In the wake of hackers’ hijacking the Colonial Pipeline in May, industry experts are looking at how to improve cybersecurity measures in the vulnerable oil and gas industry.
Three oil and gas cybersecurity experts recently sat down with the Wall Street Journal to discuss what additional measures will be necessary to ensure the security of the energy sector in America.
Cybersecurity within the Energy Sector Falls Short
After the Colonial Pipeline hackers demanded a $4.4 million ransom in cryptocurrency, $2.3 million of which was recovered later by the Justice Department, the Transportation Security Administration (TSA) released an updated security directive addressing cybersecurity in the pipeline sector.
This directive requires pipeline operators and owners to report any potential cybersecurity attacks to the DHS Cybersecurity and Infrastructure Security Agency (CISA); to appoint a Cybersecurity Coordinator that is available 24/7; and to review current cybersecurity practices due within 30 days.
However, many experts believe this won’t be enough to protect one of the most vulnerable parts of the nation’s infrastructure.
Jim Guinn, global managing director for cybersecurity in energy, chemicals, utilities, and mining at Accenture Security, explained the current increased risks: “when you compare the full year 2020 to the first five months of 2021, there was a 42% increase in publicly known ransomware attacks against energy companies.”
The energy industry has gone from the 10th-most targeted sector in 2020 to the 4th currently, he added, with attacks increasing because, by and large, companies are paying the ransoms. That only incentivizes hackers to keep hacking.
Suzanne Lemieaux, manager of operations security and emergency-response policy for the American Petroleum Institute, believes that government-industry information-sharing needs to be better.
“There’s a lot of intelligence coming through right now that just doesn’t make its way to private-sector operators, who need it to make better defenses for their systems,” she said.
She believes that the information reported by the private sector to the TSA under the new directive must be made anonymous, then collated and shared back to the entire industry.
Chris Bronk, associate professor of computer information systems and information system security at the University of Houston, agrees, emphasizing that this information on hacking attacks and attempts must also be made accessible.
“Declassifying intelligence and rapidly kicking it out to entities that don’t have the capacity to process classified information is just impossible,” he explained.
He goes on to argue that it isn’t feasible to rely on the agencies to process and release information in a timely manner, and that the oil and gas industry will need to create its own standards. “If an industry wants to protect itself, it’s going to have to adopt an industrial-related set of activities,” he said.
Current complications that make regulations difficult are antitrust issues and the complex supply chain that includes a wide variety of companies of varying structures. There is no one-size-fits-all fix for regulators, which makes a standard of protections within cybersecurity extremely difficult and has left this particular sector extremely vulnerable.
Cybersecurity Investing with the UCYB ETF
The more hacking attempts made, the more potential there is for cybersecurity firms to grow and profit.
The ProShares Ultra Nasdaq Cybersecurity ETF (UCYB) is a leveraged ETF that tracks twice the daily returns of the Nasdaq CTA Cybersecurity Index, the same index as tracked by the First Trust Nasdaq Cybersecurity ETF (CIBR). The ETF in fact holds CIBR, then uses swaps contracts on that ETF to obtain leveraged exposure.
UCYB’s underlying benchmark tracks companies that build, implement, and manage security protocols for public and private networks that have a minimum market cap of $250 million. Within the index, no singular security can carry more than 6% weight; lower volume securities have even tighter weighting restrictions.
As a leveraged fund, UCYB carries different, greater risks than non-leveraged benchmarked funds, and should be actively monitored.
UCYB carries an expense ratio of 0.98%, with a contractual waiver that ends on 9/30/22.
For more news, information, and strategy, visit the Nasdaq Portfolio Solutions Channel.