Energy firms must acknowledge cybersecurity as more than an IT problem, paper claims

Sep 21, 2012 by Jeff Falk

(—Energy firms have spent vast sums on the security of their information systems, but they must reorient from a reactive, tactical posture regarding intrusions and attacks to a more strategic, holistic view that expands beyond the categorization of the issue as an IT problem, according to a new paper from Rice University's Baker Institute for Public Policy.

Titled "Cybersecurity Issues and Policy Options for the U.S. Energy Industry," the paper investigates how energy companies involved in the production and delivery of hydrocarbons, as well as companies that generate and transmit electricity, face new risks posed by ("malware"). These risks can affect the continuity of their operations, capacity to deliver products and services and ability to protect investments—particularly in research and development—from theft or unauthorized disclosure.

The paper comes against the backdrop of the U.S. Congress' failure this summer to pass significant cybersecurity legislation for the protection of commercial and government information technology infrastructure.

"For the energy industry, cybersecurity is not just a technology problem, but rather is one that includes the larger dynamics of information and operations," said Christopher Bronk, the paper's principal author and a Baker Institute fellow in . "How public policy can form components of the response to cybersecurity issues pertaining to the energy industry and the that it builds, operates and maintains requires considering both the complexity of the issue and the nuance in potential policy prescriptions."

The paper details examples of major oil and gas companies that have suffered a significant data breach or disruption of IT service, the latest being Saudi Aramco. In August, Saudi Aramco saw as many as 30,000 computers on the company's network compromised by a malicious piece of "malware," possibly the one labeled "Shamoon" by the computer malware analysis community.

"The issues of cyberespionage and true cyberattacks—the ability to achieve kinetic outcomes by manipulation of computer systems—represent significant challenges for the , the United States government and the international community," Bronk said.

"Constructing institutions to cope with these problems and move beyond a reactive posture will require greater research investment, collaboration and unorthodox combinations of expertise from within the computing field and beyond it."

Explore further: Report: FBI's anthrax investigation was flawed

Related Stories

Baker Institute policy report looks at cybersecurity

Feb 24, 2011

A new article written by a fellow at Rice University's Baker Institute for Public Policy calls on the intelligence community to jointly create a policy on cybersecurity and determine the degree to which the U.S. should protect ...

US cybersecurity chief warns of 'market' in malware

Jun 17, 2009

More must be done to combat the lucrative trade in malicious software, which threatens sensitive government networks and personal data, the head of the US National Cybersecurity Center warned Tuesday.

Recommended for you

Report: FBI's anthrax investigation was flawed

Dec 19, 2014

The FBI used flawed scientific methods to investigate the 2001 anthrax attacks that killed five people and sickened 17 others, federal auditors said Friday in a report sure to fuel skepticism over the FBI's ...

Study reveals mature motorists worse at texting and driving

Dec 18, 2014

A Wayne State University interdisciplinary research team in the Eugene Applebaum College of Pharmacy and Health Sciences has made a surprising discovery: older, more mature motorists—who typically are better drivers in ...

Napster co-founder to invest in allergy research

Dec 17, 2014

(AP)—Napster co-founder Sean Parker missed most of his final year in high school and has ended up in the emergency room countless times because of his deadly allergy to nuts, shellfish and other foods.

LA mayor plans 7,000 police body cameras in 2015

Dec 16, 2014

Mayor Eric Garcetti announced a plan Tuesday to equip 7,000 Los Angeles police officers with on-body cameras by next summer, making LA's police department the nation's largest law enforcement agency to move ...

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

3 / 5 (3) Sep 21, 2012
Bresnan dropped me like a hot potato when a hacker d/l'd a game through my wi-fi modem. They said it was my responsibility to secure my system. And, to add insult to injury, they suggested that they could set up a secure wi-fi modem; but would charge me for the modem and installation, despite the fact I just paid $250 for a new one.

So, if our largest businesses, industries, and even our government, cannot fully secure their systems; what chance any of us to secure our systems?!
1 / 5 (1) Sep 22, 2012
The simple answer is none, as long as hardware advances continue to outpace software development. The possible holes are endless and many cyber security firms only pose as experts, bullying corporations and pacifying governments into believing they are able to keep order when they are for any real intents and purposes self serving fronts and almost totally impotent. The fox really is guarding the hen house, and no one knows any different.

The future is not secure in computer land and it will never be. It won't spell unfathomable crisis, but there will definitely be shifts in the politics of the planet. It's the wild west.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.