control Systems Cybersecurity. The edition has been in development since 2017—a result of expert input from over 70 organizations, including the US’s Department of Energy, Cybersecurity and Infrastructure Security Agency, and the American Gas Association.
“The new edition API Std 1164 builds on our industry’s long history of engaging and collaborating with the federal government to protect the nation’s vast network of pipelines and other critical energy infrastructure from cyber-attacks,” API Senior Vice President of API Global Industry Services (GIS) Debra Phillips said.
Based on the National Institute of Standard and Technology’s (NIST) Cybersecurity Framework and NERC-CIP (Critical Infrastructure Protection) standards, the updated version expands the scope of previous edition, covering all control system cybersecurity.
The latest Standard 1164 out requirements to make pipeline cybersecurity assets more resilient against various threats, including ransomware. It also provides protections at critical connection points at the supply chain, particularly at pipelines and terminals. Moreover, enhanced risk assessment guidelines and a framework for building a robust industrial automation control (IAC) security program are included in the document.
Additionally, the new edition highlights the natural gas and