Oil industry forms clearinghouse for cyberattack data

Hub designed to open up communication among oil firms on increasingly sophisticated attack methods


June 28--Oil executives are assembling a team of a cybersecurity experts to analyze malicious software attacks on networks that automate offshore rigs, refineries, pipelines and other energy infrastructure.

The American Petroleum Institute this week announced the formation of the first cyberattack data hub formally designed to open communication among oil companies on increasingly sophisticated programs designed to infiltrate their computer systems.

Oil and gas companies mostly have kept quiet about breaches of their computer security systems, but they can learn a lot by sharing information, said Stephen Coty, director of threat research for Alert Logic, a computer security firm.

"They're a big target because of the size and value of the industry," Coty said. "The financial sector has been sharing information for quite a while, and we've seen security improvements from that. It'll cut down on the number of breaches."

The new Oil and Natural Gas Information Sharing and Analysis Center says attacks reported by the oil and gas industry made up 53 percent of the more than 200 incidents reported last year to the Department of Homeland Security's industrial emergency arm.

Curt Craig, an executive at Dallas-based Hunt Oil and a founding director of the cybersecurity group, said once the professional team is in place, analysts will send reports to member companies.

"If everyone's out there doing their own thing, everyone has to learn the same lessons time and time again," said Craig, manager of business systems and information security for Hunt Oil. "Sharing information and intelligence around cyberthreats is a much more efficient way to improve everyone's maturity and capability, in a shorter period of time."

The industry, he said, has kicked around the idea of a formal group for about 18 months, and so far, 25 oil and gas companies have signed on as members.

The Oil and Natural Gas Information Sharing and Analysis Center said it will be a formal gathering place for the industry to dig through accumulated knowledge about threats to control systems that link much of the nation's energy infrastructure.

It's one of 17 individual Information Sharing and Analysis Centers, or ISACs, which collect information and distribute analysis on cyberattacks to defense-industry suppliers, the electricity sector, financial services firms, and other industries, according to the National Council of ISACs.

Cyberattacks on U.S. oil and gas companies historically have come from foreign competitors -- often Russian or Chinese firms -- trying to steal company secrets. But a new breed of hacker network has emerged in recent years, attempting to hijack energy infrastructure control systems or put oil executives' personal information on the Internet, Coty said.

Often, hackers use attacks known as phishing -- trying to trick employees into opening emails with links or attachments containing malicious software.

More recent malware attacks, Coty said, involve programs that can access computer systems directly through virtual portals and hide themselves in the murky internal world of code, all without targeting key employees with access to company systems.

He finds the potential threats to energy infrastructure especially worrisome.

"If you've ever stood next to those pipes, you can feel the power of the natural gas or oil that's flowing through them," Coty said. "The slightest interruption could cause serious damage."

Copyright 2014 - Houston Chronicle