Could Trump Take Pointers from ExxonMobil's Tillerson on Cybersecurity?
If confirmed as U.S. Secretary of State, former Exxon Mobil Corp. CEO Rex Tillerson could play a role in deciding how cybersecurity policy impacts the oil and gas business, an industry analyst told Rigzone.
“If you look back to Tillerson’s commentary in the 2013 timeframe, he mostly focused on ensuring his people were trained to be better at cybersecurity issues,” Ken Talanian, director of software research with Evercore ISI, told Rigzone. “I think that he was spot on in focusing on the habits of the employees in addition to making technology investments. He was also one of the guests to join the cybersecurity discussion with Obama at the White House.”
In 2013, Tillerson and corporate leaders from the defense, technology, energy and banking industries told President Obama they agreed that cyberattacks posed a top security threat, but said they wanted a ‘light touch’ from the government in response.
ExxonMobil offers a web-based cybersecurity training program on how to identify and respond to potential cybersecurity risks, in addition to an ongoing awareness program to reinforce safe computing behaviors, Kimberly A. Clark, public and government affairs with ExxonMobil, told Rigzone.
Talanian guesses that most business leaders, including leaders in the oil and gas industry, will not look directly for help from the government on cybersecurity issues. But they will want government’s indirect help in dissuading nation state actors from hacking. He also thinks that job creation will occur within the U.S. government for cybersecurity, but the trend is not exclusive to oil and gas.
It’s too early to tell who Trump picks to lead U.S. cybersecurity efforts. But his choice will be critical, as will his choices for the public and private partners that are brought in as advisors, Matthew Brennan, president of cybersecurity and managed services solutions provider VirtualArmour, said to Rigzone.
“The government is going through a cultural change that requires a shift in defense strategy from the physical fight to the virtual fight,” Brennan said. “This is also true from a budgetary perspective. Underfunding cybersecurity initiatives could have a detrimental impact for the government’s ability to protect critical infrastructure.”
Because no major breaches have recently been announced, the topic of cybersecurity in the oil and gas space has been quiet recently. That doesn’t mean that the threat of cyberattacks has gone away, Talanian said. The Saudi Aramco hack in 2012 – when an unleashed virus erased data from three-quarters of Aramco’s corporate personal computers – would have served as a wakeup call for the industry if the Stuxnet attack in 2010 on an Iranian nuclear facility didn’t.
Cyberattacks on U.S. businesses such as Target – and speculation that Russian President Vladimir Putin hacked into U.S. computer systems to influence the U.S. presidential election – are examples of the growing cyberrisks that the United States faces. Critical U.S. infrastructure, which includes oil and gas pipelines, is also vulnerable to cyberattacks.
President-elect Donald Trump’s planned review of the United States current defenses/vulnerabilities, including critical infrastructure, will likely touch the oil and gas industry, Talanian said. However, Trump’s use of “negotiator tactics” makes it unlikely that he would publicly divulge his plans for U.S. cybersecurity strategy when he takes office later this week. Talanian believes that Trump’s actions will be reflective of his business strategy, such as keeping his views private in some cases where he thinks he might have leverage.
“I don’t think the United States is at risk of entering the plot of the fourth Die Hard movie, but clearly cybersecurity poses a threat that operators should take seriously,” Ethan Bellamy, senior analyst with R.W. Baird, told Rigzone.
“We just had the Russians release sensitive private correspondence that may have altered the results of the U.S. election,” Bellamy said. “You’d be a fool not to take this seriously when it comes to protecting operations and the privacy of commercial secrets and customer data.”
So what might Trump’s cybersecurity policy look like?
The growing presence of Internet of Things (IoT) technology is propagating industrial control espionage. For this reason, the Trump administration will likely move towards a more holistic approach to enhancing cyber control within energy, including oil and gas, Tauseef Ghazi, cybersecurity expert and principal of security and private services with audit, tax and consulting firm RSM, told Rigzone. In the next year or so, Ghazi thinks there might be a push for public accounting firms to review cybersecurity strategies through annual audits. He also sees companies potentially reworking cybersecurity standards as needed, or insurance companies requiring companies to meet certain standards for payouts for cybersecurity losses.
View Full Article
WHAT DO YOU THINK?
Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.