DOCSLIB.ORG

The Internet of Things—Privacy and Security Risks and Solutions

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
The Internet of Things—Privacy and Security Risks and Solutions LACBA LACBA Privacy and Cybersecurity Section Newsletter Summer 2021 Back to newsletter main page > The Internet of Things—Privacy and Security Risks and Solutions By Zachary Lochner and Nicolas Batara During the last decade, Internet of Things (IoT)1 devices have become integral in a variety of markets and are poised to rapidly grow. Worldwide spending on IoT, by at least one estimate, may surpass $1 trillion in 2022, with 41.6 billion connected IoT devices generating 79.4 zettabytes of data by 2025.2 IoT devices range from consumer products to critical infrastructure (energy and transportation) to industrial applications (Industrial Internet of Things [IIoT]) to medical technology (Internet of Medical Things [IoMT]). The proliferation of IoT devices introduces a kinetic problem (i.e., they enable physical action in the real world). The challenges with all IoT devices, whether in consumer products, industrial controls, health care, agriculture, transportation, or other infrastructure, can have substantial, direct consequences on privacy, safety, and security. IoT devices create a powerful platform for cyberattacks and increase privacy, safety, and security risks in the different areas using these devices. Software engineering best practices are core defense tools for securing threat vectors associated with IoT.3 The Open Source Foundation for Application Security Project®4 identified the top IoT critical security risks: insufficient privacy protections; weak or hardcoded passwords; insecure or outdated components; insecure network services, data transfer, storage, and default settings; lack of secure update mechanisms, device management, and physical hardening; and insecure default settings.5 Such weaknesses may allow unauthorized access to IoT devices, causing potentially nefarious or nuisance actions or high-impact security incidents, including malware exploiting wormable vulnerabilities, resulting in catastrophic impacts across an entire organization. Personal data security has been a concern for decades. Since IoT devices store personal user data, consumer IoT devices are vulnerable targets for malware, viruses, and botnet attacks.6 For example, the Mirai botnet was responsible for distributed denial of service (DDoS) attacks that infected 1 IoT can be defined simply as “[a] network of items —each embedded with sensors—which are connected to the Internet.” Recommendation ITU-T Y.4000/Y.2060. International Telecommunication Union, 2012. 2 Dignan L. “IoT devices to generate 79.4ZB of data in 2025, says IDC,” ZDNet, June 18, 2019. https://www.zdnet.com/article/iot-devices-to-generate-79-4zb-of-data-in-2025-says-idc/ 3 D’Andrade B. ed. (2021). Software Engineering: Artificial Intelligence, Compliance, and Security. Nova Science Publishers. 4 The Open Web Application Security Project® is a non-profit organization with the goal of improving the security of software. https://owasp.org/. 5 “OWASP Internet of Things Top10.” https://wiki.owasp.org/index.php/OWASP_Internet_of_Things_Project #tab=IoT_Top_10. 6 The National Vulnerability Database, the United States government’s repository of standards-based vulnerability data, reported vulnerabilities in drones, toys, cameras, and intimate devices, among other devices. Valente J, Wynn A, Cardenas AA. “Stealing, Spying, and Abusing: Consequences of Attacks on Internet of Things Devices.” IEEE Security & Privacy 17(5):10-21, 2019. doi: 10.1109/msec.2019.2924167; “OWASP Internet of Things Top10,” 2018. https://wiki.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=IoT_Top_10. webcams, digital video recorders, and routers before deducing administrative credentials of other IoT devices that together could generate terabits of data per second to the hackers.7 Specifically, home area network (HAN) IoT devices are frequently networked wirelessly using the home’s internet access point, most commonly in the form of a Wireless Local Area Network (WLAN) router. This WLAN connection is an attack vector for malicious actors since they will gain access to all the networked IoT devices within the HAN. Thus, one layer of protection to minimize security risk is to ensure that the HAN is password protected and the WLAN updated to the latest Wi-Fi encryption as per the Institute of Electrical and Electronics Engineer (IEEE) 802.11 standard.8 Furthermore, cybersecurity threats to IIoT pose a significant safety risk. IIoT devices comprise automated machine-to-machine technology to sense, collect, process, and communicate real-time events in industrial systems.9 In December 2015, a cyberattack on the power grid in Ukraine started with phishing emails containing malicious Microsoft Office files with embedded malware— BlackEnergy—that allowed network reconnaissance and the theft of privileged credentials. The attackers remotely seized control of a supervisory control and data acquisition system and shut off the electric power to 230,000 residents.10 In the United States, the widespread and continuing deployment of smart-grid electric infrastructure11 creates security risks since the advanced meter infrastructure is IoT-based and ultimately will consist of millions of devices, creating a vast surface for a cyberattack. There are potentially devastating effects on the reliability of widespread infrastructure, given the potential for a cascading shut down of the electricity grid.12 The recent ransomware attack by DarkSide on the Colonial Pipeline, which controls the flow of approximately half the supply of gasoline and diesel and jet fuel between Texas and New Jersey, revealed that while the company believed the pipeline’s operations were isolated from the data systems, this was not the case. Colonial Pipeline had to shut down the pipeline to prevent malware from spreading to the pipeline’s operating system. It also revealed the weakness inherent in critical infrastructure held by private companies that employ insufficient safeguards to protect their systems from cyberattacks.13 The Transportation Security Administration (TSA) in the Department of Homeland Security previously addressed cyberattacks in this industry only with voluntary guidelines, which were first issued in 2010 and last updated in 2018, but in response to this attack, will issue mandatory regulations.14 As a first step, they will require pipeline companies to have an officer in charge with 7 Kolias C, Kambourakis G, Stavrou A, Voas J. “DDOS in the IoT: Mirai and Other Botnets.” Computer 50(7):80-84, 2017. 8 He C, Mitchell JC, “Security Analysis and Improvements for IEEE 802.11i.” Proceedings of the Network and Distributed System Security Symposium, NDSS 2005, San Diego, California, USA. https://theory.stanford.edu/~jcm/papers/NDSS05.pdf 9 Khan WZ, Rehman MH, Zangoti HM, Afzal MK, Armi N, Salah K. “Industrial internet of things: Recent advances, enabling technologies and open challenges.” Computers & Electrical Engineering 81:106522, 2020. doi: 10.1016/j.compeleceng.2019.106522; UL Computer Techology. “An Introduction to the Internet of Things.” https://ctech.ul.com/en/knowledge-center/an-introduction-to-the-internet-of-things/. 10 https://us-cert.cisa.gov/ics/alerts/IR-ALERT-H-16-056-01 11 Saleem Y, Crespi N, Rehmani MH, Copeland R. “Internet of Things-Aided Smart Grid: Technologies, Architectures, Applications, Prototypes, and Future Research Directions.” IEEE Access 7:62962-63003, 2019. doi: 10.1109/access.2019.2913984; Kimani K, Oduol V, Langat K. “Cyber security challenges for IoT-based smart grid networks.” International Journal of Critical Infrastructure Protection 25:36-49, 2019. doi: https://doi.org. 12 Kimani, Kenneth, Vitalice Oduol, and Kibet Langat. 2019. “Cyber security challenges for IoT-based smart grid networks.” International Journal of Critical Infrastructure Protection 25:36-49. doi: https://doi.org/10.1016/j.ijcip.2019.01.001. 13 “Pipeline attack yields urgent lessons about US Cybersecurity,” New York Times, May 14, 2021. https://www.nytimes.com/2021/05/14/us/politics/pipeline-hack.html. 14 The Department of Transportation was responsible for pipeline security until 2002 when the TSA took over; until 2010, their main focus was on the physical security of the pipelines from terrorist attacks rather than from direct access to TSA and the Cybersecurity and Infrastructure Security Agency (CISA) to report any cyber breaches. In addition, the TSA, in coordination with CISA, will develop mandatory rules for pipeline companies to follow to protect their systems from cyberattacks. These rules will include an assessment of gaps between existing security and cybersecurity guidelines and fixing those gaps, as well as mandatory steps to follow if attacks do occur.15 In addition to government actions such as the new TSA/CISA regulations, risks may be mitigated by compliance with standards, laws, frameworks, and guidelines put forth by standards organizations, professional groups, and government bodies, such as ASTM International, the IEEE, Underwriter Laboratories, and the National Institute for Standards and Technology (NIST).16 NIST recommends IoT device manufacturers undertake pre-market and post-market activities: 1) identify expected customers, users, and use cases; research and address customer cybersecurity needs and goals; and plan for adequate customer support and communication. NIST further identifies core capabilities for IoT products: device identification and configuration; data protection; logical access to interfaces; software updates; and cybersecurity awareness.17 Additionally, generally-accepted practices
Load more

Recommended publications
  • Detailed List of 2018 Investments
    FOR THE YEARS ENDED DECEMBER 31, 2018 & DECEMBER 31, 2017 PREPARED BY The Finance Department of the Illinois Municipal Retirement Fund OAK BROOK OFFICE 2211 York Road, Suite 500, Oak Brook, IL 60523-2337 SPRINGFIELD REGIONAL COUNSELING CENTER 3000 Professional Drive, Suite 101, Springfield, IL 62703-5934 CONTACT IMRF 1-800-ASK-IMRF (275-4673) www.imrf.org Brian Collins Executive Director At IMRF we REAACH for our goals. These values guide IMRF to REAACH our mission, vision, and goals. They define how we work and shape the expectations we have for our organization. Through our commitment to these values, our members, employers, and stakeholders across Illinois and beyond can feel confident in IMRF as a world-class pension provider. FOR THE YEARS ENDED DECEMBER 31, 2018 & DECEMBER 31, 2017 PREPARED BY The Finance Department of the Illinois Municipal Retirement Fund IMRF MISSION OAK BROOK OFFICE STATEMENT 2211 York Road, Suite 500, Oak Brook, IL 60523-2337 To efficiently and impartially develop, implement, and administer programs SPRINGFIELD REGIONAL COUNSELING CENTER that provide income protection to 3000 Professional Drive, Suite 101, members and their beneficiaries on Springfield, IL 62703-5934 behalf of participating employers, in a prudent manner. CONTACT IMRF 1-800-ASK-IMRF (275-4673) www.imrf.org Brian Collins Executive Director At IMRF FIXED INCOME U.S. Securities Corporate Bonds Interest Market Asset Description Maturity Date Par Value Cost Value Rate Value 1 Mkt Plaza Tr 3.85% 02/10/2032 $ 605,000 $ 623,147 $ 604,812 1st Horizon
    [Show full text]
  • BPC-2012-PRS-20-2012-V1 Workshops Contractstrategy.Pdf
    Contract Strategy Critical to Your Project’s Success Agenda Introductions Safety Moment Sub-committee Scope Workshop Scope Exercise # 1 Business Need Exercise #2 Wrap-up Our Team Bill Somerville, Nexen Randy Bignell, Bantrel Jason Bobier, Nexen John Taylor, Corporate-Commercial Lawyer Nicola Haig, Athabasca Oil Paul Bourque, Clearstream Safety Moment Share the Road! Committee Scope Develop a Best Practice for the Development and Selection of Contracting Strategies for Capital Projects Encourage Owners and Contractors to Utilize the Recommended Best Practice Our Objective To improve capital project execution through the use of a (Contracting Strategy) best practice that will facilitate the selection of the appropriate contract, which is designed to increase the probability of: achieving project goals; and successfully completing the project Workshop Scope Communicate our objectives, scope and work done to date; and Obtain your feedback and support Exercise #1 Industry Checkup Have you ever been on a project that went completely sideways? Was it the other guy’s fault? Were you slightly, slightly, slightly to blame? Could the project have been planned, set up, and contracted in such a way to improve the project’s outcomes? Business Need Research has shown that if undertaken at the beginning of a project: •Effective risk assessment; and subsequent •Contract Strategy including: •Assignment of Contract Scopes; •Interfaces Split; and •Contract Terms Will have a better chance of being •Fit for purpose •Flexible •Able to
    [Show full text]
  • OR18-9-000 White Cliffs Pipeline, L.L.C
    173 FERC ¶ 61,155 UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Before Commissioners: James P. Danly, Chairman; Neil Chatterjee and Richard Glick. White Cliffs Pipeline, L.L.C. Docket No. OR18-9-000 OPINION NO. 573 ORDER ON INITIAL DECISION (Issued November 19, 2020) This order addresses briefs on and opposing exceptions to an Initial Decision issued on September 12, 2019 concerning the application for market-based rate authority of White Cliffs Pipeline, L.L.C. (White Cliffs).1 The Initial Decision found that White Cliffs lacks market power in the origin market and recommended that the Commission grant White Cliffs’ application. As discussed below, although we modify the Initial Decision’s findings regarding the product market, we affirm the Initial Decision’s finding that White Cliffs lacks market power in the applicable market and grant White Cliffs’ application for market- based rate authority. I. Background White Cliffs owns and operates a 527-mile common carrier crude oil pipeline system that consists of two parallel 12.75-inch pipelines capable of transporting crude oil from Platteville, Colorado, and Healy, Kansas, to Cushing, Oklahoma (White Cliffs Pipeline).2 White Cliffs is a joint venture majority-owned by Rose Rock Midstream, L.P., a wholly-owned subsidiary of SemGroup Corporation.3 At the time White Cliffs filed for market-based rate authority, White Cliffs Pipeline had a capacity of 185,000 barrels per day. During the pendency of this case, White Cliffs converted one of its pipelines from transporting crude oil to transporting natural gas liquids, which reduced 1 White Cliffs Pipeline, L.L.C., 168 FERC ¶ 63,033 (2019) (Initial Decision).
    [Show full text]
  • The Dark Side of the Attack on Colonial Pipeline
    “Public GitHub is 54 often a blind spot in the security team’s perimeter” Jérémy Thomas Co-founder and CEO GitGuardian Volume 5 | Issue 06 | June 2021 Traceable enables security to manage their application and API risks given the continuous pace of change and modern threats to applications. Know your application DNA Download the practical guide to API Security Learn how to secure your API's. This practical guide shares best practices and insights into API security. Scan or visit Traceable.ai/CISOMag EDITOR’S NOTE DIGITAL FORENSICS EDUCATION MUST KEEP UP WITH EMERGING TECHNOLOGIES “There is nothing like first-hand evidence.” Brian Pereira - Sherlock Holmes Volume 5 | Issue 06 Editor-in-Chief June 2021 f the brilliant detective Sherlock Holmes and his dependable and trustworthy assistant Dr. Watson were alive and practicing today, they would have to contend with crime in the digital world. They would be up against cybercriminals President & CEO Iworking across borders who use sophisticated obfuscation and stealth techniques. That would make their endeavor to Jay Bavisi collect artefacts and first-hand evidence so much more difficult! As personal computers became popular in the 1980s, criminals started using PCs for crime. Records of their nefarious Editorial Management activities were stored on hard disks and floppy disks. Tech-savvy criminals used computers to perform forgery, money Editor-in-Chief Senior Vice President laundering, or data theft. Computer Forensics Science emerged as a practice to investigate and extract evidence from Brian Pereira* Karan Henrik personal computers and associated media like floppy disk, hard disk, and CD-ROM. This digital evidence could be used [email protected] [email protected] in court to support cases.
    [Show full text]
  • Matching Gift Programs * Please Note, This List Is Not All Inclusive
    Companies With Matching Gift Programs * Please note, this list is not all inclusive. If your employer is not listed, please check with human resources to see if your company matches and the guidelines for matches. A AlliedSignal Inc. Archer Daniels Midland 3Com Corporation Allstate Foundation, Allstate Giving ARCO Chemical Co. 3M Company Altera Corp. Contributions Program Ares Advanced Technology AAA Altria Employee Involvement Ares Management LLC Abacus Capital Investments Altria Group Argonaut Group Inc. Abbot Laboratories AMB Group Aristokraft Inc. Accenture Foundation, Inc. Ambac Arkansas Best Corporation Access Group, Inc. AMD Corporate Giving Arkwright Mutual Insurance Co. ACE INA Foundation American Express Co. Armco Inc. Acsiom Corp. American Express Foundation Armstrong Foundation Adams Harkness and Hill Inc. American Fidelity Corp. Arrow Electronics Adaptec Foundation American General Corp. Arthur J. Gallagher ADC Foundation American Honda Motor Co. Inc. Ashland Oil Foundation, Inc. ADC Telecommunications American Inter Group Aspect Global Giving Program Adobe Systems Inc. American International Group, Inc. Aspect Telecommunications Associates ADP Foundation American National Bank and Trust Co. Corp. of North America A & E Television Networks of Chicago Assurant Health AEGON TRANSAMERICA American Standard Foundation Astra Merck Inc. AEP American Stock Exchange AstraZeneca Pharmaceutical LP AES Corporation Ameriprise Financial Atapco A.E. Staley Manufacturing Co. Ameritech Corp. ATK Foundation Aetna Foundation, Inc. Amgen Center Atlantic Data Services Inc. AG Communications Systems Amgen Foundation Atochem North America Foundation Agilent Technologies Amgen Inc. ATOFINA Chemicals, Inc. Aid Association for Lutherans AMN Healthcare Services, Inc. ATO FINA Pharmaceutical Foundation AIG Matching Grants Program Corporate Giving Program AT&T Aileen S. Andrew Foundation AmSouth BanCorp.
    [Show full text]
  • Pipeline's Shutdown Exposes Cyber Threat to Power Sector
    P2JW130000-5-A00100-17FFFF5178F ADVERTISEMENT Wonderingwhatitfeels like to finally roll over your old 401k? Find outhow our rolloverspecialists canhelpyou getthe ball rolling on page R6. ***** MONDAY,MAY 10,2021~VOL. CCLXXVII NO.108 WSJ.com HHHH $4.00 Last week: DJIA 34777.76 À 902.91 2.7% NASDAQ 13752.24 g 1.5% STOXX 600 444.93 À 1.7% 10-YR. TREASURY À 16/32 , yield 1.576% OIL $64.90 À $1.32 EURO $1.2163 YEN 108.59 Kabul Mourns Victims of Attack That Struck at Schoolgirls Shoppers What’s News Feel Bite As Prices Business&Finance Begin mericans accustomed Ato years of low infla- tion are beginning to pay To Climb sharply higher prices for goods and services as the economy strains to rev up Companies arepassing and the pandemic wanes. A1 on the pain of supply Investors in search of shortages and rising higher returns and lower taxes are scooping up debt costsof ingredients sold by stateand local gov- S ernments, pushing borrowing PRES BY JAEWON KANG coststonear-recordlows. A1 TED Star Entertainment OCIA Americans accustomed to SS said it wantstomerge with /A yearsoflow inflation arebegin- casino operator CrownRe- ning to paysharply higher sorts, which has also re- ZUHAIB prices forgoods and services as ceived asweetened bid M the economystrains to revup from Blackstone Group. B1 and the pandemic wanes. MARIA GRIEF:MournersonSundayattendafuneral forone of 53 people killedSaturdayinabombing thattargetedschoolgirls in a Pricetagsonconsumer Policymakers debated the predominantly Shiiteneighborhood in Kabul. The Afghan president blamedthe Taliban. The Taliban deniedresponsibility.A8 goods from processed meat to root cause of a growing dishwashing productshave shortage of workers that risen by double-digit percent- threatens to restrain the pace ages from ayear ago, according of U.S.
    [Show full text]
  • FUNDS INC Form NQ Filed 2013-01-28
    SECURITIES AND EXCHANGE COMMISSION FORM N-Q Quarterly schedule of portfolio holdings of registered management investment company filed on Form N-Q Filing Date: 2013-01-28 | Period of Report: 2012-11-30 SEC Accession No. 0000898745-13-000024 (HTML Version on secdatabase.com) FILER PRINCIPAL FUNDS INC Mailing Address Business Address PRINCIPAL FINANCIAL 650 8TH STREET CIK:898745| IRS No.: 000000000 | State of Incorp.:MD | Fiscal Year End: 1031 GROUP DES MOINES IA 50392-2080 Type: N-Q | Act: 40 | File No.: 811-07572 | Film No.: 13550514 DES MOINES IA 50392 515-248-4745 Copyright © 2013 www.secdatabase.com. All Rights Reserved. Please Consider the Environment Before Printing This Document UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, DC 20549 FORM N-Q QUARTERLY SCHEDULE OF PORTFOLIO HOLDINGS OF REGISTERED MANAGEMENT INVESTMENT COMPANY Investment Company Act file number 811-07572 Principal Funds, Inc. (Exact name of registrant as specified in charter) 711 High Street, Des Moines, IA 50392-2080 (Address of principal executive offices) Principal Management Corporation, Des Moines, IA 50392-2080 (Name and address of agent for service) Registrants telephone number, including area code:515-247-6783 Date of fiscal year end: August 31, 2013 Date of reporting period: November 30, 2012 Copyright © 2013 www.secdatabase.com. All Rights Reserved. Please Consider the Environment Before Printing This Document ITEM 1 SCHEDULE OF INVESTMENTS Schedule of Investments Blue Chip Fund November 30, 2012 (unaudited) COMMON STOCKS - 99.62% Shares
    [Show full text]
  • Billing Code: 6750-01S
    This document is scheduled to be published in the Federal Register on 11/03/2015 and available online at http://federalregister.gov/a/2015-27992, and on FDsys.gov BILLING CODE: 6750-01S Federal Trade Commission Granting Of Request for Early Termination Of The Waiting Period Under The Premerger Notification Rules Section 7A of the Clayton Act, 15 U.S.C.§ 18a, as added by Title II of the Hart-Scott- Rodino Antitrust Improvements Act of 1976, requires persons contemplating certain mergers or acquisitions to give the Federal Trade Commission and the Assistant Attorney General advance notice and to wait designated periods before consummation of such plans. Section 7A(b)(2) of the Act permits the agencies, in individual cases, to terminate this waiting period prior to its expiration and requires that notice of this action be published in the Federal Register. The following transactions were granted early termination -- on the dates indicated -- of the waiting period provided by law and the premerger notification rules. The listing for each transaction includes the transaction number and the parties to the transaction. The grants were made by the Federal Trade Commission and the Assistant Attorney General for the Antitrust Division of the Department of Justice. Neither agency intends to take any action with respect to these proposed acquisitions during the applicable waiting period. 1 Early Terminations Granted March 1, 2015 thru September 30, 2015 03/03/2015 20150580 G FMR LLC ; The Guardian Life Insurance Company of America ; FMR LLC 03/06/2015 20150597 G Accenture plc ; Robert E LaRose Revocable Trust ; Accenture plc 20150614 G Hitachi Ltd.
    [Show full text]
  • ESG Report Download the Complete
    CREATING SUSTAINABLE VALUE PROGRESS THROUGH PARTNERSHIP 2012 ESG AND CITIZENSHIP REPORT Achieving Meaningful Progress The world continues to change and we do too. As operating conditions and stakeholder expectations have transformed over recent years, KKR’s approach to investing has evolved also. As part of this evolution, we have worked to thoughtfully incorporate environmental, social, and governance (ESG) factors in our decision- making processes. We know that our decisions can have enormous impacts on companies and communities, and believe that the inclusion of ESG considerations leads to smarter, more responsible investing. We also believe that by being smarter investors, we can better achieve our greatest social impact, which are the returns generated for millions of retirees and pensioners around the world. This 2012 ESG report, our third annual, demonstrates our progress, highlights our partners who make this work possible, and lays out our vision for the future. Thank you for being with us onCREATING this journey as we work to improve uponSUSTAINABLE the foundation we have built. VALUE PROGRESS THROUGH PARTNERSHIP ACHIEVING MEANINGFUL PROGRESS 1 KKR at a Glance 2 KKR by the Numbers 4 Letter From Our Founders 7 2012 ESG Progress and Highlights 9 SECTION 1: OUR COMMITMENT AND APPROACH 10 The Importance of ESG Management 11 Identifying Shared Priorities 12 Engaging Our Stakeholders 13 Our Approach to ESG Management in Private Equity 14 Partnerships for ESG Expertise 16 Private Equity’s Role in a Healthy Global Economy 19 SECTION
    [Show full text]
  • KKR Annual Report
    THE POWER OF PARTNERSHIP 2010 ANNUAL REPORT KKR 2010 ANNUAL REPORT A 01 THE POWER OF PARTNERSHIP 18 LETTER TO UNITHOLDERS 25 FINANCIAL OVERVIEW 30 BUSINESS OVERVIEW 32 ENVIRONMENTAL, SOCIAL AND GOVERNANCE OVERVIEW 34 VALUES 36 KKR LEADERSHIP 37 CONSOLIDATED FINANCIAL REVIEW 100 UNITHOLDER INFORMATION B KKR 2010 ANNUAL REPORT Partnership POWERS MOVES CONNECTS PAYS ENERGIZES FLAVORS GROWS CARES NOURISHES COMFORTS FERMENTS BUILDS SECURES AND GUIDES everything we do. INVESTMENT EXPANDED DEVELOPMENT FROM 1 WELL TO 75 NEW WELLS PARTNERSHIP POWERSEast Resources mansfield, pennsylvania 2 KKR 2010 ANNUAL REPORT KKR 2010 ANNUAL REPORT 3 New technology has transformed the world’s energy supply by enhancing successful and safe exploration for natural gas from shale rock formations. Recognizing this revolutionary change, our energy team identified East Resources, Inc., a leading oil and gas company with a stable portfolio of produc­ ing assets and more than 650,000 net acres of highly contiguous, operated acreage in some of the most attractive areas of the Marcellus Shale in Pennsylvania. East’s regional concentration and entrepreneurial approach provided operational and cost advantages that made it an attractive invest­ ment. In June 2009, KKR invested $330 million in East through a convertible security, which enabled the company to expand development — drilling 75 horizontal wells, compared to only one horizontal well prior to KKR’s investment. This expanded development demonstrated the value of East’s asset position. In late 2010, Royal Dutch Shell Plc acquired East for $4.7 billion, a $1.2 billion gain for KKR and our investors. 2 KKR 2010 ANNUAL REPORT KKR 2010 ANNUAL REPORT 3 BMG Rights Management berlin, germany BMG Rights Management (“BMG”) is a joint venture between KKR and Bertelsmann, an international media company active in more than 50 countries, to develop a global music rights management business.
    [Show full text]
  • Private Equity 14 Partnerships for ESG Expertise 16 Private Equity’S Role in a Healthy Global Economy
    CREATING SUSTAINABLE VALUE PROGRESS THROUGH PARTNERSHIP 2012 ESG AND CITIZENSHIP REPORT Achieving Meaningful Progress The world continues to change and we do too. As operating conditions and stakeholder expectations have transformed over recent years, KKR’s approach to investing has evolved also. As part of this evolution, we have worked to thoughtfully incorporate environmental, social, and governance (ESG) factors in our decision- making processes. We know that our decisions can have enormous impacts on companies and communities, and believe that the inclusion of ESG considerations leads to smarter, more responsible investing. We also believe that by being smarter investors, we can better achieve our greatest social impact, which are the returns generated for millions of retirees and pensioners around the world. This 2012 ESG report, our third annual, demonstrates our progress, highlights our partners who make this work possible, and lays out our vision for the future. Thank you for being with us onCREATING this journey as we work to improve uponSUSTAINABLE the foundation we have built. VALUE PROGRESS THROUGH PARTNERSHIP ACHIEVING MEANINGFUL PROGRESS 1 KKR at a Glance 2 KKR by the Numbers 4 Letter From Our Founders 7 2012 ESG Progress and Highlights 9 SECTION 1: OUR COMMITMENT AND APPROACH 10 The Importance of ESG Management 11 Identifying Shared Priorities 12 Engaging Our Stakeholders 13 Our Approach to ESG Management in Private Equity 14 Partnerships for ESG Expertise 16 Private Equity’s Role in a Healthy Global Economy 19 SECTION
    [Show full text]
  • Colonial Pipeline Company
    Colonial Pipeline Company Timothy C. Felt President and Chief Executive Officer Tim Felt President and Chief Executive Officer Colonial Pipeline Company Quadrennial Energy Review Stakeholder Meeting Transmission, Storage and Distribution Issues Relating to Petroleum and Refined Products New Orleans, LA – May 27, 2014 Secretary Moniz, Chairman Landrieu, Deputy Secretary Connor and distinguished members of the Quadrennial Energy Review Task Force. I am Tim Felt, president and chief executive officer of Colonial Pipeline Company. Thank you for the opportunity to share some of my thoughts related to the refined products pipeline infrastructure that delivers much of the transportation fuels and other products that are critically important to our nation’s economy. History In 1961, a handful of energy companies came together to build what was then the single largest privately funded construction project in the history of the United States – a $370 million dollar pipeline that would deliver gasoline and other refined products from Houston, Texas to New York Harbor and points in-between. This was a monumental undertaking by any measure. Secretary of Commerce Luther Hodges said at the time that it was “the sort of action this country needs if it is to realize its full economic potential.” Those words remain true to this day – infrastructure projects that are designed to serve consumers and improve their lives are essential if we are to realize the full potential of the United States. From July 1962 when Colonial began soliciting bids to build our mainline, to 1964, when our system became fully operational, through today, Colonial has continually invested to expand and maintain a critical energy artery that serves more than 50 million Americans.
    [Show full text]