Knapp: Industry Should Hire Hackers to Boost Cybersecurity

The oil and gas industry should hire hackers in order to boost cybersecurity, said Eric Knapp, chief engineer for cybersecurity solutions and technology at Honeywell Process Solutions.

Speaking at the EMEA HUG conference in The Hague, Knapp urged delegates to shed their negative perceptions of these people and offer them a place in the sector.

“We have to stop thinking of hackers as evil ... the truth is hackers are people. They have a curiosity, they have an interest, they have a skill, and a skill isn’t good or evil. A person isn’t good or evil. The circumstances you put them in dictate that,” Knapp said.

“If we hire them, and we put them on the good team, then they’re our heroes. If we don’t hire them, they’re going to find some other way to make money off of their skills ... If they’re on our team they help, if they’re on the other team, they hurt. They’re not going to just go away,” he added.

Knapp’s comments followed a stark warning from Laura Pilia of energy company SARAS and Jos Oelers of petrochemicals firm SABIC, made during the opening speech of the third day of the conference, which outlined a growing spate of cyberattacks in the industry.

Eighty-two percent of oil and gas industry respondents have reported an increase in successful cyberattacks over the past 12 months, Pilia and Oelers told conference participants. Looking at the influence of cyberattacks in the wider community, the conference leaders outlined that these occurrences cost businesses as much as $400 billion per year.

In a further warning to the sector, Honeywell’s Global Cybersecurity Business Leader Jeff Zindel told Rigzone that cyberattacks on oil and gas facilities are bound to increase over the next year.

“I think it will certainly increase,” Zindel said.

“The hacker community is increasingly focusing on industrial plants ... It’s a multi-billion dollar market that’s out there and that’s growing and we’re certainly seeing an increasing focus on critical infrastructure in industrial,” he added.

Cybersecurity Threats Evolving

The cybersecurity sector is plagued by ever-evolving threats, which are becoming more and more sophisticated, said Knapp.

“It’s hard to keep up with, and we have a distinct lack of new experts being developed in this industry,” Knapp told delegates at the HUG conference.

The cybersecurity engineer outlined that viruses now contain polymorphic malware, which learns and changes itself in response to its environment.

“You have malicious code that might look completely benign. It’ll pass detection from antivirus systems, it’s perfectly safe, until it realizes it’s on its designated target and then it rewrites its own code ... suddenly that harmless piece of software is a very targeted and dangerous piece of malware,” Knapp said.