A new center has formed to provide a spot for oil and gas companies to share intelligence about cyber threats, incidents and ways the industry can protect itself against such attacks taking aim at U.S. energy networks. The formation of the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) is a much-needed one, considering the growing threat cyber attacks are posing to the industry. More than half of the 200 incidents that the Industrial Control Systems Cyber Emergency Response Team responded to in the first half of fiscal year 2013 were from the energy sector, according to the center’s website. The industry-owned and -operated center, based in Washington D.C., allows anonymous submissions and authenticated information sharing as well as protection from the Freedom of Information Act disclosure and anti-trust violations in its effort to protect the operations of critical infrastructure. In addition to information sharing via a secure web port and automated sharing of threat indicators, the center’s members receive near real-time urgent or elevated cyber threat alerts, access to security analyst experts and coordinated industry-wide response to computer-based attacks, according to the center’s website. Not only will members of the center work together to find threats and areas of vulnerability, they also will work with other centers, vendors and the U.S. government. Its information-sharing process, which is kept confidential given the need for highly secure environments when tackling cyber threats, has a four-color coded traffic light protocol that specifies who is allowed to receive certain information. The American Petroleum Institute (API) helped form the center, which aims to attract not only upstream companies, but also midstream and downstream companies as well as industry groups and service and supply companies catering to the oil and natural gas sector. Annual membership fees vary based on annual corporate revenue and range from $2,000 for revenues of less than $250 million to $50,000 for those with revenues equal to or greater than $10 billion. “Computer-based attacks are one of the fastest-growing threats to American businesses and infrastructure,” API Vice President Kyle Isakower said in a prepared statement. “The center builds on existing programs to help companies quickly identify and respond to threats against energy production and distribution systems such as refineries and pipelines and stay connected with law enforcement agencies.” The effort is a step in the right direction. When it comes to guarding against cyber attacks, information sharing is critical, and having a team of experts keeping tabs on possible threats is extremely valuable, especially for companies that don’t have immediate access to such resources. In addition, businesses can learn from one another and devise best practices and strategies to follow. Hopefully, this initiative will prove to be an effective tool to thwart cyber attacks. Including the ONG-ISAC, there are 17 total ISACs, according to the National Council of ISACs. Other industries represented include the defense, emergency services, electricity, finance, information technology, maritime, communications, health, nuclear energy, public transit, real estate, research and education, supply chain, surface transportation, and water sectors. An ISAC also exists for local, state, tribal and territorial governments. Contact the author, Velda Addison, at vaddison@hartenergy.com.