Friday, January 28 2022 Sign In   |    Register
 

News Quick Search


 

News


Front Page
Power News
Gas News
Today's News
Yesterday's News
Week of Jan 24
Week of Jan 17
Week of Jan 10
Week of Jan 03
Week of Dec 27
By Topic
By News Partner
News Customization
Feedback

 

Pro Plus(+)


Add on products to your professional subscription.
  • Energy Archive News
  •  



    Home > News > Gas News > News Article

    Share by Email E-mail Printer Friendly Print

    Making oil and gas operations more


    December 27, 2016 - By Collin Eaton, Houston Chronicle

     

      Dec. 27--Hackers have gotten smarter and bolder in their recent attempts to steal coveted oil company data. Mario Chiock has worked for years to keep them at bay. Chiock joined Schlumberger in 1980 as a field engineer, but his traditional oil industry career took a turn in the mid-1990s when he began researching a new threat to corporate security, one that emerged alongside advanced computers and the internet. At the time, most in the oil industry had never heard of cyber security, much less practiced it.

      Over the years, Schlumberger's top cyber security advisor founded industry groups dedicated to educating oil companies on securing computer systems and sharing information between firms about cyber incidents, as a way to learn how to guard against attacks.

      The initiatives he began at Schlumberger aim to teach employees they're key to its cyber security. For example, Schlumberger sends its employees test phishing emails to see how many click on a link or email attachment.

      "We need to make sure we're always a few steps ahead of them," said Chiock. He spoke about his experience and Schlumberger's cyber security efforts. Edited excerpts:

      Q: When did the oil and gas industry first recognize a need for cyber security?

      A: In the late 1990s, Schlumberger realized protecting our customers' data was part of the service. But that was very early -- most companies didn't look into security at that time. When I moved into our corporate offices in New York in the mid-1990s, one of the things that caught my attention was the level of confidentiality and security needed at a corporate office.

      Q: How can companies prevent cyberattacks?

      A: Eighty-percent of breaches can be avoided by doing basic things. Change default passwords. Don't use insecure protocols. Patch vulnerabilities on a monthly basis. It's cyber hygiene. Technology alone isn't going to give you better security. You need to ensure you have the right people, trained people, and you have to have processes updated to the 21st century. Companies can't afford not to do at least basic security.

      Q: How often does Schlumberger send phishing emails to its employees?

      A: At least once a quarter. One we did a year ago told people they were going to lose their vacation. That was nasty. It could be anything: click here to review your benefits. It could be about a package you received, or that your Yahoo account has been compromised, so click here and change your password. Every company needs to do this. When you learn, you're more prepared. Incidents may happen, but you'll be able to mitigate it or control it a lot quicker.

      Q: What other cyber security programs has Schlumberger implemented?

      A: You need to make sure you have drills -- fire drills for cyber security. We include cyber security scenarios as part of the crisis management drills we do on a regular basis. One scenario was, at a certain time, some computers became useless. People react, and we learn from that. Another scenario is a company website might be defaced. Or if the network goes down, how are we going to close payroll? We make sure we have a process in place regardless of whether our computers are working.

      Q: Oil and gas companies often rely on outdated software, such as Windows XP, in control systems that manage field operations. How do you design security around these systems?

      A: That's very true. And by the way, it isn't only true of the oil and gas industry. Industrial control systems don't run standard operating systems. They may be running an embedded Windows system, which you can't put anti-virus programs on. So control systems shouldn't be connected to the internet or a corporate network.

      Q: Tell me about the state of cyber security of around industrial controls in the oil and gas industry.

      A: Back in the late 1990s, we had two groups of people, the traditional IT people and the operational technology people who were responsible for field operations. They didn't talk to each other. In 2005, we started integrating them. I got record miles that year, and I went around the world to our research centers, working with them to integrate. Cyber security should be under one umbrella. Information and operational technology need to have the same vision. You cannot treat their security as silos.

      ___

      (c)2016 the Houston Chronicle

      Visit the Houston Chronicle at www.chron.com

      Distributed by Tribune Content Agency, LLC.

    TOP

    Other Articles - Information Technology


    TOP

       Home  -  Feedback  -  Contact Us  -  Safe Sender  -  About Energy Central   
    Copyright © 1996-2022 by CyberTech, Inc. All rights reserved.
    Energy Central® and Energy Central Professional® are registered trademarks of CyberTech, Incorporated. Data and information is provided for informational purposes only, and is not intended for trading purposes. CyberTech does not warrant that the information or services of Energy Central will meet any specific requirements; nor will it be error free or uninterrupted; nor shall CyberTech be liable for any indirect, incidental or consequential damages (including lost data, information or profits) sustained or incurred in connection with the use of, operation of, or inability to use Energy Central. Other terms of use may apply. Membership information is confidential and subject to our privacy agreement.