API Standard 1164-2021 PDF
This standard on SCADA security provides guidance to the operators of oil and gas liquids pipeline systems for managing SCADA system integrity and security. The use of this document is not limited to pipelines regulated under Title 49 CFR 195.1, but should be viewed as a listing of best practices to be employed when reviewing and developing standards for a SCADA system. This document embodies APIs Security Guidelines for the Petroleum Industry. These guidelines are specifically designed to provide the operators with a description of industry practices in SCADA security, and to provide the framework needed to develop sound security practices within the operators individual companies. It is important that operators understand system vulnerability and risks when reviewing the SCADA system for possible system improvements.
The goal of an operator is to control the pipeline in such a way that there are no adverse effects on employees, the environment, the public, or customers as a result of actions by the operator or by other parties. This document is structured so that the main body provides the high-level view of holistic security practices. The annexes provide further details and technical guidance. Reviewing the main body of this document and following the guidance set forth in the annexes assists in creating inherently secure operations. Implementation of this standard to advance supervisory control and data acquisition (SCADA) cybersecurity is not a simple process or one-time event, but a continuous process. The overall process could take years to implement correctly depending on the complexity of the SCADA system. Additionally, the process would optimally be started as part of a SCADA upgrade project and use this standard to design in security as a element of the new system.