I. INTRODUCTION

Although the United States has recently focused heavily on foreign policy and international economic stability, cybersecurity in the oil and gas industries may have been neglected due to generational differences in recognizing the threats that cyber vulnerabilities can create.1 The 2003 electrical blackout and the 2010 discovery of the malware known as Stuxnet caused the electric grid and nuclear systems to receive attention in recent years, but cybersecurity of oil and natural gas pipelines has not received the same attention.2 Some sources report that oil and gas companies lose as much as $8.4 million per day due to cyber attacks.3

Many pipelines today are controlled by computerized Supervisory Control and Data Acquisition (SCADA) systems. SCADA systems have been criticized as non-standardized and vulnerable to cyber attacks.4 Currently, the U.S. Department of Homeland Security (DHS)-in conjunction with the U.S. Department of Transportation's (DOT) Pipeline and Hazardous Materials Safety Administration (PHMSA)-monitors pipeline security through the Transportation Security Administration (TSA).5 Some argue that DHS lacks adequate resources and has struggled with regulations to promulgate SCADA standards, leading to a discretionary mix of security efforts.6 This comment suggests that the newly introduced National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Framework), combined with the Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (ONG- C2M2) put forth by DHS and the U.S. Department of Energy (DOE), creates a solid foundation for pipeline SCADA system cybersecurity that DHS can utilize...