IPRO STRUCTURE & OPERATIONS

IPRO will be governed as a non-profit corporation by a Board of Directors and managed by an elected slate of officers. It is designed to perform two principal functions and to rely on revenue streams from each function. The first of IPRO’s two functions is the customary member-driven, non-profit organization with educational and outreach activity, a policy and analysis role, and an advocacy capability where necessary. Government affairs and Member services also fall into this category. A second function is entirely technical and “adjudicatory.” Here, IPRO will employ professionals with expertise in oil and natural gas pipeline operations and in digital/cyber operations and standards applications to perform evaluations of the preparedness of pipelines in confronting cyber or physical vulnerabilities.

We believe pipelines will be better served by IPRO if a cybersecurity regime meets both the immediate need for security across the midstream and the broader need to fill gaps in monitoring and protection of these systems as technology and policy evolve. In addition to IPRO’s core function of analyzing the needs of individual pipelines under the CPA processes, IPRO also proposes to supply guidance about best practices that is developed with full industry involvement and made available online or in manual format for easy access by all participating parties. These are services that will be developed in time, as the Membership grows and IPRO committees develop the necessary protocols and decision-making processes.

IPRO is a membership organization. Only pipelines may be full “Supporting” members of IPRO but investors, customers, service companies, and others may be associate members. Supporting Members will elect Directors, Officers, and adopt such rules of practice and procedure as needed for efficient operation of IPRO. All North American oil and natural gas pipeline owner/operators are eligible to join and will be required to: (1) pay dues to sustain the organization as a whole year-to-year, and (2) “accept responsibility to promote, support, and comply” with IPRO’s policies and objectives. However, IPRO will not require Members to sign an oath of support and compliance, as does NERC.1

 IPRO will be overseen by a Board of at least 5 (but not more than 9) directors. The bylaws require that the majority of the Board be independent, meaning a Director may not be an officer or Director of a Member Company or of an entity with a commercial or financial stake in IPRO operations or decisions, and must be able to exercise independent judgment about IPRO matters. Pipeline industry executives are eligible to be elected to the Board, subject to this restriction. (Article V) 

Day-to-day operations are managed by the officers of the Corporation and, if required, an Executive Director. IPRO’s functions, other than the CPA process, are divided among professionals in finance, government affairs, communication, data and digital management. These functions will report up through the officers to the Board. 

The first of IPRO’s two primary functions is broadly educational. IPRO is structured to interact with relevant government agencies in Washington, D.C. and in states with laws governing the security of pipeline infrastructure as well as with national and provincial governments in Canada. IPRO will conduct outreach across North America to communicate the latest policy and technology developments affecting pipeline operations. IPRO will develop the capability to provide the data and background information needed for effective decision making by policy makers at all levels. IPRO will likewise convey the kind of information about pipeline security that will enable the public to have a high level of confidence in the safety and reliability of the system.

In sum, IPRO is being designed to facilitate information sharing and dissemination that will make pipeline security transparent to government and, conversely, minimize the need for pipeline owner/operators to respond to duplicative requests from the multiple regulatory agencies that are legally responsible for ensuring the cybersecurity of the industry. 

The IPRO officers and management will also be responsible for Member services, developing a broad financial base for the organization, budgeting, and the maintenance and appropriate reporting of public data related to the reliability and resilience of pipeline industry. Forward-looking research and analysis about trends affecting pipelines will eventually be a critical aspect of IPRO. 

The second and more essential IPRO function consists of the activities and staff engaged in the Cyber Performance Assessment, or “CPA,” administered by the Chief Technology Officer (“CTO”). This aspect of IPRO is a significant departure from the current ways in which pipelines try to ensure cybersecurity. Today, the industry applies industry standards and controls unevenly under varying industry practices. It is likewise true that various regulatory authorities have different standards or interpretations and have different methods of investigation and enforcement. IPRO’s work will complement the work of those agencies with a more control-focused process that is rooted in a knowledge of pipeline operations.

IPRO’s CPA will operate independent of other IPRO programs in order to ensure the technical soundness and integrity of the opinions that are produced by this process. The CTO will report to the Board of Directors and will work in tandem with IPRO officers to sustain the organization; however, the opinions and authorizations produced by the CPA are not subject to review except by the affected Member-pipeline, and may not be influenced or managed by IPRO management other than the CTO.

The CPA process is described in step-by-step detail in another section. It has certain key characteristics that should be emphasized:

• Pipelines are strongly encouraged, but not required, to subject their facilities to an IPRO risk assessment. The CPA is a framework within which actual controls, not just standards and policies, are applied to provide defenses and to achieve sustained reliability

• The CPA processes will consist of a basic assessment that identifies the cyber, human, and physical vulnerabilities of specified facilities through an extensive exchange of information and onsite verification, and a second level of analysis that entails stress testing pipeline systems, personnel training, continuous improvement strategies, and auditing procedures. IPRO thus seeks to ensure a security baseline for pipelines and then identify and address any gaps that are discovered: identify, protect, detect, respond, and recover

• The IPRO model consists of a large proprietary library of more than 900 controls, to which IPRO will “map” the most popular and referenced standards and frameworks in North America2

• IPRO will employ and/or adapt the cybersecurity standards established by responsible agencies or industry groups and develop robust controls that afford the maximum opportunity to use resources, finances and human capital efficiently

• The assessment that IPRO offers will be standardized up front, but also customized to address the specific needs and vulnerabilities of individual pipelines. The development and application of standards and controls, recommendations for remediation, and improvement or compliance plans will need to be adapted to the size and complexity of the pipelines being analyzed

• Cybersecurity is necessarily an iterative and agile process and the cyber ecosystem is borderless. IPRO will therefore need to sustain its efforts, work actively with all pipelines, if possible, and communicate best practices to the industry and/or policy makers on an ongoing basis

• The cost of a CPA process for a pipeline Member (or a non-Member, if requested) will be recovered under flexible service models disclosed by IPRO or negotiated in individual cases such as a fixed price for service or time and materials, as appropriate.