By john-paul kamath
Tuesday 26 June 2007
British Petroleum (BP) is to defend against global IT threats such as
targeted attacks and industrial espionage by making its IT security
departments work more closely with its corporate and physical security
The petrochemicals multinational plans to bring together more than 530
employees in the next two years from its IT, corporate and physical
security divisions worldwide, to devise plans to protect the business
The company aims to roll out best practices linking physical security to
IT security across the company, checking, for example, if someone is
logged on to their workstation against whether they are physically in
The company said that this would allow it to manage security threats
that begin in one part of the business but could go on to affect another
"Criminals will not attack just one part of our infrastructure, they
will go after several parts to get us. As a company with global
networks, it is important that we have a holistic approach to security,"
said Robert Martin, manager of digital security services at BP.
For example, Martin said physical attacks, such as planting explosives
at an oil pipe, would require criminals to first steal pipeline
blueprints stored on information networks. Conversely, if a worm
infiltrated the network connections used to supply traders with
information on the quality of oil, it could have "drastic effects" on
its frontline operations, Martin said.
With joint planning between security teams, a physical attack could be
prevented by securing access controls at an IT level.
"IT departments managing only IT security, without consulting with wider
departments, leaves global businesses more vulnerable in the emerging
threat landscape," Martin said.
He said that a challenge in securing the company's back-office networks
would be mapping all possible connections to the IP networks used in
processing oil. However, security will be speaking to senior management
with a "collective voice", and this will improve the IT department's
chances of being heard, he said.
Ruggero Contu, principal research analyst at Gartner, said that the
sophistication and personalisation of attacks against global companies
and government networks are increasing. Implementing a collective
security strategy would rise to the top of many chief information
security officers' agendas in the coming years, Contu added.
Attend Black Hat USA, July 28-August 2 in Las Vegas,
the world's premier technical event for ICT security
experts. Featuring 30 hands-on training courses and
90 Briefings presentations with lots of new content
and new tools. Network with 4,000 delegates from
70 nations. Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on
June 1 so register today. http://www.blackhat.com