Energy firms must acknowledge cybersecurity as more than an IT problem, paper claims

Sep 21, 2012 by Jeff Falk

(Phys.org)—Energy firms have spent vast sums on the security of their information systems, but they must reorient from a reactive, tactical posture regarding intrusions and attacks to a more strategic, holistic view that expands beyond the categorization of the issue as an IT problem, according to a new paper from Rice University's Baker Institute for Public Policy.

Titled "Cybersecurity Issues and Policy Options for the U.S. Energy Industry," the paper investigates how energy companies involved in the production and delivery of hydrocarbons, as well as companies that generate and transmit electricity, face new risks posed by ("malware"). These risks can affect the continuity of their operations, capacity to deliver products and services and ability to protect investments—particularly in research and development—from theft or unauthorized disclosure.

The paper comes against the backdrop of the U.S. Congress' failure this summer to pass significant cybersecurity legislation for the protection of commercial and government information technology infrastructure.

"For the energy industry, cybersecurity is not just a technology problem, but rather is one that includes the larger dynamics of information and operations," said Christopher Bronk, the paper's principal author and a Baker Institute fellow in . "How public policy can form components of the response to cybersecurity issues pertaining to the energy industry and the that it builds, operates and maintains requires considering both the complexity of the issue and the nuance in potential policy prescriptions."

The paper details examples of major oil and gas companies that have suffered a significant data breach or disruption of IT service, the latest being Saudi Aramco. In August, Saudi Aramco saw as many as 30,000 computers on the company's network compromised by a malicious piece of "malware," possibly the one labeled "Shamoon" by the computer malware analysis community.

"The issues of cyberespionage and true cyberattacks—the ability to achieve kinetic outcomes by manipulation of computer systems—represent significant challenges for the , the United States government and the international community," Bronk said.

"Constructing institutions to cope with these problems and move beyond a reactive posture will require greater research investment, collaboration and unorthodox combinations of expertise from within the computing field and beyond it."

Explore further: Security CTO to detail Android Fake ID flaw at Black Hat

Related Stories

Baker Institute policy report looks at cybersecurity

Feb 24, 2011

A new article written by a fellow at Rice University's Baker Institute for Public Policy calls on the intelligence community to jointly create a policy on cybersecurity and determine the degree to which the U.S. should protect ...

US cybersecurity chief warns of 'market' in malware

Jun 17, 2009

More must be done to combat the lucrative trade in malicious software, which threatens sensitive government networks and personal data, the head of the US National Cybersecurity Center warned Tuesday.

Recommended for you

Chinese smartphone makers win as market swells

9 hours ago

Chinese smartphone makers racked up big gains as the global market for Internet-linked handsets grew to record levels in the second quarter, International Data Corp said Tuesday.

Full appeals court upholds labels on meat packages

9 hours ago

(AP)—A federal appeals court has upheld new government rules that require labels on packaged steaks, ribs and other cuts of meat to say where the animals were born, raised and slaughtered.

User comments : 2

Adjust slider to filter visible comments by rank

Display comments: newest first

Argiod
3 / 5 (3) Sep 21, 2012
Bresnan dropped me like a hot potato when a hacker d/l'd a game through my wi-fi modem. They said it was my responsibility to secure my system. And, to add insult to injury, they suggested that they could set up a secure wi-fi modem; but would charge me for the modem and installation, despite the fact I just paid $250 for a new one.

So, if our largest businesses, industries, and even our government, cannot fully secure their systems; what chance any of us to secure our systems?!
defactoseven
1 / 5 (1) Sep 22, 2012
The simple answer is none, as long as hardware advances continue to outpace software development. The possible holes are endless and many cyber security firms only pose as experts, bullying corporations and pacifying governments into believing they are able to keep order when they are for any real intents and purposes self serving fronts and almost totally impotent. The fox really is guarding the hen house, and no one knows any different.

The future is not secure in computer land and it will never be. It won't spell unfathomable crisis, but there will definitely be shifts in the politics of the planet. It's the wild west.