Oil Industry Neglected Cybersecurity During The Downturn

Striving to adapt to the lower-for-longer oil prices with cost cuts, oil companies put investment into boosting cybersecurity on the back burner during the worst of the oil price plunge in 2015 and 2016, while hackers grew increasingly inventive and bolder, security experts told the Houston Chronicle.

The projects to strengthen the networks and systems against cyber attacks did not receive the necessary attention and funding, and today most security teams are still short of staff or technology to effectively monitor and prevent cyber attacks, the experts said.

During an oil price slump, “projects, capabilities and needs that aren’t exactly on top of mind go to the bottom of the pile,” Paul Berger Jr., a cybersecurity professional at Baker Hughes, now part of GE, told the Houston Chronicle.

However, in recent months it has become evident that critical U.S. energy infrastructure—including pipelines and refineries—have been targeted by state-sponsored hackers.

Yet, according to the experts who spoke to the Houston Chronicle, there is little evidence of a U.S. political push in Congress to tackle the cybersecurity issues, and the U.S. still lacks regulation on cybersecurity standards in the oil and gas industry, the way it has for nuclear, power, and chemicals.

Recent cyber attacks have alerted the U.S. administration and last month it sanctioned Russian cyber actors, saying that “Since at least March 2016, Russian government cyber actors have also targeted U.S. government entities and multiple U.S. critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.”

Related: Three Takeaways From OPEC's Latest Report

More recently, at least seven natural gas pipeline operators were the victims of hackers that targeted third-party communications system Latitude Technologies, causing service disruptions and breakdowns in electronic communications with customers.

Baker Hughes’ Berger told the Houston Chronicle that the oil and gas industry has to do better because hacker groups “could cause the United States a lot of grief, and a lot of grief in a hurry.”

According to a 2017 U.S. oil & gas cybersecurity study by Ponemon Institute sponsored by Siemens, 68 percent of respondents said their organisation had experienced at least one cyber compromise. A total of 67 percent of respondents believe the risk level to industrial control systems over the past few years has substantially increased because of cyber threats. Sixty-six percent believe that oil and gas companies are benefiting from digitalization, but that it has also significantly increased cyber risks. Only 45 percent of respondents say their organisation has the internal expertise to manage cyber threats, the study found.

By Tsvetana Paraskova for Oilprice.com

More Top Reads From Oilprice.com:

• Shell To Shift From Oil ‘When This Makes Commercial Sense’
• The Oil Eating Bacteria That Can Clean Up Crude Spills
• Is The Cushing Oil Hub Still Relevant?