As prices rise, oil companies drill down on industrial cyber security

A refinery along highway 225 Wednesday, Jan. 25, 2017, in Dear Park. (James Nielsen/Houston Chronicle)

In recent months, more U.S. oil company boards have demanded IT managers prove refineries and drilling rigs are protected against cyberattacks, the chief of a security firm says.

Rising oil prices and increased awareness of industrial cyber threats seem to have spurred new corporate-level maneuvers this year to secure computer controls that run energy facilities, said Barak Perelman, chief executive of Israeli cyber security firm Indegy. At some oil companies, he said, chief information security officers now spend a quarter of their monthly security committee meetings discussing so-called industrial control systems, the devices that control oil and gas equipment.

“They’re being given budgets for industrial cyber security,” Perelman said on Friday. “In all my conversations, nobody has said ‘yes, but oil prices.’ I heard that a lot last year.”

Related: Energy industry’s controls provide alluring target for cyberattacks

Perelman, who moved from Israel to New York this year because of increasing demand for industrial cyber security in the United States, said he spends most of his time teaching IT professionals how to tackle the security of devices manufactured by Siemens, Honeywell and Emerson – so different from the Microsoft and Apple computers they know well.

Before 2017, “when we talked to oil companies in Texas, we were mainly talking with control systems engineers who understood the ins and outs of everything, but they didn’t care much about security,” Perelman said. “They didn’t have the budgets for it. It wasn’t their role. In the last few months, we’ve seen more IT corporate security get demands for proof the facilities are protected.”

Related: Put to the test, cybersecurity experts easily infiltrate energy companies’ networks