Energy giants partner to thwart e-crime

Energy giants British Petroleum, Conoco, Duke Energy and ChevronTexaco have teamed up to share their expertise and alerts about cyber threats and physical assaults with the US government.

The companies have formed the Energy Information Sharing and Analysis Centre (EISAC), which is similar to other centres already established in the telecoms, banking, finance and IT industries.

The groups work in partnership with the National Infrastructure Protection Centre, which is part of the FBI.

Sarah Jensen, enterprise IT security manager at Duke Energy, and chairman of EISAC, explained that the group has an advisory committee made of up industry associations.

"We intend to target those associations as a vehicle to gain membership," she said, adding that the Centre also has support from the US Department of Energy.

EISAC members voluntarily report information to an industry-wide database of electronic security threats, vulnerabilities and incidents. The information can be reported anonymously or on an attributed basis.

The data is accessed with a secure ID token. With each membership, a company receives five tokens. "Once a person is notified of an alert, they must enter the secure data by way of the token password," said Jensen.

The Centre will establish baseline statistics and patterns on the various infrastructures and become a clearing house for information. By reporting incidents, vulnerabilities and threats, members will provide early recognition of trends and contribute to national security.

Companies in the oil, natural gas and electric power industries are eligible to join. Energy activities include exploration, production, processing, transmission, distribution and storage.

Members will have access to information and analysis relating to information provided by other members and obtained from other sources, such as the US government and law enforcement agencies, technology providers and security associations such as the Computer Emergency Response Team.

The data will be used to share incident information among members in near real time. It will also be used to develop trend and benchmarking information.