Energy firms must acknowledge cybersecurity as more than an IT problem, paper claims

September 21, 2012 by Jeff Falk

(—Energy firms have spent vast sums on the security of their information systems, but they must reorient from a reactive, tactical posture regarding intrusions and attacks to a more strategic, holistic view that expands beyond the categorization of the issue as an IT problem, according to a new paper from Rice University's Baker Institute for Public Policy.

Titled "Cybersecurity Issues and Policy Options for the U.S. Energy Industry," the paper investigates how energy companies involved in the production and delivery of hydrocarbons, as well as companies that generate and transmit electricity, face new risks posed by ("malware"). These risks can affect the continuity of their operations, capacity to deliver products and services and ability to protect investments—particularly in research and development—from theft or unauthorized disclosure.

The paper comes against the backdrop of the U.S. Congress' failure this summer to pass significant cybersecurity legislation for the protection of commercial and government information technology infrastructure.

"For the energy industry, cybersecurity is not just a technology problem, but rather is one that includes the larger dynamics of information and operations," said Christopher Bronk, the paper's principal author and a Baker Institute fellow in . "How public policy can form components of the response to cybersecurity issues pertaining to the energy industry and the that it builds, operates and maintains requires considering both the complexity of the issue and the nuance in potential policy prescriptions."

The paper details examples of major oil and gas companies that have suffered a significant data breach or disruption of IT service, the latest being Saudi Aramco. In August, Saudi Aramco saw as many as 30,000 computers on the company's network compromised by a malicious piece of "malware," possibly the one labeled "Shamoon" by the computer malware analysis community.

"The issues of cyberespionage and true cyberattacks—the ability to achieve kinetic outcomes by manipulation of computer systems—represent significant challenges for the , the United States government and the international community," Bronk said.

"Constructing institutions to cope with these problems and move beyond a reactive posture will require greater research investment, collaboration and unorthodox combinations of expertise from within the computing field and beyond it."

Explore further: Baker Institute policy report looks at cybersecurity

Related Stories

Baker Institute policy report looks at cybersecurity

February 24, 2011

A new article written by a fellow at Rice University's Baker Institute for Public Policy calls on the intelligence community to jointly create a policy on cybersecurity and determine the degree to which the U.S. should protect ...

US cybersecurity chief warns of 'market' in malware

June 17, 2009

More must be done to combat the lucrative trade in malicious software, which threatens sensitive government networks and personal data, the head of the US National Cybersecurity Center warned Tuesday.

Typhoon-like data wiper is latest computer virus headache

August 19, 2012

( -- A new computer virus is leaving security experts asking what could be the motive and where is the source—but one suspicion is that it is targeting infrastructure in the energy industry. The culprit, called ...

Recommended for you

Forget oil, Russia goes crazy for cryptocurrency

August 16, 2017

Standing in a warehouse in a Moscow suburb, Dmitry Marinichev tries to speak over the deafening hum of hundreds of computers stacked on shelves hard at work mining for crypto money.

Researchers clarify mystery about proposed battery material

August 15, 2017

Battery researchers agree that one of the most promising possibilities for future battery technology is the lithium-air (or lithium-oxygen) battery, which could provide three times as much power for a given weight as today's ...

Signs of distracted driving—pounding heart, sweaty nose

August 15, 2017

Distracted driving—texting or absent-mindedness—claims thousands of lives a year. Researchers from the University of Houston and the Texas A&M Transportation Institute have produced an extensive dataset examining how ...


Adjust slider to filter visible comments by rank

Display comments: newest first

3 / 5 (3) Sep 21, 2012
Bresnan dropped me like a hot potato when a hacker d/l'd a game through my wi-fi modem. They said it was my responsibility to secure my system. And, to add insult to injury, they suggested that they could set up a secure wi-fi modem; but would charge me for the modem and installation, despite the fact I just paid $250 for a new one.

So, if our largest businesses, industries, and even our government, cannot fully secure their systems; what chance any of us to secure our systems?!
1 / 5 (1) Sep 22, 2012
The simple answer is none, as long as hardware advances continue to outpace software development. The possible holes are endless and many cyber security firms only pose as experts, bullying corporations and pacifying governments into believing they are able to keep order when they are for any real intents and purposes self serving fronts and almost totally impotent. The fox really is guarding the hen house, and no one knows any different.

The future is not secure in computer land and it will never be. It won't spell unfathomable crisis, but there will definitely be shifts in the politics of the planet. It's the wild west.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.