HOUSTON – (Feb. 5, 2014) – Cybersecurity threats to the United States’ energy industry and infrastructure are rising and require increased preparedness by the U.S. Army and Department of Defense, according to a new paper from Rice University’s Baker Institute for Public Policy.
The paper, “Hacks on Gas: Energy, Cybersecurity and U.S. Defense,” was authored by Chris Bronk, a fellow in information technology policy at the Baker Institute and a former U.S. State Department diplomat who specializes in cybersecurity issues. Produced for the U.S. Army War College’s Strategic Studies Institute, the paper considers potential cyberthreats relevant to the Army and Department of Defense’s energy needs and purview, including the electrical grid, oil and gas security and the military’s fuel supply chain, and proposes a range of policy and strategic recommendations the nation’s military should undertake to address these threats.
“We should be concerned with cybersecurity in energy because, as with other areas of the global economy, computing has been widely adopted in the energy industry,” Bronk said. “The Department of Defense is incredibly reliant on private sources of energy, and the level of preparedness for cyberattack among those sources likely varies greatly.”
Bronk counts the 2012 “Shamoon” computer virus attack against national petroleum producer Saudi Arabian Oil Co. (also known as Saudi Aramco) as an example of the devastation that such attacks can cause. Shamoon reportedly spread across as many as 30,000 Windows-based personal computers operating on the company’s network. It may have taken Saudi Aramco almost two weeks to fully restore its network and recover from the disruption of its daily business operations caused by data loss and disabled workstations resulting from the incident.
Bronk said there are likely three major areas of energy-related cyber vulnerability that are relevant to the Army: the provision of electricity to bases and facilities by the electrical grid, both in the U.S. and abroad; the distribution of fuels to forces often operating some distance from major logistical hubs; and major cyberattacks against suppliers of fuels that would result in a significant disruption of supply or a rise in price.
“Other scenarios of attack are no doubt possible and are limited only by vulnerability, technical know-how and imagination,” Bronk said. “Cyberattacks against Army logistics should be taken as a given, and a massive cyberattack against the oil and gas industry would be of great concern far beyond the Department of Defense.”
Bronk proposed five immediate policy and strategic interventions the U.S. military should pursue to prepare for and manage cyberthreats to energy security:
“These recommendations represent an initial thrust of activity, but instituting them will require difficult shifts in behavior for government and industry,” Bronk concluded. “Deep analysis not only of vulnerability but also of the resiliency of the energy supply chain to a cyberattack is necessary.”
Bronk holds additional appointments in the Baker Institute Center for Energy Studies, Rice University’s Department of Computer Science and the University of Toronto’s Munk School of Global Affairs.
For more information or to schedule an interview with Bronk, contact Jeff Falk, associate director of national media relations at Rice, at email@example.com or 713-348-6775.
Bronk on Twitter: @techpologist
Follow Rice News and Media Relations via Twitter .
Founded in 1993, Rice University’s Baker Institute ranks among the top 15 university-affiliated think tanks in the world. As a premier nonpartisan think tank, the institute conducts research on domestic and foreign policy issues with the goal of bridging the gap between the theory and practice of public policy. The institute’s strong track record of achievement reflects the work of its endowed fellows, Rice University faculty scholars and staff, coupled with its outreach to the Rice student body through fellow-taught classes — including a public policy course — and student leadership and internship programs. Learn more about the institute at www.bakerinstitute.org or on the institute’s blog, http://blogs.chron.com/bakerblog.