Energy firms move to thwart cyberattacks

[InfoSec News <isn () c4i org>]

http://www.computerworld.com/storyba/0,4125,NAV47_STO68585,00.html

By MICHAEL MEEHAN 
February 25, 2002

Energy industry giants are preparing to make a major push into the
information-sharing arena, hoping that a sophisticated alert system
will protect the nation's critical fuel infrastructure from physical
assaults and cyberattacks.

Following a model used in the financial services and high-tech
industries, oil and gas companies have formed the Energy Information
Sharing and Analysis Center (ISAC). The center began operating in
November among founding members, including Conoco Inc., Duke Energy
Corp., ChevronTexaco Corp. and BP PLC. The group intends to push the
center as an industry-standard defense mechanism.

"Maintaining the integrity of those [IT] systems has become an
increasing concern in our industry," said Bobby Gillam, manager for
global security at Houston-based Conoco. "We have to make sure that
our critical infrastructure is protected from both cyber and physical
threats."

Daily Threats

Sarah Jensen, manager of enterprise IT security at Charlotte,
N.C.-based Duke Energy, said that each day, her division tackles
threats caused by faulty technology or inadvertently exposed
applications, creating the need for round-the-clock vigilance.

"I'd like to grow the ISAC so it makes my job easier," Jensen said.  
"My goal is to create one-stop shopping. Right now, I've got my staff
checking all these different agency and vendors' sites looking for
information."

Predictive Systems Inc. in New York has been tapped to run the ISAC on
a Unix server farm in Reston, Va.

Anish Bhimani, chief technology officer at Predictive Systems, said
that previous ISACs the company has run on behalf of the financial
services industry and foreign countries have allowed users to post
anonymous information and receive classified alerts.

Alerts can be labeled "normal," "urgent" or "crisis-level." Bhimani
said a tip received two weeks ago gave ISAC members a head start on
tackling flawed Simple Network Management Protocol (SNMP)  
installations. Last week, Computerworld reported on a warning that
hundreds of hardware and software products with built-in support for
SNMP are vulnerable to attack.

"Every hour counts in these situations," said Bhimani.

While ISACs do a good job of disseminating alerts from government
agencies, energy firms will need to rethink how their IT
infrastructures push information out to the rest of the industry, said
Gillam.

Mark Evans, CIO at San Antonio-based oil refiner Tesoro Petroleum
Inc., noted that it's difficult to draw information from the
Supervisory Control and Data Acquisition systems that run the
operations of most oil and gas companies.

"For a long time, we've been unable to share that information within
our own company," Evans said. "That's really the first step."

Gillam said companies will likely be reluctant to share incident
information with federal authorities unless the government can ensure
the privacy of that information.

Bhimani said real-time IT capabilities—as well as confidence that
shared information can be kept confidential—will be critical.

"Right now, we get a lot of, 'Here's what happened, and here's what we
did about it' submissions, as opposed to, 'Something just happened -
everybody duck' warnings," he said. "To get to that next step, it's
going to require some physical and cultural changes in the industry."

Founding members of ISAC also plan to establish an IT best-practices
list so that users will be able to turn the information into action.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.