Fighting Cyber Attacks in the Oil and Gas Industry

Fighting Cyber Attacks in the Oil and Gas Industry

Digitization is on the rise in the conservative oil and gas industry as companies realize the cost and operational efficiency boost that sensors and algorithms can offer them. Meanwhile, cybercriminals are keeping ahead of the learning curve, forcing oil and gas to play catch-up.

The Cyber Threat

Energy companies—including pipeline operators and utilities—spend millions on cybersecurity. Cyber-attacks against the industry have been growing in frequency. Symantec is tracking as many as 140 cybercriminal groups that target the energy industry—that’s up from 87 in just 4 years.

Energy networks are especially vulnerable to cyber-attacks, say security tech experts. Hackers can cause widespread power outages, undermining critical security and defense infrastructure, and endangering millions of citizens. Because hackers can gain control from close range or from long distances, they have the ability to access nuclear facilities, power grids, and power generation facilities around the world. Natural gas pipelines in both the U.S. and Canada are regularly targeted, and researchers in Oklahoma discovered that their wind-turbine facility could be hacked in less than one minute through a single lock on the door to gain access to their servers.

Malicious codes are usually spread due to human error. An attachment in an email is opened, memory sticks are inserted, mobile phones are charged, laptops are connected to critical networks, etc. Mobile phones can also easily establish Internet connections. Users are even tricked into revealing passwords. Locating operation rooms onshore means that less attention may be paid, and this increases the likelihood of both unintentional and intentional unwanted incidents. Human error is regarded as the greatest digital vulnerability in the sector.

The consequences of unwanted incidents based on digital vulnerabilities will primarily be of a financial nature. Production has to be shut down, and this means a loss of income for the industry.

Is the Industry Ready?

An unofficial international survey among companies in the sector concluded that only 40% of the companies have established an emergency preparedness plan that covers digital vulnerabilities. The crises and emergency preparedness focus is on fires, explosions, blowouts, and other avenues.

Responses to cyber-attacks must be multilayered, repelling the most common attacks with a nuanced approach for advanced and emerging threats