In a recent interview with Rigzone, Jeremiah Talamantes of RedTeam Security discusses the potential impact of newly minted US policy and its potential impact on Critical Infrastructure, namely the Oil and Gas industry. The Presidential Policy Directive 41 (PPD 41) on the United States Cyber Incident Coordination, signed July 26 by President Obama and now in effect, establishes guidelines for how the U.S. federal government will respond to cyberattacks launched against the public and private sectors.
This includes U.S. companies across a number of industries, including oil and gas. The cybersecurity risks that oil and gas companies face continue to grow, according to the 2016 BDO "Oil & Gas Risk Factor" report. Risks associated with data breaches have grown from just 12 percent in 2012 to 74 percent in 2016, with cybersecurity proving to be a rapidly moving target as bad actors evolve and leverage increasingly sophisticated hacking methods, BDO stated in the report. BDO is an accounting and consulting firm that provides services to over 400 publicly traded domestic and international clients.
The oil and gas industry should mainly be concerned with Section V(B)b of PPD 41, Talamantes told Rigzone. In his opinion, this section suggests significant involvement of multiple federal agencies in a time of a "significant cyber incident".
"Additionally, the way this type of incident is broadly defined within this document, there are a lot of instances where the federal government could justify its involvement, oversight and presumably regulation," Talamantes explained. "The bottom line for the operator here is they will be hit with increased costs, liability and public exposure, as well as future regulatory problems."
Jeremiah Talamantes – Cyber Security Expert – RedTeam Security