There are over a million oil and gas wells in the United States. There are also several hundred thousand miles of pipelines. Digitization is on the rise in the conservative oil and gas industry as companies wake up to the cost and operational efficiency boost that sensors and algorithms can offer them. Meanwhile, cybercriminals are keeping ahead of the learning curve, forcing oil and gas to play catch-up.
Energy companies—including pipeline operators, and utilities—spend less than 0.2 percent of their revenue on cybersecurity, two security consulting firms have calculated. This compares with three times this portion of revenues spent on cybersecurity by financial services providers and banks. Cyber-attacks against the industry have been growing in frequency. Symantec is tracking as many as 140 cybercriminal groups that target the energy industry. That’s up from 87 in 2015.
Energy networks are especially vulnerable to cyber-attacks, say security tech experts. Hackers can cause widespread power outages, undermining critical security and defense infrastructure, and endangering millions of citizens. Because hackers can gain control from close range or from long distances, they have the ability to access nuclear facilities, power grids, and power generation facilities around the world. Natural gas pipelines in both the U.S. and Canada are regularly targeted, and researchers in Oklahoma discovered that their wind-turbine facility could be hacked in less than one minute through a single lock on the door to gain access to their servers.
Last year, Deloitte reported that the energy industry was the second most popular target for cyberattacks in 2016. Almost three-quarters of U.S. oil and gas companies, the consultancy said, had a cyber incident in that year, yet only a tiny majority cited cyber risk as a major concern in their annual reports. As the industry struggled to adapt to the lower-for-longer oil prices with cost cuts, oil companies put investment into boosting cybersecurity on the back burner during the worst of the oil price plunge in 2015 and 2016, while hackers grew increasingly inventive and bolder.
Now that things are looking up with higher prices, it is time to refocus on cybersecurity before a serious attack takes place. Oil and gas pipelines are, after all, critical infrastructure, and they deserve due attention from their operators, as do wells and platforms.