You are here  IT Management Risk Management

BP aligns IT with physical security to combat threats

john-paul kamath
Tuesday 26 June 2007 12:00

British Petroleum (BP) is to defend against global IT threats such as targeted attacks and industrial espionage by making its IT security departments work more closely with its corporate and physical security teams.

The petrochemicals multi­national plans to bring together more than 530 employees in the next two years from its IT, corporate and physical security divisions worldwide, to devise plans to protect the business globally.

The company aims to roll out best practices linking physical security to IT security across the company, checking, for example, if someone is logged on to their workstation against whether they are physically in the building.

The company said that this would allow it to manage security threats that begin in one part of the business but could go on to affect another area.

"Criminals will not attack just one part of our infrastructure, they will go after several parts to get us. As a company with global networks, it is important that we have a holistic approach to security," said Robert Martin, manager of digital security services at BP.

For example, Martin said physical attacks, such as planting explosives at an oil pipe, would require criminals to first steal pipeline blueprints stored on information networks. Conversely, if a worm infiltrated the network connections used to supply traders with information on the quality of oil, it could have "drastic effects" on its frontline operations, Martin said.

With joint planning between security teams, a physical attack could be prevented by securing access controls at an IT level.

"IT departments managing only IT security, without consulting with wider departments, leaves global businesses more vulnerable in the emerging threat landscape," Martin said.

He said that a challenge in securing the company's back-office networks would be mapping all possible connections to the IP networks used in processing oil. However, security will be speaking to senior management with a "collective voice", and this will improve the IT department's chances of being heard, he said.

Ruggero Contu, principal research analyst at Gartner, said that the sophistication and personalisation of attacks against global companies and government networks are increasing. Implementing a collective security strategy would rise to the top of many chief information security officers' agendas in the coming years, Contu added.

Firms fall short on security skills >>

IT chiefs call for security rethink >>

BP >>

Comment on this article: computer.weekly@rbi.co.uk