Industry Is Not Like Yesterday

Security Raised To a New Level

By KATHY SHIRLEY
EXPLORER Correspondent

WEB EXCLUSIVE

DPA has announced its awardees for 2002-2003. They are:

Life Member

Robert D. Cowdery, Wichita, Kan.

Distinguished Service Award

Robert W. Sabaté, New Orleans.

Howard Kiatta, Houston.

Certificate of Merit

Jack H. West, Bakersfield, Calif.

DPA Past President's Award

Royce P. Carr, Pentad Oil & Gas, Mt. Pleasant, Texas.

DPA Best Paper Award
(AAPG Annual Meeting, 2002)

John I. Howell III, Houston, for "Implementing Portfolio Management: Integrating Tools, Process and People."

Security issues were a hot topic even before Bobby Gillham stepped to the podium.

Gillham, manager of global security for ConocoPhillips, was the speaker for the annual Division of Professional Affairs luncheon -- and one day before his appearance, the world was rocked with the news of terrorist attacks in Saudi Arabia.

Gillham's timely talk updated attendees on the state of security in the energy industry following the 9/11 terrorist attacks.

"Managing security in the energy industry today is not like yesterday," Gillham said. "The tragic bombing in Saudi Arabia is the kind of thing we have to face.

"When I was retiring about 10 years ago from the FBI and starting out as a security official with a petroleum company I never expected to have a secret level national security clearance or a secure hotline to Washington, but I do now," he said.

That clearance comes with his service as sector coordinator in the government-industry partnership for the protection of critical infrastructures.

"Each critical infrastructure has such coordinators," he said, "and we work as a bridge between our industry and government to advise on ways to protect economically critical infrastructures and to improve cyber-security.

"Many of us have encrypted security devices now to receive classified vulnerability and threat information from the government and intelligence agencies," he added.

The energy industry does not have to start from scratch to protect itself, Gillham noted, but the industry does have to build and expand on what is already in place.

"The industry has always been concerned with safety and adopted some measures with safety in mind -- such things as dykes around fuel tanks or emergency evacuation plans -- which are useful against potential terrorist attacks," he said. "Likewise, the industry has always been concerned about keeping the wrong people off our premises.

"But, again, it is not like yesterday, and we do need new answers for new threats."

What are terrorists after now? Gillham noted that since 9/11, it appears terrorists have shifted targets.

"Al-Qaeda was talking about killing as many people as possible before 9/11, but after 9/11 their rhetoric shifted to threats against the economic infrastructure, or what Osama Bin Laden calls the joints of western economy," he said.

The energy industry has plenty of targets such as refineries, tankers, electrical power generators and nuclear reactors.

While Gillham does not view buried pipelines as particularly vulnerable, he said, "Blow up a refinery or two and the impact at the gas pump would be felt immediately.

"In the past 20 years, the number of refineries has been halved," he said. "Add to that the boutique fuels requirements and federal rules that require specialized gasoline formulas to be used in certain areas and you have a situation where if one or two refineries are knocked out, plants in other areas may not be able to pick up the slack."

Citing an example, ConocoPhillips is currently spending $5 million to enhance security at just one of its 14 refineries.

"As a general principle, we in industry can reinforce existing security measures to protect the perimeters of our facilities," Gillham said. "Also, we can do more to control access to our facilities through tougher screening and background checks of contractors as well as employees."

Another serious area of vulnerability in the energy industry -- as well as other sectors -- is cyber terrorism, or what some call the electronic Pear Harbor.

"We only have to remember the Love Bug virus that cost millions internationally for companies to try and repair their systems," he said. "And that was generated out of the Philippines by a 24-year old college dropout who said he did it accidentally. It wasn't a concentrated attack by terrorists.

"We know hostile rogue regimes have been working on terrorism by cyber warfare," he continued. "The energy sector depends on cyber activity heavily. Many systems today can be accessed through the Internet, and that makes us very vulnerable."

There is a great deal of effort between industry and government aimed at boosting security.

"Believe me, today government shares everything with us," he said. "For instance, there is a state department Web site where people can go to get the latest travel alerts and threats (www.travel.state.gov)."

Also:

• Information Sharing and Analysis Centers have been created for each of the critical infrastructures, where companies can go to get the latest threats.
• Legislation has been introduced that will mandate all companies in our industry do vulnerability assessments of their sites.

"Today," Gillham said, "government is interested in trying to make sure we are doing the proper things at our facilities."