DHS-led exercise combines critical cybersecurity practices

December 18 '06: 13 critical infrastructure organizations have partnered with the Department of Homeland Security for a year-long program to address cybersecurity for the oil and gas industry Government Computer News reported. The project is called "Linking the Oil and Gas Industry to Improve Cybersecurity (LOGIIC)" and it is a joint partnership between DHS and security vendors, research labs, and industry officials.

According to Doug Maughan, the program manager for cybersecurity research and development at DHS, "The goal was to come up with technology, then demonstrate that technologies that could reduce vulnerabilities in infrastructure. Oil and gas should be commended for doing just that," GCN reported.

Government and industry officials worry that a well-planned cyberattack against the nation's power grid, or petroleum transporting facilities' computer systems could result in a national shut-down of services. Recent examples of the nation's vulnerable power grid include the Northeast Blackout on April 14, 2003 "that left 50 million customers and parts of eight states and Canada without power," GCN continued.

That blackout cost more than $7 to $10 billion in financial losses. And while the blackout was an accident not related to terrorism, officials worry that an attack could happen unless they work to mitigate the threat and the subsequent damages.

At its heart, LOGIIC provides a graphical interface for power operators to monitor the electrical or gas delivery system to help them search for vulnerabilities. Using protocols set up to help guide them, the operators are able to pinpoint weaknesses in the grids and then move to secure those points.

Cooperating with the federal government and the private sector, industry officials told GCN that they have a better understanding and preparedness process that they can develop. Partners in the program include, Chevron, CITGO Petroleum, BP, Ergon Refining, Sandia National Laboratories, SRI International, Adventum Labs, ArcSight, Honeywell, OMNI Flow Computers, Symantec, and Telvent.