The Downstream Natural Gas Information Sharing and Analysis Center (DNG-ISAC) exists to improve cybersecurity and physical security of the North American energy infrastructure by:

Providing accurate and timely intelligence on cyber and physical threats, vulnerabilities and attacks on the natural gas industry and industrial control systems.

Providing a community forum where natural gas industry participants can collaborate with peers on cyber and physical threats and related mitigations and other techniques for responding to them.

Providing a trusted, secure environment for participants to share threat and incident data, alerts, attack information, remediation solutions, analysis, and situational awareness.

This is driven by the goal of helping the natural gas industry define more effective strategies to thwart successful attacks and promote the safe, reliable, and efficient delivery of natural gas to homes, businesses, industrial customers and electricity generation across the nation.


The DNG-ISAC shares synthesized information regarding common attack vectors, threat tools, tactics, procedures, and methodologies. The threat collaboration portal (TCP) provides a central repository for cyber and physical threat information, which can be shared with attribution or anonymously and shared to the entire community or to specific participants. The current TCP is available in a website format and a mobile application format; additionally, alerts via e-mail are configurable by user preferences. The TCP is the same one used by the Financial Services, Health and other ISACs which facilitates direct sharing.


The DNG-ISAC TCP links the Department of Homeland Security, Department of Energy, Federal Bureau of Investigation (FBI), the Canadian Cyber Centre and other international and national federal, state and local government entities with member companies in sharing cyber and physical threat information. This is achieved through a dedicated DNG-ISAC intelligence analyst who operates the TCP and coordinates actions with government agencies, as well as works closely with the E-ISAC and cross-sector organizations. Further, the DNG-ISAC is a member of the National Council of ISACs (NCI). DNG-ISAC staff participate in regular NCI meetings and a daily inter-industry threat briefing call. Participating companies are able to focus on a single, dedicated cybersecurity information source rather than spending time monitoring and analyzing threats from myriad information feeds. A Memorandum of Understanding with the Multi-State ISAC gives DNG-ISAC a virtual presence on the DHS watch floor. Using the STIX/TAXII standards, the DNG-ISAC provides instantaneous, machine-to-machine indicators of compromise from DHS, the MS-ISAC, the Canadian Cyber Centre and others directly to the networks of a number of participating organizations.


A web, email, and mobile-powered platform for sharing strategic and situational threat intelligence.