Directive Seeks to Coordinate Response to Oil, Gas Cyberattacks

Directive Seeks to Coordinate Response to Oil, Gas Cyberattacks
A new presidential directive aims to establish guidelines for a significant cyberattack against US companies, including oil and gas.

The implementation of PPD 41 will prompt private oil and gas firms to shift their focus to cybersecurity concerns and place increased emphasis on the development of processes which solicit government aid in the event of a cyberattack, Stewart Kantor, CEO of Full Spectrum Inc., told Rigzone in an email statement. Full Spectrum is a wireless communications firm that provides technology to the upstream and midstream oil and gas industries.

Stewart Kantor
Stewart Kantor, CEO & Co-Founder, Full Spectrum Inc.
CEO & Co-Founder, Full Spectrum Inc.

“This push may drive the industry to reconsider where cyber vulnerabilities exist in their current practices and introduce new procedures and technologies designed to minimize risk of a cyberattack,” Kantor commented. “One such example is the vulnerable public data communication networks currently used for monitoring and protecting critical assets of the oil and gas companies.”

To minimize the risk of a hacker entering and potentially damaging the company’s assets, Kantor anticipates seeing the adoption of private cellular data networks as best practice, which provide the necessary security, IP automation, and capacity to isolate damage caused by cyberattacks or natural disasters, including inclement weather.

U.S. Government Seeks to Create Environment for Sharing

Through the directive and the Computer Information Sharing Act (CISA) passed late last year, the U.S. federal government is trying to create a conducive environment for sharing information regarding cyberattacks. The CISA provides incentive for sharing through a statute that provides liability protection for information shared, Riggi stated.

“If they share particular threat information on vulnerabilities, the government can’t use that information to go back and basically conduct a regulatory audit or place regulatory liability on a company,” Riggi explained.

Brian E. Finch
Brian E. Finch, Partner, Pillsbury, Winthrop, Shaw, Pittman LLP
Partner, Pillsbury, Winthrop, Shaw, Pittman LLP

To truly understand the nature of cyberthreats, the federal government and the private sector need to share information, Riggi stated. The vast majority of cyberattacks are occurring on private sector networks, which the government cannot access, but government networks also are being targeted. Some clues may exist in private sector attacks that could help the government defend its networks against mutual cyber adversaries.

“The presumption has been for over the past 10 years that, when a company has suffered an attack, it’s because they didn’t spend enough money on cybersecurity or it wasn’t a high enough priority for the company,” said Brian E. Finch, a Washington, D.C.-based part with law firm Pillsbury, Winthrop, Shaw, Pittman LLP, in an interview with Rigzone.

But the recent cyberattack on the Democratic National Committee has changed the narrative of the debate. The attack, allegedly carried out by Russia, has made the U.S. government realize that organizations are not automatically at fault for cyberattacks by foreign countries.

While companies would still face liabilities, Finch sees more tolerance for a conversation between the U.S. government and companies about an attack.

“It’s a national security issue, not about whether a company invested enough” in the right technology to prevent a cyberattack.


View Full Article


Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.