Computers run the world. They are intrinsically linked into every system, few processes are fully manual. This means that to control the system you just need to control the computer. The increasing problem with this is that computers can be controlled remotely and also invisibly. This opens the doors for people to hack systems and assume control. Invariably the systems have sophisticated security and if needed can even be switched off and updated. However there is one important system that cannot be turned off; that which controls the production and supply of oil. "Oil needs to keep on flowing," said Riemer Brouwer, head of IT security at Abu Dhabi Company for Onshore Oil Operations (ADCO).
Oil company executives have warned that attacks are becoming more frequent and more carefully planned. The determination and stamina shown by some modern hackers has increased and there are more multi-pronged, co-ordinated attacks. Ludolf Luehmann, an IT manager at Shell, said hackers were increasingly staging attacks over long periods, silently collecting information over weeks or months before attacking specific targets within company operations with the information they have collected.
The threat of these hackers is a serious one. "Cyber crime is a huge issue." said Dennis Painchaud, director of International Government Relations at Canada's Nexen Inc. "It is a very significant risk to our business. It's something that we have to stay on top of every day. It is a risk that is only going to grow and is probably one of the pre-eminent risks that we face today and will continue to face for some time."
Luehmann stated, "If anybody gets into the area where you can control opening and closing of valves, or release valves, you can imagine what happens. It will cost lives and it will cost production, it will cost money, cause fires and cause loss of containment, environmental damage - huge, huge damage.”
The Stuxnet computer worm discovered in 2010 was the first found that had been specifically designed for industrial systems and the first visible attack to have a significant impact. It changed the world of international oil companies forever.
In October 2011, Symantec Corp, a security software maker, reported the discovery of a new virus called Duqu, which followed a very similar code to Stuxnet. It was written to gather data on the oil companies in order to make future cyber attacks easier.
A successful hack on just one big oil company could severely affect the global market and therefore global economy. As Riemer Brouwer said, "If they could bring down one of the big players in the oil and gas market you can imagine what this will do for the oil price - it would blow the market." He gave further insight into the security of their computer systems when he commented, "So far we haven't had any major incidents, but are we really in control? The answer has to be 'no'."
The reality is that few people consider IT security when analysing the oil markets. We all know that oil price usually rises when tensions escalate in oil producing countries which could disrupt oil supply; such as Iran, itself thought to be the principal target of the Stuxnet and Duqu worms. However the threat of an electronic attack is also very real and can cause just as much damage and disruption. Experts say that unlike an attack on the Gulf, cyber attacks can be launched from anywhere and might of the US military is powerless to prevent them.
Stephan Klein, SAP vice president of oil and gas operations in the Middle East and North Africa, said "We know that the Straits of Hormuz are of strategic importance to the world, but what about the approximately 80 million barrels that are processed through IT systems?"
A reason for the increase in the number of hacking attacks is that hackers have become much more widespread. Several years ago the domain of hacking was only populated by a few, very skilled computer programmers. Now, with training manuals and online video tutorials, anybody with a computer can become a hacker, and industrial systems are the ultimate test of skill. "Everyone can hack today," Shell's Luehmann said. "The number of potential hackers is not a few very skilled people - it's everyone."
By. James Burgess of Oilprice.com