Hydrocarbon Processing Copying and distributing are prohibited without permission of the publisher
Email a friend
  • Please enter a maximum of 5 recipients. Use ; to separate more than one email address.



Energy firms must acknowledge cyber security as more than an IT problem

11.01.2012  |  Thinnes, Billy,  Hydrocarbon Processing Staff, Houston, TX

Keywords: [cyber security] [IT] [Baker Institute] [Rice University] [Saudi Aramco] [malware] [espionage] [cyber attacks ]

Energy firms have spent vast sums on the security of their information systems, but they must reorient from a reactive, tactical posture regarding intrusions and attacks to a more strategic, holistic view that expands beyond the categorization of the issue as an IT problem, according to a new paper from Rice University’s Baker Institute for Public Policy.

The paper, “Cyber Security Issues and Policy Options for the US Energy Industry,” investigates how energy companies involved in the production and delivery of hydrocarbons, as well as companies that generate and transmit electricity, face new risks posed by malicious software. These risks can affect the continuity of operations, the capacity to deliver products and services, and the ability to protect investments (particularly in R&D) from theft or unauthorized disclosure.

The paper comes against the backdrop of the US Congress’ failure this summer to pass significant cyber-security legislation for the protection of commercial and government information technology infrastructure.

“For the energy industry, cyber security is not just a technology problem, but, rather, is one that includes the larger dynamics of information and operations,” said Christopher Bronk, the paper’s principal author and a Baker Institute fellow in information technology policy. “How public policy can form components of the response to cyber-security issues pertaining to the energy industry and the critical infrastructure that it builds, operates and maintains requires considering both the complexity of the issue and the nuance in potential policy prescriptions.”

The paper details examples of major oil and gas companies that have suffered a significant data breach or disruption of IT service, the latest being Saudi Aramco. In August, Saudi Aramco saw as many as 30,000 computers on the company’s network compromised by a malicious piece of “malware,” possibly the one labeled “Shamoon” by the computer malware community.

“The issues of cyber espionage and true cyber attacks—the ability to achieve kinetic outcomes by manipulation of computer systems—represent significant challenges for the energy industry, the United States government and the international community,” Mr. Bronk said. Mr. Bronk hosted a range of international cyber security experts from business, government and academia at the Baker Institute in September to discuss the latest information on how to detect, defend against and respond to emerging cyber threats. HP



Have your say
  • All comments are subject to editorial review.
    All fields are compulsory.

Related articles

FEATURED EVENT


Sign-up for the Free Daily HP Enewsletter!

Boxscore Database

A searchable database of project activity in the global hydrocarbon processing industry

Poll

Should the US allow exports of crude oil? (At present, US companies can export refined products derived from crude but not the raw crude itself.)


63%

37%




View previous results

Popular Searches

Please read our Term and Conditions and Privacy Policy before using the site. All material subject to strictly enforced copyright laws.
© 2014 Hydrocarbon Processing. © 2014 Gulf Publishing Company.