WASHINGTON (TheStreet) -- Companies in the U.S. oil and gas industry are moving to work together to fight the onslaught of cybersecurity marauders infiltrating their computer network systems.
Last year, the Department of Homeland Security said it worked on 256 security events involving critical infrastructure; sixty percent involved the energy sector.
Headlines abound about numerous retailers ranging from Target (TGT) - Get Report to Dairy Queen grappling with incursions by cyberhackers breaching networks to snatch sensitive personal data about customers that could be resold or used by hackers themselves. In the energy industry, however, cybersecurity defenders focus on the potential for invaders to access corporate data and to literally destroy a company's network infrastructure, to take down the operations of oil fields and natural gas recovery.
So industry leaders are creating a formal network for companies to share cybersecurity intelligence in real time, and to work together to defeat cybermarauders. The network, known as the Oil and Natural Gas Industry–Information Sharing and Analysis Center, or ONG-ISAC, expects to go live before the end of the year.
According to ONG-ISAC Chairman David Frazier, also senior director of IT at Halliburton (HAL) - Get Report , the names of the participating companies will remain private, as will the details of the group's activities. "We are in the process of establishing the sharing mechanisms, recruiting and evaluating potential members," Frazier said.
Stuart Wagner, director of IT Security at Enterprise Products Partners (EPD) - Get Report , a natural gas and crude oil pipeline company in Houston, is among those looking forward to participating in the ONG-ISAC.
"It will allow us an electronic way to share threat indicators in real time," he said. "Part of the challenge is getting threat information quickly and seeing if others (companies) are experiencing the same threats. The ISAC should provide a neighborhood watch effect. We'll be able to get a quicker consensus about what's going on."
Creation of the ONG-ISAC puts the industry in lockstep with the marching orders of Admiral Mike Rogers, NSA's director and commander of the U.S. Cyber Command. He advocates companies develop "cyberresiliency" to contend with the inevitable attacks from software intruders, rather than simply focusing on protection of their IT perimeters. Most recently, Rogers made his case in a keynote address at The Billington CyberSummit in Washington.
Rogers said organizations have to accept that they will get hacked, and that it's not a matter of "if" but "when." So companies must plan defensively to make sure information networks and business operations aren't forced to shut down while companies respond to intrusions. "Cyberdefense has largely been a pickup game, and I don’t think that is going to get us anywhere," Rogers said.
Adam Firestone, president and general manager of Kaspersky Government Security Solutions, a subsidiary of Kaspersky Lab, agrees. In addition to sharing information after the intruders arrive, he told TheStreet, companies need to have security play an integral role in the concept and design phase of a program's development before they write the first line of code. "In order to win the cyberbattle, we have to start looking to build security into all our systems at the front end and maintain a vigilant posture during operations," Firestone said.
Years ago, oil and gas industry companies protected themselves from malware in part by separating the networks that manage field operations, called industrial control systems (ICS), from corporate IT operations with a firewall. The separation kept intruders from accessing one network and then piggybacking into another area of the corporation because there was no Internet connection between the two. Field operators delivered information from their oil wells by phone and fax, not computers.
However, in recent years, technology advances resulted in the integration of field operations with corporate IT, mergers that allow managers to handle information more effectively. But the merger of networks has increased the potential for intruders to get inside corporate networks and harm field operations networks, or vice versa. Bottom line, there has been a significant uptick in cybersecurity challenges, observed Marc Othersen, the chief information security officer at Hess (HES) - Get Report .
"We have a perfect storm now in terms of extensive global connectivity, the proliferation of technical knowledge and the ready availability of cheap and powerful information technology," added Kaspersky's Firestone. "The same networks that combine IT and ICS to enable rapid and effective responses to problems in a power plant, also provide avenues for attackers to steal data or destroy computer or industrial control systems. As a result, the attack surface for cybercriminals has grown tremendously."
To prevail in these ongoing cyberbattles, companies need to create true situation awareness, that is, companies need a clear picture of what's going on inside their networks, said Othersen of Hess. "They need to see what 'normal' looks like and what abnormal looks like, otherwise it's impossible to protect what you cannot see."
"What’s important is to determine how hackers are operating, what are their tactics," Othersen said. "The steps or techniques hackers are using to deliver malware into a company are much more important that the actual piece of malware being delivered."
For instance, hackers might use a "spear phishing" attack -- an email spoofing fraud -- to deliver a piece of malware that could destroy a machine. "How the hackers deliver the malware, what they do once inside a company and how they communicate back to their central command," Othersen said, "are much more important to know so we can potentially stop an attack before it happens."
To that end, Othersen recommends companies develop an automated system to hunt for the most challenging adversaries, 24 hours a day, 365 days a year. "There is a lot of noise that comes across (networks) that isn’t potentially disruptive," he noted.
Othersen added that it takes a lot of resources to sift through all the incoming data. Automated threat hunting lowers overhead. "One can take a lot of the work off human beings, and it will pay off well," he said.
This is not to say that determining what kind of malware has been injected into a network isn't important to catching the culprits. In fact, over the past five years, oil and gas companies have started to notice, consistently advanced, adverse nation-state intrusions, where cyberintruders stealthy introduced malware into networks that might not necessarily ever be found. As a result, energy companies are building their own intelligence collection agencies, mini-CIAs, said another oil company CISO.
"We collect intelligence from DHS, DOE, the FBI and each other, as well as from paid commercial sources, to solve the problem of what to look for," he said.
This article is commentary by an independent contributor, separate from TheStreet's regular news coverage.