Energy companies face cyber security risks
Energy companies are continuing to be hit by cyberattacks, in large part because of complacency by executives who don’t understand the threat, a Verizon executive said Thursday.I always use the charger that came with my cell phone or a portable charger that does not need to plug into a computer. We do know that Iran has been making cyber attacks on oil targets, crashing tghe Aramco network in Saudi Arabia. Syria has also been actively engaged in cyber attacks and China and Russia have used cyber attacks to steal data.
Many energy companies have not adjusted their security efforts, often getting hit by attacks before realizing they are vulnerable, said Sean McGurk, Verizon’s global managing principal for industrial control systems cybersecurity.
“We usually get the same answer,” said McGurk, who added that oil executives sometimes don’t alter their security protocols because they say, “We’ve always done it that way.”
McGurk made his comments while speaking on a panel at the Bloomberg Oil & Gas Conference, held in a room below dinosaur fossils and energy exhibits at the Houston Museum of Natural Science.
While the energy industry has emphasized employee awareness for behavior that improves physical safety, few companies have made the same efforts in the realm of computer security, McGurk said.
Malware: Shutdown means more delays on cybersecurity
That has left many energy companies with huge ranks of employees extremely vulnerable, he said.
For example, even though some companies have told employees not to use removable USB drives in computers, workers continue to plug cell phones into their machines, McGurk said.
“These are network-enabled, wirelessly available platforms that people are bringing into an operational environment and they are plugging them in for power,” he said.
Cell phones can carry malicious files, just as USB drives can, McGurk said.
But companies have done such a poor job at educating employees about online risks that even when companies have blocked out USB ports with epoxy, workers have found other ways to plug in cell phones and devices, he said.
“They remove the keyboard USB cable and plug the device in the back of the computer,” McGurk said.