- Associated Press - Sunday, June 14, 2015

CHEYENNE, Wyo. (AP) - Wyoming energy firms need to be aware of the growing cybersecurity threats and take precautions against them, an FBI expert in the field said.

Michael Bobbitt, a supervisory special agent with the FBI, told attendees at the Wyoming Infrastructure Authority’s energy conference on Friday any business that uses computers faces the risk of being hacked or exposed to a cyberattack.

Bobbitt is the team leader for the FBI’s criminal and national cybersecurity squad in the agency’s Denver office.

But he said the energy industry, in particular, faces significant threats from activist hackers, state-sponsored groups that want to steal trade secrets and even terrorists.

Bobbitt said the largest threat is usually from an internal source, such as a disgruntled employee, who already has access to the company’s network.

But another threat comes from people or groups called “hacktivists,” who want to steal information or do damage to accomplish a social or political goal, he said.

Bobbitt said this group is especially hard to identify before an attack, the Wyoming Tribune Eagle reported (https://bit.ly/1KQvHnn).

“You will find hacktivists who are 15-year-old left-wing males and 90-year-old right-wing females,” he said. “You’ll find hacktivists who are against fracking and for fracking, and there are hacktivists who want to kill the seals and want to save the seals.

“So regardless of what you do, you are going to have people who don’t like what you are doing, and I know this is particularly applicable in Wyoming and the (energy) industry.”

Bobbitt said one of the greatest risks for the energy sector is from those who want to steal companies’ “intellectual property,” such as a proprietary way to drill a well.

But he said the thing that keeps him “up at night” is the potential for hackers to remotely manipulate equipment that could lead to real-world physical damages, such as a power plant explosion.

Bobbitt said one of the most frequent ways outside groups gain access to companies’ networks is through “spear phishing” scams.

These occur when someone sends an email while fraudulently posing as someone else in order to gain access to information or the network.

Bobbitt said these hackers will do “reconnaissance” beforehand to gain the target’s personal data so they appear to be a legitimate source.

That’s why one of his recommendations is to be aware of what public information is on public social networks, such as Facebook.

He also encouraged companies to create a response plan in case there is an attack.

“It can be simple,” he said. “It can be to contact the FBI, preserve evidence, et cetera, et cetera.”

Jefferson England, chief financial officer of Silver Star Communication, also spoke about security issues during the conference.

England, who is also a member of the National Security and Public Safety Committee of the U.S. Telecom Association, agreed that a response plan is critical since every second a network is down is a potential expense.

But he said it’s also important for companies to take preventive steps and perform risk-assessment studies.

“This is something that costs money, but as a CFO and risk manager, I look at it as any other type of risk-mitigation that we make as a company,” he said.

England said staying safe usually boils down to being disciplined when it comes to security and passwords.

“The core risks exist regardless of industry,” he said. “So for instance, I bet everyone in this room, one-third of you have a yellow sticky note on the inside of your drawer that has some password to something. And human access is where the biggest problems are.”


Information from: Wyoming Tribune Eagle, https://www.wyomingnews.com

Copyright © 2018 The Washington Times, LLC.

The Washington Times Comment Policy

The Washington Times is switching its third-party commenting system from Disqus to Spot.IM. You will need to either create an account with Spot.im or if you wish to use your Disqus account look under the Conversation for the link "Have a Disqus Account?". Please read our Comment Policy before commenting.


Click to Read More and View Comments

Click to Hide