Energy sector turns to security firms to stop cyberattacks Credit: U.S. Department of Energy/AFP/Getty Images A growing industry of boutique security firms has emerged as oil and gas companies seek outside help to protect their networks from increasingly savvy and aggressive cyberattacks. Time and again security specialists reveal lingering national security threats in the form of highly vulnerable control systems for valves, pumps, pipelines and refineries in the U.S. Refiners and others are often found to be running facilities with outdated software and aging automated devices that have no built-in security measures, the Houston Chronicle reported. Some companies lack internal detection systems that would allow them to identify cyber intruders. “We almost always get in,” said Jason Larsen, who works for security firm IOActive, which has operations in more than 30 countries. “Most of the time we’re not detected.” Energy companies are turning to security firms to determine whether protocols and defensive software can withstand increasingly sophisticated global hackers, according to Larry Dannemiller, a cyber insurance broker for U.S. insurance firms. “Are all the dollars they’re spending actually making them more secure?” he said. “You have to test it.” Jim Guinn, global cybersecurity leader for energy at Accenture Security consulting in Houston, said he’s hacked numerous energy facilities, including Chilean mine operations, offshore platforms in the Indian Ocean and U.S. refineries. “There’s not a refinery, power generation facility, oil terminal or platform that doesn’t have technology on it that we haven’t been able to infiltrate,” Guinn said. His stark assessment comes as the energy industry in recent years has become more focused on outside attacks that could disrupt operations. Gary Leibowitz, a board member of the Houston chapter of InfraGard, which works on cybersecurity issues with the FBI, said energy executives before 2010 didn’t pay much attention to the dangers posed by hackers. But times have changed. “Companies are spending time and money on cybersecurity, and it’s across the board,” Leibowitz said.