API Std 1164 (R2016)

This standard on SCADA security provides guidance to the operators of oil and gas liquids pipeline systems for managing SCADA system integrity and security. The use of this document is not limited to pipelines regulated under Title 49 CFR 195.1, but should be viewed as a listing of best practices to be employed when reviewing and developing standards for a SCADA system. This document embodies the API’s Security Guidelines for the Petroleum Industry. This guideline is specifically designed to provide the operators with a description of industry practices in SCADA security, and to provide the framework needed to develop sound security practices within the operator’s individual companies. It is important that operators understand system vulnerability and risks when reviewing the SCADA system for possible system improvements.

The goal of an operator is to control the pipeline in such a way that there are no adverse effects on employees, the environment, the public, or the customers as a result of actions by the operator, or by other parties. This document is structured so that the main body provides the high-level view of holistic security practices. The annexes provide further details and technical guidance. Reviewing the main body of this document and following the guidance set forth in the annexes assists in creating inherently secure operations.

Implementation of this standard, to advance supervisory control and data acquisition (SCADA) cyber security, is not a simple process or one time event, but a continuous process. The overall process could take years to implement correctly depending on the complexity of the SCADA system. Additionally the process would optimally be started as part of a SCADA upgrade project and use this standard to “design in” security as a element of the new system.