Energy sector alerted about cybersecurity
Hackers-turned-activists, environmental extremists, unscrupulous competitors and hostile foreign governments are among a “laundry list of actors” targeting Houston’s energy sector online, FBI agents warned this week.
The agency’s Houston field office hosted a classified meeting on Wednesday to help energy companies to protect themselves from the growing threat of cyberattacks. Nearly 60 people from energy companies and federal agencies attended the meeting, which included a classified security briefing and panel discussion that focused on protecting pipelines, power lines, refineries and other facilities from espionage, hackers and overseas-led cyberattacks.
The meeting was the latest in a string of briefings for energy companies since cyberattacks were directed against several natural gas pipelines in April 2018. Culprits were never publicly named and no arrests were made, but the FBI and several federal agencies are working to protect the network of pipelines, storage terminals, refineries, transmission lines and power plants that provide the energy that makes the U.S. economy go.
Deron Ogletree, assistant special assistant in charge of the FBI’s Houston field office, said part of those prevention efforts involve sharing intelligence and classified information with companies.
“We don’t tell these companies how to do business,” Ogletree said. “We simply provide them with information that we hope they use
to calculate risk.”
China, North Korea and Iran have emerged as state sponsors of cyberattacks on the United States. In addition, a March 2018 alert from the Department of Homeland Security and the FBI warned about Russia launching an “intrusion campaign” using malware, phishing emails and other hacking techniques on multiple targets in the energy sector. Three years earlier, Russian hackers used cyberattacks to knock out the
power grid in Ukraine in late 2015.
William Evanina, director of the National Counterintelligence and Security Center, said the U.S. energy sector remains “extremely vulnerable” to cyberattacks.
“Nowhere else in my life have I seen a more critical time and place for a robust, continuous and vibrant public-partnership than I do with the energy sector,” Evanina said.
The list of private sector
attendees to the Wednesday afternoon security briefing was kept confidential, but the issue of cybersecurity is top of mind for industry executives.
Bhushan Ivaturi, senior vice president and chief information officer for the pipeline operator Enbridge, did not attend the FBI’s meeting but told the Houston Chronicle that he and other company executives have testified about cybersecurity at meetings in the White House and
elsewhere in Washington. Delivering natural gas to power plants and homes, the company’s pipelines are considered “critical energy infrastructure.”
Enbridge, a Canadian company, has a large presence in Houston and pipelines throughout the United States. Ivaturi said Enbridge brings in third-party cybersecurity experts to test vulnerabilities in the company’s computer systems. The company also tests employees for their
vulnerability to phishing, a technique of using emails to trick employees into giving hackers access to company computer systems.
“It’s not just about our lab solving those problems,” Ivaturi said. “We’re creating a culture of cybersecruity across the company. It’s about getting every employee to be vigilant by training them appropriately.”