Approach to Security
From both a safety and business continuity perspective, Equitrans recognizes the importance of security, particularly for our pipeline assets, compressor facilities, and project sites. Trespassing and vandalism by those opposed to the fossil fuel industry can damage or destroy assets; create safety risks and hazards for our employees, contractors, and communities; and impact our ability to deliver natural gas to our customers. The disruption of natural gas delivery for our customers can impact consumers, businesses, and manufacturing facilities.
Equitrans works closely with the U.S. Transportation Security Administration (TSA) to ensure our enterprise abides by all federal security regulations and we continually optimize our security strategies and plans. Our Security Team implements a wide range of security measures including:
- Site Support: In the event of an emergency or physical security threat, our Security Team supports site work by providing employees field encampment equipment, such as shelter, food, water, and portable bathroom facilities.
- Mobile Surveillance: Our Security Team oversees potential security threats by monitoring mobile surveillance, including security cameras and drones. When our Security Team detects a threat, team members evaluate potential risks, or the extent of the incident, and deploys proper mitigation strategies.
- Physical Security: We use barriers and other physical security measures, such as locks, fencing, and barbed wire, to prevent facility tampering and trespassing.
- Security Personnel: The Security Team deploys static and roving security guards to provide physical security at our critical sites and in areas where they detect security threats. The Security Team also works with local law enforcement to protect sites and respond to threats.
- Drone Support: Our Security Team trains and licenses drone pilots. In addition to aerial security surveillance, our drone teams support operational needs, such as land surveys and data gathering.
Security guards are stationed 24 hours, 7 days a week at our headquarters office in Canonsburg, PA, and are also routinely scheduled at various compressor station facilities and along the Mountain Valley Pipeline (MVP) route. Our Operations Team determines the criticality of a site by analyzing the level of risk for disruption and the potential impacts on our local communities, on-site employees, contractors, equipment, and capacity throughput. Equitrans contracts all guards, excluding those for the Mountain Valley Pipeline project, from a third-party security vendor. We provide all of our Security Team members and third-party security personnel with formal security training and information on our security standards. Our training program includes the following concepts:
- Pipeline Security: How to protect our pipelines from trespassing, physical threats, and disruptions.
- Law Enforcement: How and when to involve law enforcement agencies.
- Crisis Events: How to respond to a crisis or emergency on or near a project site.
- Field Sabotage: How to detect sabotage efforts that could affect pipeline integrity.
Prior to starting work at any site, security guards are required to attend a comprehensive security training session to identify and be familiar with any site-specific hazards or risks.
We also train guards on the legal requirements and technical use of body cameras, as well as techniques for effective and safe protest management. At our operational facilities, our security guards increase overall safety and minimize the risk of serious incidents by providing direct oversight and immediate response to opposition incidents. In the event of a dangerous incident, Equitrans’ Security Team works to safely evacuate work crews and initiates assistance from law enforcement, if needed.
Pipeline & Operations Security
The security of our pipelines and facilities is integral to the success of our operations. Ensuring we are safeguarding our assets also reduces risks of environmental incidents and potential safety hazards. For pipelines and compressor stations that are in operation, Equitrans continuously gathers information regarding their security. We protect our assets with fences, building locks, electronic monitoring, and 24/7 surveillance at many of our sites.
At construction sites, we deploy various levels of security, depending on their criticality and vulnerability. For critical sites, we secure pipe storage yards and worksites with 24/7 security guards or advanced analytic camera systems. At sites where an increased threat may exist, we employ both security guards and camera systems simultaneously.
The majority of our pipeline construction projects require us to hire guards during non-work hours and Equitrans’ Security Team oversees the security at all construction sites. If theft, vandalism, or other threats are encountered, a combination of roving and static guards along with varying levels of camera coverage will be employed to secure the site. For projects that encounter hostile persons or opposition during construction, we assign security teams to protect workers during the day and static guards to protect equipment during non-work hours. As an example, during 2020 the Mountain Valley Pipeline project contracted more than 100 roving and/or static guards to protect workers, equipment, materials, and construction sites. If we encounter a hostile person or group during construction, we contact the appropriate law enforcement groups and implement security and static guards to ensure our workers and equipment are safe.
Security guards also protect compressor stations and various other sites during construction based upon criticality and vulnerability. After construction is completed, we secure compressor stations with barbed wire fencing and access controls, along with high-resolution analytical camera systems, where deemed necessary. Other sites such as interconnections and metering stations incorporate fencing, cameras, or both, depending on the perceived threat to the specific location.
Equitrans uses physical security measures in our offices to protect our employees and IT infrastructure. We use gates, trespassing signs, and motion-activated cameras to deter unauthorized guests from entering our offices. In 2020, we implemented an anti-tailgating system at the entrance of our headquarters office in Canonsburg, PA. The anti-tailgating system signals an alarm when two people walk into the office together when using only a single employee badge. We continue to evaluate emerging risks and explore new ways to ensure the safety and security of all our offices.
Evaluating Our Security
Equitrans’ security program is intended to reduce the risk of both major and minor incidents, and our Security Team works diligently to ensure all aspects of our enterprise are safe. For the safety and security of our employees, we recently implemented an overseas travel process that assesses U.S. State Department information and provides travel safety guidance for specific destinations. We track global protests utilizing the Welund database and regularly inform the Board regarding any potential opposition movements that have the potential to significantly impact our business. In addition, we routinely update our Board on general security measures in relation to our guards and video surveillance. Equitrans continuously looks for new ways to improve our security and expects to standardize our security measures in accordance with the U.S. TSA regulations during 2021.
Approach to Cybersecurity
Cybersecurity is a core component of Equitrans’ digital transformation. Our cyber program is designed to:
- Establish situational awareness of evolving threats and vulnerabilities to our technology presence
- Proactively detect and respond to cyber-attacks
- Leverage technology to achieve business objectives
Equitrans’ cyber philosophy begins, but does not end, with compliance. We build our capabilities based on relevant industry standards and continually review our progress to effectively enhance our cybersecurity capabilities. Because a cyber incident could have a significant impact on business continuity, customer relationships, and brand reputation, we consider cyber risk as a Tier 1 Enterprise Risk; therefore, Equitrans’ cybersecurity program is reviewed and monitored by executive management, with oversight by our Board of Directors, including the Health, Safety, Security, and Environmental Committee and Audit Committee of our Board. Our full Board of Directors also receives periodic updates on cyber-risk management throughout the year.
Multiple security controls are employed to protect our systems, applications, and data including next generation firewalls; strong authentication and access controls; and malware prevention technologies. Operationally, we continuously monitor for cyber intrusions, augmenting our internal resources and capabilities with that of third-party service providers. Our monitoring is informed by threat intelligence that is gathered from multiple sources, including the Oil and Gas Information Sharing and Analysis Center (ONG-ISAC).
In addition to prevention, detection, and response capabilities, we prioritize workforce training and awareness, which includes annual cybersecurity training for our employees and applicable partners. Our educational outreach teaches employees about suspicious emails, identification of data breach attempts, and the reporting process on phishing. We also conduct routine phishing exercises through email simulations to reinforce the importance of protecting our business and assets. Additionally, data and network encryption technologies are used to respect and protect the privacy of our assets and customers.
In 2019, Equitrans began a Network Modernization Program that increased security and efficiency data flow throughout our Company. As part of our program, increased bandwidth, improved resilience and redundancy, and advanced detection, prevention, and monitoring technologies resulted in a modern, high-speed, more secure network. Our workforce utilizes a virtual cloud productivity suite to communicate, collaborate, and manage daily activities as well as securely access data throughout our entire workforce. In 2020, Equitrans boosted our cloud performance by collaborating with a computing services partner. Our partnership helps to increase our ability to quickly mitigate operational incidents and increase cyber resilience.
We understand that introducing new technologies to our digital ecosystem can increase cyber risk and threaten our business operations and data. We mitigate this risk by partnering with security experts from private organizations, industry groups, and government agencies to benefit from the latest threat intelligence. To determine the appropriate breadth and depth of our program, we benchmark our capabilities using the NIST Cybersecurity Framework (CSF) and the Oil and Gas Cybersecurity Capability Maturity Model (ONG-C2M2).
Operationally, Equitrans uses supervisory control and data acquisition (SCADA) and process information systems to operate our gathering, storage, and transmission systems. Equitrans’ increase in technological maintenance systems helps to manage routine asset maintenance checks and ultimately increases our operational efficiency and performance.
Evaluating Our Cybersecurity
To ensure that our program is effective, we routinely participate in third-party reviews to maintain and enhance the resiliency of our systems. This continuous improvement approach to cyber protection allows our program to be dynamic and adapt to the changing threat landscape. We provide routine updates to our Board of Directors, including its relevant committees, on cyber risk and best management practices, and we consider cybersecurity a Tier 1 Enterprise Risk and are focused on mitigating this risk.