[ISN] BP aligns IT with physical security to combat threats

From: InfoSec News (alerts@private)
Date: Sun Jun 24 2007 - 23:05:25 PDT


http://www.computerweekly.com/Articles/2007/06/26/224995/bp-aligns-it-with-physical-security-to-combat-threats.htm

By john-paul kamath
Tuesday 26 June 2007

British Petroleum (BP) is to defend against global IT threats such as 
targeted attacks and industrial espionage by making its IT security 
departments work more closely with its corporate and physical security 
teams.

The petrochemicals multinational plans to bring together more than 530 
employees in the next two years from its IT, corporate and physical 
security divisions worldwide, to devise plans to protect the business 
globally.

The company aims to roll out best practices linking physical security to 
IT security across the company, checking, for example, if someone is 
logged on to their workstation against whether they are physically in 
the building.

The company said that this would allow it to manage security threats 
that begin in one part of the business but could go on to affect another 
area.

"Criminals will not attack just one part of our infrastructure, they 
will go after several parts to get us. As a company with global 
networks, it is important that we have a holistic approach to security," 
said Robert Martin, manager of digital security services at BP.

For example, Martin said physical attacks, such as planting explosives 
at an oil pipe, would require criminals to first steal pipeline 
blueprints stored on information networks. Conversely, if a worm 
infiltrated the network connections used to supply traders with 
information on the quality of oil, it could have "drastic effects" on 
its frontline operations, Martin said.

With joint planning between security teams, a physical attack could be 
prevented by securing access controls at an IT level.

"IT departments managing only IT security, without consulting with wider 
departments, leaves global businesses more vulnerable in the emerging 
threat landscape," Martin said.

He said that a challenge in securing the company's back-office networks 
would be mapping all possible connections to the IP networks used in 
processing oil. However, security will be speaking to senior management 
with a "collective voice", and this will improve the IT department's 
chances of being heard, he said.

Ruggero Contu, principal research analyst at Gartner, said that the 
sophistication and personalisation of attacks against global companies 
and government networks are increasing. Implementing a collective 
security strategy would rise to the top of many chief information 
security officers' agendas in the coming years, Contu added.


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Sun Jun 24 2007 - 23:14:24 PDT