BP locking down personal devices in the face of cyber warfare

Outgoing CIO Dana Deasy said the threat from cyber is "incredibly real"

Oil giant BP is currently having a "big internal debate" about how it can lock down personal computers without losing out on flexibility for employees, as a direct result of the increasing threat of cyber attacks.

Outgoing CIO Dana Deasy was speaking at Gartner's Symposium in Barcelona this week where he said that 40 percent of worldwide cyber attacks are in the energy sector and that the threat has "quietly been getting worse and worse".

"Talk about reinventing yourself in real time - you're moving from a world where you want to keep the bad guys out, to a reality of what happens if they do get in and what's the game plan?" said Deasy.

"You almost have to set your organisation to think about dealing with the art of warfare, because you are dealing in a different world with a different sort of adversary."

He explained that the threat to BP is "incredibly real" and that it is coming from both organised crime networks, as well as state sponsored attacks. However, it is the latter of the two that is real cause for concern.

"[State sponsored attacks] are the ones that we are most concerned about, because the nature of them is that they aren't necessarily about causing you harm today, or even tomorrow, but some day in the future. Or they don't even want you to know that they are there," said Deasy.

"You are dealing with an adversary that is incredibly well organised, incredibly sophisticated - tens of thousands of them - and you may not always understand what they are after."

Deasy insisted that although this hasn't changed BP's 'big thinking' or stifled its innovation, it has sparked an internal debate around how it can lock down personal devices and restrict what employees do on them.

"We are having no choice but to lock down and make more restrictive what people can do with the personal computer, which is kind of ironic when you think about that term when it was created - the idea that it was personal," he said.

"By locking it down you obviously take away flexibility. So it's about getting this incredibly difficult balance right between flexibility and freedom, of allowing people to do their jobs and protecting the firm. It's something we have to work with every day."

Finally, Deasy said that in his time at BP the focus on cyber and risk management has got increasingly intense, where he now spends up to 20 percent of his working week assessing the potential outcome of a serious crisis.

"If you had asked me six years ago about the time I would have spent worrying about risk and crisis management - I would have said it was the annual desktop exercises, the quarterly risk reviews, and maybe a little challenge with your team," he said.

"Today risk is becoming a greater part of your weekly agenda, I would say today I probably spend 20 percent of my time dealing in some form of risk - either in government discussions, board discussions, senior executive discussions, or team discussions, just working through what crisis management would look like, what would disaster recovery look like, and how the world of that unknown would play out."

Deasy recently announced his departure from BP and is set to join JP Morgan as CIO. He is to be replaced by Mike Gibbs, who is currently CIO and VP of BP's refining and marketing business.

Join the CSO newsletter!

Error: Please check your email address.

Tags GartnerBPsecurityCIO

More about Dana AustraliaGartnerJP MorganMorgan

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Derek du Preez

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts