Forget the Organization of Petroleum Exporting Countries. Ignore Saddam Hussein. Okay, well, maybe don't ignore Saddam. But US officials suggest an anonymous computer hacker could be an even greater threat to energy security. Drilling for oil may seem to be protected from computer attacks, but nearly all aspects of the energy business are as dependent as any other sector on the internet and computers to carry out routine operations, US officials say. Oil refineries, gas pipelines, power plants, and the electric transmission grid are all critical infrastructures vulnerable to cyber threats.
US officials say they have worked hard to make the internet and government web pages less open to electronic attack, whether that threat comes from a foreign government or an individual. But the job is far from finished, government investigators say. The General Accounting Office cautioned in testimony before a Senate subcommittee May 22 that the government needs to work harder to contain these threats.
"There is a growing risk that terrorists or hostile foreign states could severely damage or disrupt national defense or vital public operations through computer-based attacks on the nation's critical infrastructures," GAO said.
Y2K highlights problem
It's a problem of which the government and industry are well-aware. Cyber security has been a big focus for government and industry since 1998, when regulators studied the possible impact a Year 2000 computer software glitch could have on public and private networks.
The National Petroleum Council, a 175-member, federally chartered, and privately funded advisory committee that represents oil and gas industries, has spent the past 2 years advising the US energy secretary on the issue. NPC's efforts are part of a larger government effort to protect the country's energy infrastructure from attacks.
Early on in the government's efforts, energy was targeted as being especially vulnerable to sudden computer disruptions. California refiners and power generators unfortunately are already well-versed on how disruptive being offline can be. Some refiners have even argued that the state's failed electric restructuring experiment, which contributed to rolling blackouts, has done as much harm as any cyber-terrorist could inflict.
California's problems aside, US government computer experts say it's still easier dealing with an enemy you know than an enemy you don't know. And the new information age makes it much more difficult for the government to figure out who the real enemy is.
Moving forward
The White House May 9 said it is working with federal agencies and private industry to prepare a new action plan to protect critical infrastructures. GAO, in its testimony before Congress, stressed the need for more communication between agencies, and the White House is likely to follow through with that suggestion.
GAO also wants the White House, in coordination with federal agencies, to be more aggressive in analyzing computer-based threats, including standardizing the way security officials review infrastructure data. GAO also wants the White House to require the federal government to develop a more-thorough data collection system and hire more staff to oversee that effort. The private sector also needs to better define to government officials what kind of data are needed to combat computer-based attacks, the independent agency said.
