Energy firms must acknowledge cybersecurity as more than an IT problem, paper claims

September 21, 2012 by Jeff Falk

(—Energy firms have spent vast sums on the security of their information systems, but they must reorient from a reactive, tactical posture regarding intrusions and attacks to a more strategic, holistic view that expands beyond the categorization of the issue as an IT problem, according to a new paper from Rice University's Baker Institute for Public Policy.

Titled "Cybersecurity Issues and Policy Options for the U.S. Energy Industry," the paper investigates how energy companies involved in the production and delivery of hydrocarbons, as well as companies that generate and transmit electricity, face new risks posed by ("malware"). These risks can affect the continuity of their operations, capacity to deliver products and services and ability to protect investments—particularly in research and development—from theft or unauthorized disclosure.

The paper comes against the backdrop of the U.S. Congress' failure this summer to pass significant cybersecurity legislation for the protection of commercial and government information technology infrastructure.

"For the energy industry, cybersecurity is not just a technology problem, but rather is one that includes the larger dynamics of information and operations," said Christopher Bronk, the paper's principal author and a Baker Institute fellow in . "How public policy can form components of the response to cybersecurity issues pertaining to the energy industry and the that it builds, operates and maintains requires considering both the complexity of the issue and the nuance in potential policy prescriptions."

The paper details examples of major oil and gas companies that have suffered a significant data breach or disruption of IT service, the latest being Saudi Aramco. In August, Saudi Aramco saw as many as 30,000 computers on the company's network compromised by a malicious piece of "malware," possibly the one labeled "Shamoon" by the computer malware analysis community.

"The issues of cyberespionage and true cyberattacks—the ability to achieve kinetic outcomes by manipulation of computer systems—represent significant challenges for the , the United States government and the international community," Bronk said.

"Constructing institutions to cope with these problems and move beyond a reactive posture will require greater research investment, collaboration and unorthodox combinations of expertise from within the computing field and beyond it."

Explore further: Baker Institute policy report looks at cybersecurity

Related Stories

Baker Institute policy report looks at cybersecurity

February 24, 2011

A new article written by a fellow at Rice University's Baker Institute for Public Policy calls on the intelligence community to jointly create a policy on cybersecurity and determine the degree to which the U.S. should protect ...

US cybersecurity chief warns of 'market' in malware

June 17, 2009

More must be done to combat the lucrative trade in malicious software, which threatens sensitive government networks and personal data, the head of the US National Cybersecurity Center warned Tuesday.

Typhoon-like data wiper is latest computer virus headache

August 19, 2012

( -- A new computer virus is leaving security experts asking what could be the motive and where is the source—but one suspicion is that it is targeting infrastructure in the energy industry. The culprit, called ...

Recommended for you

WhatsApp vulnerable to snooping: report

January 13, 2017

The Facebook-owned mobile messaging service WhatsApp is vulnerable to interception, the Guardian newspaper reported on Friday, sparking concern over an app advertised as putting an emphasis on privacy.

US gov't accuses Fiat Chrysler of cheating on emissions

January 12, 2017

The U.S. government accused Fiat Chrysler on Thursday of failing to disclose software in some of its pickups and SUVs with diesel engines that allows them to emit more pollution than allowed under the Clean Air Act.


Adjust slider to filter visible comments by rank

Display comments: newest first

3 / 5 (3) Sep 21, 2012
Bresnan dropped me like a hot potato when a hacker d/l'd a game through my wi-fi modem. They said it was my responsibility to secure my system. And, to add insult to injury, they suggested that they could set up a secure wi-fi modem; but would charge me for the modem and installation, despite the fact I just paid $250 for a new one.

So, if our largest businesses, industries, and even our government, cannot fully secure their systems; what chance any of us to secure our systems?!
1 / 5 (1) Sep 22, 2012
The simple answer is none, as long as hardware advances continue to outpace software development. The possible holes are endless and many cyber security firms only pose as experts, bullying corporations and pacifying governments into believing they are able to keep order when they are for any real intents and purposes self serving fronts and almost totally impotent. The fox really is guarding the hen house, and no one knows any different.

The future is not secure in computer land and it will never be. It won't spell unfathomable crisis, but there will definitely be shifts in the politics of the planet. It's the wild west.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.