In response to the growing threat from cyber-attacks, the oil and gas industry has announced the formation of an information sharing clearinghouse. The new group, known as the Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC), looks to facilitate the sharing of critical information among peers and competitors and to coordinate industry-wide responses to attacks. ONG-ISAC Chairman David Frazier explains that member companies will benefit from learning some of the “raw indicators” of malware and cybercrime activity reported by other member companies, even as specific details about a breach are omitted for confidentiality reasons. According to the new group’s website, more than half of the cyber incidents reported across all critical infrastructure sectors in the first half of fiscal year 2013 involved attacks on the energy sector.
A key aspect of the new program will be the ability of member companies to submit and receive information anonymously. Given the sensitive nature of this information, many companies, including the oil and gas industry, traditionally have been reluctant to share information about cyber-attacks. This lack of information sharing has resulted in inefficiencies as companies independently learn the same lessons again and again and fail to anticipate threats. Information-sharing hubs already exist in other industries, including the financial services industry and the electricity and water sectors.
All oil and natural gas industry companies and recognized trade associations in North America1 are eligible to join the group.
1 Trade association membership is subject to restrictions. See Oil and Natural Gas Information Sharing and Analysis Center, http://ongisac.org/ (last visited July 7, 2014).