Due to the current interdependency of the U.S. economy, an attack at a key point along a pipeline could actually disrupt communications, information technology and power as well as the petroleum and natural gas supplies that run through the pipes, according to Bobby R. Gillham, manager of global security for Conoco Inc. Environmental concerns over the past 20 years have forced interstate pipelines to not only carry natural gas and liquid petroleum products, but also fiber optic cable for communications, and power lines are run in the same rights of way, he said.

Back in 1998, a panel — on which Gillham was a member — studied the U.S. economy and identified eight critical infrastructures where the failure of any one of them would result in the collapse of the economy. The country’s oil, natural gas and power infrastructures were on the list. As a result, government agencies were given ownership of certain of these essential infrastructures and were asked to go out and have vulnerability and threat assessments done. The Department of Energy was given charge of the power, oil and natural gas infrastructures.

After two years of research, the panel found that the biggest vulnerabilities to the oil and gas infrastructure were information technology and telecommunications, Gillham told GasMart/Power 2002 attendees in Reno on Tuesday. “That is the backbone of our business,” he said. “Everything we do is e-commerce, everything we do is online. If we lose that ability, we don’t really have the ability to go back and do it the old way. It just doesn’t exist…We saw that as the number one vulnerability.

“Even after 9/11 — and there will be additional physical terrorist acts — I still see that as the greatest vulnerability,” Gillham said. “There has been information that the al Qaeda has focused some of its attention on doing research about how they can disrupt our economy and the world’s economy by attacking the telecommunications and the information technology arena.”

The panel in 1998 also found that globalization and business restructuring were areas of vulnerability. Gillham said many of the companies that U.S oil and gas corporations enter into partnerships with don’t have the kind of infrastructure that is found in the United States. “We don’t have the ability to do due diligence on companies and on individuals that we deal with there.” Business restructuring is also a vulnerability because of outsourcing and contractors, which may not feel the same loyalty as employees with regards to proprietary information, he warned.

Out of the study, several recommendations were issued in June 2001 to the energy industry. Gillham said that one of the recommendations was that the industry should conduct period vulnerability assessments of both physical and cyber security and include key business partners. “Of course, for the physical as well as cyber, we are running around like chickens with our head cut off now trying to do risk assessments and vulnerability assessments on all of our physical inventory within the energy infrastructures.”

Among other things, Gillham’s panel recommended that the energy industry do the following:

Since the report was issued in June, Gillham noted that an information sharing and analysis center (ISAC) has been set up. The system was set up to be a one-stop shop for instant threat, vulnerability and fix information for both physical and cyber situations. Although the group is membership-only with dues of $7,500 a year, there are now 20 member companies since its Nov. 1 start-up. ISAC’s initial members were Anadarko Petroleum Corp., BP, Conoco, Duke Energy, El Paso Corp., Enron, Halliburton, Peoples Energy, Phillips Petroleum Co. and Shell.

Gillham warned that while many power and gas companies are receiving requests from the Department of Energy and the Federal Bureau of Investigation for information on their company’s physical infrastructures, those agencies cannot protect that information because of the Freedom of Information Act, which allows the general public to acquire certain information in certain circumstances. “We want to share that information, but government has to show us that they can protect that information,” he said of companies’ refusal to share their security secrets.

In the wake of 9/11, Gillham said that Conoco has undertaken a $3 million security upgrade plan, and that only covers the money allotted for refineries.

©Copyright 2002 Intelligence Press Inc. All rights reserved. The preceding news report may not be republished or redistributed, in whole or in part, in any form, without prior written consent of Intelligence Press, Inc.