[ISN] Energy firms move to thwart cyberattacks

From: InfoSec News (isnat_private)
Date: Wed Feb 27 2002 - 00:20:09 PST

  • Next message: InfoSec News: "[ISN] U.S. Agency's Computers Didn't Protect Indian Fund"

    http://www.computerworld.com/storyba/0,4125,NAV47_STO68585,00.html
    
    By MICHAEL MEEHAN 
    February 25, 2002
    
    Energy industry giants are preparing to make a major push into the
    information-sharing arena, hoping that a sophisticated alert system
    will protect the nation's critical fuel infrastructure from physical
    assaults and cyberattacks.
    
    Following a model used in the financial services and high-tech
    industries, oil and gas companies have formed the Energy Information
    Sharing and Analysis Center (ISAC). The center began operating in
    November among founding members, including Conoco Inc., Duke Energy
    Corp., ChevronTexaco Corp. and BP PLC. The group intends to push the
    center as an industry-standard defense mechanism.
    
    "Maintaining the integrity of those [IT] systems has become an
    increasing concern in our industry," said Bobby Gillam, manager for
    global security at Houston-based Conoco. "We have to make sure that
    our critical infrastructure is protected from both cyber and physical
    threats."
    
    Daily Threats
    
    Sarah Jensen, manager of enterprise IT security at Charlotte,
    N.C.-based Duke Energy, said that each day, her division tackles
    threats caused by faulty technology or inadvertently exposed
    applications, creating the need for round-the-clock vigilance.
    
    "I'd like to grow the ISAC so it makes my job easier," Jensen said.  
    "My goal is to create one-stop shopping. Right now, I've got my staff
    checking all these different agency and vendors' sites looking for
    information."
    
    Predictive Systems Inc. in New York has been tapped to run the ISAC on
    a Unix server farm in Reston, Va.
    
    Anish Bhimani, chief technology officer at Predictive Systems, said
    that previous ISACs the company has run on behalf of the financial
    services industry and foreign countries have allowed users to post
    anonymous information and receive classified alerts.
    
    Alerts can be labeled "normal," "urgent" or "crisis-level." Bhimani
    said a tip received two weeks ago gave ISAC members a head start on
    tackling flawed Simple Network Management Protocol (SNMP)  
    installations. Last week, Computerworld reported on a warning that
    hundreds of hardware and software products with built-in support for
    SNMP are vulnerable to attack.
    
    "Every hour counts in these situations," said Bhimani.
    
    While ISACs do a good job of disseminating alerts from government
    agencies, energy firms will need to rethink how their IT
    infrastructures push information out to the rest of the industry, said
    Gillam.
    
    Mark Evans, CIO at San Antonio-based oil refiner Tesoro Petroleum
    Inc., noted that it's difficult to draw information from the
    Supervisory Control and Data Acquisition systems that run the
    operations of most oil and gas companies.
    
    "For a long time, we've been unable to share that information within
    our own company," Evans said. "That's really the first step."
    
    Gillam said companies will likely be reluctant to share incident
    information with federal authorities unless the government can ensure
    the privacy of that information.
    
    Bhimani said real-time IT capabilities—as well as confidence that
    shared information can be kept confidential—will be critical.
    
    "Right now, we get a lot of, 'Here's what happened, and here's what we
    did about it' submissions, as opposed to, 'Something just happened -
    everybody duck' warnings," he said. "To get to that next step, it's
    going to require some physical and cultural changes in the industry."
    
    Founding members of ISAC also plan to establish an IT best-practices
    list so that users will be able to turn the information into action.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Feb 27 2002 - 04:41:54 PST