Insider Threats Discussed at Cybersecurity Panel
Despite the significant and growing threat of cyberattacks oil and gas producers face, there is a persistent lack of awareness and understanding of the vulnerabilities present in the industrial control systems used for energy production and distribution operations. A panel of experts discussed the potential cybersecurity risks companies face from malicious actors, as well as risk mitigation strategies and emerging security standards in a session, “Cyber Security Assurance: Data and Critical Infrastructure Protection,” held at the 2016 Offshore Technology Conference.
Andrew Howard, director of the Cyber Technology and Information Security Laboratory at the Georgia Tech Research Institute, said cybersecurity risk is a pressing concern for all sectors of the industry, and that companies should not place the burden of handling cyberthreats solely on their information technology (IT) departments.
“It’s no longer just an IT problem,” Howard said. “It’s a multidisciplinary problem that covers just about every field. When we talk cybersecurity to complex organizations, it’s no longer about the IT channel. It’s also the upstream, the downstream, and the finances. It’s in human resources. It spreads over the entire organization, and it’s everyone’s problem.”
A common misconception companies have with regards to cybersecurity is that the “air gap,” or the physical isolation of a secure computer network from unsecured networks, is an effective strategy. Howard said a dedicated security protocol focused on physical systems must include basic cyberhygiene and asset inventory capabilities, even if it is not connected to unsecured networks.
Dawn Cappelli, vice president of information risk management at Rockwell Automation, said the biggest security threats companies face are from insiders, typically disgruntled former employees with technical knowledge and a personal predisposition to cause harm.
“People will cross that ethical line and steal your information because they rationalize in their mind why it’s OK: ‘I created that, that’s mine.’ Most people will not cross that ethical line, but the people who do tend not to get along well with other people. You have to walk on eggshells around them. They don’t take criticism well,” Cappelli said.