• 3 minutes Could Venezuela become a net oil importer?
  • 7 minutes Reuters: OPEC Ministers Agree In Principle On 1 Million Barrels Per Day Nominal Output Increase
  • 12 minutes Battle for Oil Port: East Libya Forces In Full Control At Ras Lanuf
  • 12 hours Could Venezuela become a net oil importer?
  • 4 hours Reuters: OPEC Ministers Agree In Principle On 1 Million Barrels Per Day Nominal Output Increase
  • 15 hours Tesla Closing a Dozen Solar Facilities in Nine States
  • 21 hours Saudi Arabia plans to physically cut off Qatar by moat, nuclear waste and military base
  • 12 hours Gazprom Exports to EU Hit Record
  • 15 hours Why is permian oil "locked in" when refineries abound?
  • 5 hours Oil prices going down
  • 13 hours EU Leaders Set To Prolong Russia Sanctions Again
  • 12 hours Could oil demand collapse rapidly? Yup, sure could.
  • 11 hours Oil Buyers Club
  • 15 hours EVs Could Help Coal Demand
  • 10 hours Saudi Arabia turns to solar
  • 1 day Teapots Cut U.S. Oil Shipments
  • 21 hours China’s Plastic Waste Ban Will Leave 111 Million Tons of Trash With Nowhere To Go
  • 3 hours Russia's Energy Minister says Oil Prices Balanced at $75, so Wants to Increase OPEC + Russia Oil by 1.5 mbpd
  • 1 day Battle for Oil Port: East Libya Forces In Full Control At Ras Lanuf
Alt Text

OPEC’s Agreement Sends Oil Prices Soaring

Oil prices spiked on Friday…

Alt Text

Saudi Aramco Looks To Double Refining Capacity

Saudi Aramco looks to almost…

Alt Text

OPEC Edges Closer To Production Agreement

A successful OPEC agreement in…

Irina Slav

Irina Slav

Irina is a writer for the U.S.-based Divergente LLC consulting firm with over a decade of experience writing on the oil and gas industry.

More Info

Trending Discussions

Catastrophic Cyberattacks Threaten Big Oil

Servers

There are over a million oil and gas wells in the United States. There are also several hundred thousand miles of pipelines. Digitization is on the rise in the notoriously conservative oil and gas industry as companies wake up to the cost and operational efficiency boost that sensors and algorithms can offer them. Meanwhile, cybercriminals are keeping ahead of the learning curve, but oil and gas is largely pretending not to notice them.

Energy companies—including E&Ps, pipeline operators, and utilities—spend less than 0.2 percent of their revenues on cybersecurity, two security consulting firms have calculated. This compares with three times this portion of revenues spent on cybersecurity by financial services providers and banks.

True, banks and their likes deal directly with people’s money, so it would make sense to be extra careful. Also, the financial services industry has been under growing pressure from alternative service providers, so it has had to become flexible and open to new tech to stay ahead of the competition.

Oil and gas producers, on the other hand, don’t seem to see themselves a likely target of a cyberattack even though such attacks against the industry have been growing in frequency. Symantec, according to Bloomberg, is tracking as many as 140 cybercriminal groups that target the energy industry. That’s up from 87 in 2015.

Last year, Deloitte reported that the energy industry was the second most popular target for cyberattacks in 2016. Almost three-quarters of U.S. oil and gas companies, the consultancy said, had a cyber incident in that year, yet only a tiny majority cited cyber risk as a major concern in their annual reports. This is what makes the cybersecurity situation in oil and gas very worrying.

A month ago this worry materialized in the hack attack against the communications system supplier to five pipeline operators. While the consequences of the hacking were not particularly serious, the attack should serve as an urgent warning to the industry: the more reliant it becomes on tech, the more vulnerable it becomes.

There is also the unpleasant fact that oil and gas have had to play catch-up with cybersecurity. As the industry struggled to adapt to the lower-for-longer oil prices with cost cuts, oil companies put investment into boosting cybersecurity on the back burner during the worst of the oil price plunge in 2015 and 2016, while hackers grew increasingly inventive and bolder.

The projects to strengthen the networks and systems against cyber attacks did not receive the necessary attention or funding, and today most security teams are still short of staff or technology to effectively monitor and prevent cyber attacks, security experts explain. Related: Iran’s Oil Exports Hit Record High As Sanctions Loom

Now that things are looking up with higher prices, it is time to refocus on cybersecurity before a serious attack takes place. Oil and gas pipelines are, after all, critical infrastructure and they deserve due attention from their operators. So do wells and platforms. It’s only a matter of time before someone makes a blockbuster movie about hackers taking over oil producing infrastructure to remotely wreak havoc on the industry. Unfortunately, it may only be a matter of time before something like this happens in real life as well.

Deloitte said as much in its 2017 report: “If a cyber attacker were to manipulate the cement slurry data coming out of an offshore development well, black out monitors’ live views of offshore drilling, or delay the well-flow data required for blowout preventers to stop the eruption of fluids, the impact could be devastating.”

Addressing cybersecurity issues in oil and gas is a difficult job. It’s a very complex industry and there are many cybersecurity aspects that need equally urgent addressing as more and more links of the supply chain become vulnerable to attacks because of digitization. Yet difficult or not this job needs doing now. All cybersecurity experts can’t be wrong, can they?

By Irina Slav for Oilprice.com

More Top Reads From Oilprice.com:




Back to homepage

Trending Discussions


Leave a comment

Leave a comment




Oilprice - The No. 1 Source for Oil & Energy News