Cyber vulnerabilities

President Clinton launched a program 2 years ago to examine the physical and computer vulnerabilities facing critical U.S. infrastructures-including energy, banking and finance, telecommunications, and government assistance. Last May he established the Critical Infrastructure Assurance Office (CIAO) to do something about it. The Institute of Gas Technology recently held a seminar on how to protect natural gas pipelines in the cyber age.
July 20, 1998
3 min read
Patrick Crow
Washington, D.C.
[email protected]
President Clinton launched a program 2 years ago to examine the physical and computer vulnerabilities facing critical U.S. infrastructures-including energy, banking and finance, telecommunications, and government assistance.

Last May he established the Critical Infrastructure Assurance Office (CIAO) to do something about it.

The Institute of Gas Technology recently held a seminar on how to protect natural gas pipelines in the cyber age.

IGT's Jared Smith said lines have become increasingly computerized and more vulnerable, "ellipsewith transporters coming on and off your system, with marketers nominating and recording transactions, with increasingly rapid fluctuations in capacity availabilites, and with other parties free to access what was once considered necessarily private company data."

He said, "More frightening, perhaps, is the threat from disgruntled (pipeline) personnel."

Smith said National Security Agency scientists launched a simulated cyber attack on the electric grid's computer systems recently and were able to "bring down" the power systems of 14 major cities.

Push for change

Gordy Bendick, CIAO deputy director, said the plan is to work with industry to substantially increase safeguards by 2000 and fully protect them by 2003.

The goal is to install systems that keep interruptions brief, infrequent, manageable, geographically isolated, and minimally disruptive.

The initial emphasis will be on cyber protection. "The physical side is a thorny problem," he said.

Bendick said one problem facing CIAO is: "We're not sure we know where cyber is going to be in 2003, so how can we protect it?"

He said the Energy Department will take guidance from oil and gas companies, particularly pipelines, to develop "best practices" for protective measures. The intent is not to set federal standards, although legislation may be needed in some areas.

This will cost industry billions of dollars. But Bendick noted, "What's the cost if that asset goes away?"

DOE's role

David Jones directs the Energy Department's infrastructure assurance efforts.

He admitted that one problem in protecting private assets is government curiosity.

"The government, through regulators, is asking for some very sensitive information," he said. Those data are often submitted electronically or are made available to the public.

Jones said many firms have been reluctant to talk about breaches of their security, so information is not being shared through the industry.

"We still have a way to go before we convince industry to share incidence data."

Jones said even companies with some good security systems also have some poor ones, and that is why industry needs "best practices" standards.

He said, "As long as we rely on passwords, we have a real vulnerability, because time and time again password systems are defeated."

And he said, despite popular belief, "There will always be a way to get through a firewall. If you have a computer system and you're connected anywhere, you're connected everywhere."

Copyright 1998 Oil & Gas Journal. All Rights Reserved.

Sign up for our eNewsletters
Get the latest news and updates

Related

BOEM outlines plans for December offshore Gulf Lease Sale 262
Talos Energy discovers hydrocarbons in deepwater Gulf of Mexico Daenerys well
Use operational excellence to improve power plant efficiency
Sponsored
Predictive Digital Twin with Norton Straw
Sponsored