Hackin9 Magazine, the industry’s leading IT security magazine, interviewed me about the cyber security issues currently facing the oil and gas industry. Read a portion below:
What are, in your opinion, the biggest cyber security threats nowadays?
Another year has passed and still the arms race between cyber security hackers and the oil and gas industry’s IT departments rages on. Demands to infrastructure are further compounded by the prolific use of mobile devices, the need for workers to be able to connect at different locations and the onset of “BOYD” – Bring Your Own Device – to work. IT Departments must meet the high demands set by their employees while also working to maintain their privacy and the company’s most vital assets.
APTs – Advanced Persistent Threats – remain the biggest cyber security threat to private and public industry. These attacks are highly sophisticated and carefully targeted with the end-goal being to obtain one of an energy company’s most valuable assets – its proprietary information. Many APTs don’t target well-known programs such as Adobe Acrobat. Instead, they target embedded systems, which brings me back to my earlier point of “BYOD” and mobile devices creating vulnerabilities in systems. Hackers will wait for anomalies in your network and then pounce on them.
What topics are you going to cover on Cyber Security for Oil and Gas conference?
The question should be; what won’t we cover? Here’s a rundown of some of the featured sessions: Reducing the power of the hacker and assessing the current capacity in the O&G industry for managing risk; Discussing cyber incident response and the involvement of law enforcement agencies to bolster cyber security support; Hacking critical infrastructure; Protecting against APT malware and much, much more.
What do you think will be the most interesting part of your conference?
Sometimes the best way to fully comprehend any threat to your business is by seeing it from the point-of-view of the attacker. That’s why we’ve brought on board speaker Chris Shipp of DM Petroleum Operations to conduct a live hacking demonstration in an effort to show in-depth practices that can be applied to your own network.
Do you think that enterprises in oil and gas industry are sometimes unaware of their own vulnerabilities?
You don’t know what you don’t know, as they say. However, two things to watch out for are internal threats and vulnerabilities within the cloud. You should think long and hard about how much you trust your employees with your information. Some of the most devastating attacks that go undetected for a long time are internal, according to a study conducted by the U.S. Department of Homeland Security, the CERT Insider Threat Center and the U.S. Secret Service. To my second point, most corporations outsource their cloud capabilities, which makes data centers become larger targets for cyber security threats. Have clear guidelines with your provider to prevent attacks.
What are the estimate expenses that Oil & Gas companies spend on their cyber security?
ABI Research estimates that the oil and gas industry will spend up to $1.9 billion on cyber security by 2018. This includes spending on IT networks, industrial control systems and data security; counter measures and policies and procedures.
Do Oil & Gas companies need IT Security specialists more than ever?
Despite being a multi-billion dollar industry trading in one of the world’s highest commodities, the oil and gas industry as a whole still depends on legacy control systems like SCADA. This can’t continue to be the case in the future. James Clapper, the Director of U.S. National Intelligence said the threat of cyberattack is the biggest peril currently facing the U.S. today. What do you think this says about one of the U.S.’s most important industries?
What do you hope to change thanks to your event?
IQPC and Oil & Gas IQ are excited to host a forum where oil and gas industry leaders can discuss how to develop a secure network without exposing their critical corporate data.
See the interview in its entirety at https://hakin9.org/