Combatting Cyber-Attacks In The Oil And Gas Industry

oil-and-gasEarlier this week, Yahoo that more than one billion user accounts were compromised and data stolen in a hack by an unauthorized third party in August 2013, in an incident “likely distinct” from the data breach the company disclosed this past September in which personal information of half a billion of its users was stolen.

This data breach is evidence of the fact that hackers are growing bolder and getting increasingly creative. And while news of Yahoo or LinkedIn security breaches immediately makes the headlines, media is by no means the only industry under threat from hackers.

Some of the most dangerous forms of cyber-attacks are those that target critical infrastructure such as oil and gas facilities, or nuclear plants. If one of these attacks were to succeed, it would not only be catastrophic for the environment, it would severely compromise governments and national security.

The oil and gas industry is well aware of potential threats, and is rising up to tackle cyber security issues by creating joint programs and initiatives. But it is the critical importance of oil and gas infrastructure that makes some governments unwilling to share information and join a global fight against cyber crime. In addition, experts say that technology alone is not the ‘easy fix’ that cyber security needs: boosting security can come only by raising awareness among personnel, especially in countries in the Middle East.

It was in the Middle East that the “worst hack ever seen” was perpetrated back in 2012. And the attack was against one of the biggest oil companies in the world, Saudi Aramco. It wiped 35,000 computers in hours, and Aramco was forced to use fax machines and typewriters. In a matter of hours, Saudi Aramco’s ability to supply 10 percent of the world’s oil was put at risk.

Thankfully, oil production did not suffer—that time—but the entire computer-assisted corporate business was belly up.

A couple of weeks ago, Saudi Arabian institutions were targeted in a cyber attack, once again, with the General Authority of Civil Aviation (GACA) serving as one of the targets.

Before the latest cyber-attack on Saudi institutions, PwC said in a report from March this year:  This small oil company has recently developed a technology that could completely transform the oil industry for the better.

“Technology isn’t the answer on its own: Middle Eastern companies can have a greater tendency to believe they can fix cyber issues by buying a technological ‘fix’. But that needs to be supported by a parallel investment in awareness and training – less than 20 percent have a strong awareness program, for example.”

It’s not only the Middle East that has been the target of cybercrimes. In August 2014, the Norwegian oil industry – a vital part of the country’s economy and state revenues – came under attack. National Security Authority Norway said that 50 companies in the oil sector were hacked and 250 more were warned to check their systems, in one of the biggest hacks in Norway’s history. Oil major Statoil was reportedly a target of that attack.

More recently, advisory and risk management company DNV GL has set up a Joint Industry Project.  (JIP) together with A/S Norske Shell, Statoil, Lundin, Siemens, Honeywell, ABB, Emerson, and Kongsberg Maritime, to develop the best practices in addressing cyber threats.

Governments as well are acting to prevent cyber threats as much as possible. For example, the UK’s National Cyber Security Strategy for the next five years includes strengthening the defense of critical national infrastructure sectors such as energy and transport, underpinned by US$2.374 billion (1.9 billion British pounds) of transformational investment, Chancellor of the Exchequer Philip Hammond said upon launching the strategy in October this year.

As for the entire global oil and gas security market, Wise Guy Reports said in a report on Wednesday that the market was valued at US$25.68 billion in 2015 and was estimated to grow annually by 5.01 percent to reach US$32.79 billion by 2020. The report said that oil and gas are essential global commodities, and oil is the world’s foremost commercial energy source.

Even if oil is currently trading at half the price it did in 2014, industry experts warn that low prices should not make companies lower their guard.

“Lower oil price does not mean lower risk,” William Rothe, vice president of enterprise systems for Hess Corp, told E&P Magazine’s Velda Addison last month.

This article was provided courtesy of

The best way to protect your Networks is to have properly training IT Security Pros on your team.  Learn how to protect your LAN and WAN and important corporate information with Certified Ethical Hacking (CEH), Computer Forensics (CHFI), Security Analyst (ECSA), CISSP, and Cisco Security courses.

CED Solutions is a Cisco Learning Partner, Microsoft Gold Learning Partner and the #1 location for Microsoft Certifications in North America for the last 6 years combined.  CED Solutions is a CompTIA Partner, EC Council Partner, and many others and is one of the largest providers of training in North America.  The Atlanta facility provides IT training for up to 300 students per day, with separate buildings dedicated to training. CED Solutions provides training thousands of students per year and students take hundreds of certification exams every two weeks.

Share this post