Information Security and the National Infrastructure
The national infrastructure sectors, ranging from financial services to transportation, energy, and healthcare, rely immensely on information technology networks. This aspect makes them more vulnerable to data insecurity problems. Recently, the energy sector has become the new battlefront for cyber attacks. For instance, Chevron networks were attacked by a sophisticated virus known as Stuxnet, back in 2010. Chevron, which is one of the biggest oil industries in the U.S., also reports that it has to avert up to 500 hack attacks each week (Infosecurity, 2009). This shows that information security is a prime concern when it comes to national infrastructure.
Without a doubt, oil and gas companies remain to be the most targeted by cyber criminals, and for several reasons. Firstly, oil prices keep on rising due to the increasing costs of production. As a result, firms in the energy sector implement policies to cut down on costs. Often, the most likely area affected by expenditure cuts is technology, and, by association, the information security is compromised. Given the reduction in attempts to secure a company’s data, the oil and gas industries become susceptible to cyber attacks.
Another likely reason for increased cybercrime-vulnerability revolves around the fact that the transactions in the oil and gas arena are of a broad scope (Infosecurity, 2009). The lifecycle of a typical oil and gas company involves exploration of the oil or gas reservoir, appraisal, development and production of the resource. Given the various facets involved in operations, it is vital to monitor the parties that access information and logistics. Based on a survey conducted by PricewaterhouseCoopers, there are still multiple oil and gas firms that employ single sign-on software and automated account de-provisioning, practices that make them vulnerable to cyber attacks (Zimmermann et.al., 2008). Instead, these companies should follow the example of Vopak, a renowned corporation in the energy sector that has adapted efficient authentication software called Signify. With this application, Vopak’s employees are issued with small RSA Secure ID tokens from Signify. This authentication card generates a new one-time passcode every minute. The workers use these IDs, alongside their respective usernames and secret PINs to gain access to the facility.
Supervisory control and data acquisition (SCADA) networks constitute the computers and software used to perform crucial tasks and provide relevant services within oil and gas companies’ operations. These systems are regarded the backbone of any firm as they keep track on the parameters of production. For optimal efficiency, some corporations integrate SCADA into their corporate business systems (Infosecurity, 2009). Since this form of integration poses a significant risk to oil and gas companies that conduct such a practice, there is a need for government intervention. The government is capable of advancing security of both SCADA and industrial control systems; hence, ward off cyber attacks. Sadly, the government has shown little interest in regulating supervisory and data acquisition systems, in spite of the rising cases of cyber crimes.
The colossal cyber breach of the U.S. critical infrastructure information systems is the latest in a string of cyber crimes in the last few years (Sandia National Laboratories et.al., 2008). The energy sector is one of the most targeted areas by cyber criminals. Thankfully, oil and gas companies can fend off these cyber attacks by adopting policies that intensify the security of their information systems. Also, the government ought to take an active role in protecting critical infrastructure by regulating supervisory and data acquisition (SCADA) and industrial control applications.