Directive Seeks To Coordinate Response to Oil, Gas Cyberattacks
A US presidential policy directive will treat companies targeted by cyberattackers as victims of a crime—and not automatically at fault—as the government looks to create an environment conducive to sharing information on cyberattacks, according to a former official with the US Federal Bureau of Investigation (FBI).
The Presidential Policy Directive 41 (PPD 41) on United States Cyber Incident Coordination, signed 26 July by President Obama and now in effect, establishes guidelines for how the US federal government will respond to cyberattacks launched against the public and private sectors.
This includes US companies across a number of industries, including oil and gas. The cybersecurity risks that oil and gas companies face continue to grow, according to the 2016 BDO report Oil & Gas Risk Factor. Risks associated with data breaches have grown from just 12% in 2012 to 74% in 2016, with cybersecurity proving to be a rapidly moving target as bad actors evolve and leverage increasingly sophisticated hacking methods, BDO stated in the report. BDO is an accounting and consulting firm that provides services to more than 400 publicly traded domestic and international clients.
“Cyberincidents are a fact of contemporary life, and significant cyberincidents are occurring with increasing frequency, impacting public and private infrastructure located in the United States and abroad,” the White House said in a 26 July press statement. “While the vast majority of cyberincidents can be handled through existing policies, certain cyberincidents that have more significant impacts on an entity, our national security, or the broader economy require a unique approach to response efforts,” the White House stated.