• 3 hours Montenegro A ‘Sweet Spot’ Of Untapped Oil, Gas In The Adriatic
  • 5 hours Rosneft CEO: Rising U.S. Shale A Downside Risk To Oil Prices
  • 6 hours Brazil Could Invite More Bids For Unsold Pre-Salt Oil Blocks
  • 7 hours OPEC/Non-OPEC Seek Consensus On Deal Before Nov Summit
  • 8 hours London Stock Exchange Boss Defends Push To Win Aramco IPO
  • 9 hours Rosneft Signs $400M Deal With Kurdistan
  • 11 hours Kinder Morgan Warns About Trans Mountain Delays
  • 18 hours India, China, U.S., Complain Of Venezuelan Crude Oil Quality Issues
  • 23 hours Kurdish Kirkuk-Ceyhan Crude Oil Flows Plunge To 225,000 Bpd
  • 1 day Russia, Saudis Team Up To Boost Fracking Tech
  • 1 day Conflicting News Spurs Doubt On Aramco IPO
  • 1 day Exxon Starts Production At New Refinery In Texas
  • 1 day Iraq Asks BP To Redevelop Kirkuk Oil Fields
  • 2 days Oil Prices Rise After U.S. API Reports Strong Crude Inventory Draw
  • 2 days Oil Gains Spur Growth In Canada’s Oil Cities
  • 2 days China To Take 5% Of Rosneft’s Output In New Deal
  • 2 days UAE Oil Giant Seeks Partnership For Possible IPO
  • 2 days Planting Trees Could Cut Emissions As Much As Quitting Oil
  • 2 days VW Fails To Secure Critical Commodity For EVs
  • 2 days Enbridge Pipeline Expansion Finally Approved
  • 2 days Iraqi Forces Seize Control Of North Oil Co Fields In Kirkuk
  • 2 days OPEC Oil Deal Compliance Falls To 86%
  • 3 days U.S. Oil Production To Increase in November As Rig Count Falls
  • 3 days Gazprom Neft Unhappy With OPEC-Russia Production Cut Deal
  • 3 days Disputed Venezuelan Vote Could Lead To More Sanctions, Clashes
  • 3 days EU Urges U.S. Congress To Protect Iran Nuclear Deal
  • 3 days Oil Rig Explosion In Louisiana Leaves 7 Injured, 1 Still Missing
  • 3 days Aramco Says No Plans To Shelve IPO
  • 6 days Trump Passes Iran Nuclear Deal Back to Congress
  • 6 days Texas Shutters More Coal-Fired Plants
  • 6 days Oil Trading Firm Expects Unprecedented U.S. Crude Exports
  • 6 days UK’s FCA Met With Aramco Prior To Proposing Listing Rule Change
  • 6 days Chevron Quits Australian Deepwater Oil Exploration
  • 7 days Europe Braces For End Of Iran Nuclear Deal
  • 7 days Renewable Energy Startup Powering Native American Protest Camp
  • 7 days Husky Energy Set To Restart Pipeline
  • 7 days Russia, Morocco Sign String Of Energy And Military Deals
  • 7 days Norway Looks To Cut Some Of Its Generous Tax Breaks For EVs
  • 7 days China Set To Continue Crude Oil Buying Spree, IEA Says
  • 7 days India Needs Help To Boost Oil Production
Alt Text

A New Oil Crisis Is Developing In The Middle East

As Iraqi-Kurds prepare to fight…

Alt Text

Oil Prices Rise Amid Falling U.S. Rig Count

Oil prices inched higher on…

Alt Text

Aggressive OPEC Pushes Oil Prices Up

Oil prices are once again…

Ronke Luke

Ronke Luke

Ronke Luke has experience advising senior executives (including at the ministerial level) on initiatives to develop and increase uptake of advanced energy and environmental technologies…

More Info

Cyber Threat Has Oil And Gas Majors On Edge

Cyber Threat Has Oil And Gas Majors On Edge

The massive cyber breach of the U.S. Government’s Office of Personnel Management (OPM) systems is the latest in a string of high profile cyber attacks in the last couple of years.

Before OPM, media coverage focused on hacks at Sony Corporation, Home Depot, Target, and Care First. In between these notable incidents has been comparatively-quiet coverage of cyber attacks at energy firms. For example, the 2012 breach of Saudi Aramco’s network that disabled 30,000 computers, or the 2014 hack of a South Korean nuclear plant operator’s computer system received much less attention. A 2014 article attributed the 2008 explosion of a Turkish pipeline to a cyber attack, the first documented digital compromise of critical infrastructure.

According to HP Enterprise Security’s 2014 Global Report on the Cost of Cyber Crime, conducted by the Ponemon Institute, energy and utilities suffered the highest average annualized losses from cyber crimes ($13.2 million), closely followed by the finance sector ($12.97 million); dwarfing much covered - media, retail and health care sectors.

While general media coverage raises awareness of the digital threat, all cyber threats aren’t equal.

Energy sector faces two types of cyber threats

The energy sector is vulnerable to two types of cyber threats. One is to companies’ information technology (IT) systems that are used for business and administrative purposes. These are the corporate breaches we hear about most often when networks are attacked, office computers compromised or business information is stolen – all certainly devastating to a company and the industry. Related: Military Renewable Investment Could See Huge Growth In Coming Years

Addressing these threats is quite well understood and advanced. Cyber security firms such as Symantec, Fire eye, Palantir, Palo Alto networks, Splunk, Fidelis to name a few, have tools and solutions to defend and protect IT infrastructure and systems. Defense contractors such as Lockheed Martin, General Dynamics, BAE Systems also offer extensive technologies and services for designing and managing IT cyber solutions. Corporate Chief Information Officers (CIO) in the U.S. government and across the industry are well aware of IT cyber security and risk management.

The second type is the threat to the operational technology (OT) such as the sensors, SCADA (supervisory control and data acquisition) systems, software and other controls that operate the pipelines, power plants, and transmission and distribution grids.

Ever since researchers in 2007 demonstrated a digital attack that destroyed a power generator, the cyber threat to OT has worried the U.S. government. The potential for an adversary to take control of and destroy power plants, oil and gas facilities, chemical plants or water installations poses economic, social and political threats to any nation. Increasingly, there are reports of successful attacks against such critical infrastructure.

Unlike IT systems, it’s early days for solutions to protect OT. Yet, IT systems and OT systems are converging as more operations and communication systems are integrated and functionality is Internet-enabled. Government and industry are racing to secure IT systems and develop practices and technologies to address OT threats.

Protecting energy sector OT systems from cyber threats

Cyber security wasn’t a threat when most of today’s energy infrastructure was built. Hence protections were never built in to the software, controllers and sensors that operate the valves, pumps and other system components. Retrofitting the existing infrastructure or designing new solutions is not trivial. Smart grids, digital oil fields, and internet-connected services and functions introduce new complexities, vulnerabilities and access points. Cyber solutions for energy OT systems must function yet not interfere with the workings of the controllers or the energy systems, making them much more complex than those for IT systems.

The U.S. Department of Energy’s (DOE) Office of Electricity Delivery and Energy Reliability has launched an ambitious and far reaching government-industry partnership to address the cyber security challenge to the electricity grid. According to DOE, “ensuring a resilient electric grid is particularly important since it is arguably the most complex and critical infrastructure that other sectors depend upon to deliver essential services.” Related: Greece And Iran Provide One-Two Punch To Oil Prices

In 2011, DOE published an ambitious “Roadmap to achieve Energy Delivery Systems Cybersecurity.” Under this plan, “by 2020, resilient energy delivery systems are designed, installed, operated, and maintained to survive a cyber incident while sustaining critical functions.” Basically, power grids will continue to supply electricity even if attacked. 

(Click to enlarge)

A Large and Growing Market

ABI Research is widely quoted as predicting the oil and gas sector’s cyber spending to reach $1.87 billion by 2018 as it defends its infrastructure against cyber attacks. According to PWC’s Global State of Information Security® Survey 2015, oil and gas spending for cyber security increased 14 percent in 2014.

In contrast, PWC found that investment by power utilities in cyber security stalled in 2014. Many of the threats identified are known IT vulnerabilities, and do not directly include the costs of OT cyber protections. However, because IT vulnerabilities can be gateways to OT controls, these investments are critical.
The size of the cyber market to protect OT is not yet separately determined. It is not unreasonable that it could dwarf that of the market for IT.

Every major supplier to the power sector is deeply engaged in developing and bringing cyber solutions to market. These include well known publicly-traded names, privately-held firms and non-profits.

For example, Ericsson, Schweitzer Engineering Laboratories and Grid Protection Alliance are developing secure communications solutions that will function between remote access devices and control centers. AREVA has partnered with Northrop Grumman to provide solutions to utility sector. ABB, Emerson, Honeywell, OSIsoft participated in a DOE-sponsored program to test baseline security assessment solutions.

Solutions to integrate cyber and physical security situational awareness are seen as critical to real-time security state monitoring. Siemens is currently developing a near-real-time solution for this purpose.

Oil and gas majors organized themselves in to the LOGIIC (Linking the Oil and Gas Industry to Improve Cybersecurity) program to facilitate cooperative R&D, testing, and evaluation procedures to improve cybersecurity in petroleum industry digital control systems. Department of Homeland Security, BP, Chevron, Shell, Total are members of LOGIIC. Lockheed Martin is offering the oil and gas sector a full suite of cyber solutions that takes an integrated approach to both IT and OT. These are just a few examples.

Energy firms can no longer take an isolated view to physical, IT and OT security. The convergence of IT and OT in the energy sector means the vulnerabilities and potential attack surfaces continue to increase. While the industry races to find solutions, more energy firms are buying cyber security insurance. It’s unclear if these policies will cover losses such as the Turkish pipeline lost to a cyber attack. The urgency to stay ahead of determined and increasingly sophisticated adversaries means that the global market opportunity to protect critical infrastructure against cyber threats will continue to grow.

By Ronke Luke of Oilprice.com

More Top Reads From Oilprice.com:

Back to homepage

Leave a comment

Leave a comment

Oilprice - The No. 1 Source for Oil & Energy News