Cyber security: the changing threat landscape in oil and gas

This article first appeared in Hydrocarbon Engineering on July 21, 2017

Cyber crime costs the global economy more than US$400 billion per year, according to estimates by the Centre for Strategic and International Studies. With Evraz and Rosneft falling victim to the most recent widespread Petya ransomware attack, the increasingly digitised industry is facing major cyber security concerns for the first time.

A connected revolution

Historically reluctant to invest in technology, oil and gas companies are now experimenting with cloud and Internet of Things (IoT) to improve operational efficiency, visibility and safety. Applications include:

  • Monitoring and measuring emissions data in real time. By using cloud technology, companies can build a better picture of trends over time and use this insight to drive emissions strategies.
  • Storing data on remote servers anywhere in the world in real time via IoT. Monitoring equipment installed on local assets transmits information to software that is stored on central servers, rather than physically on an oil and gas site.
  • Feeding data into software such as a continuous emission monitoring system (CEMS) to collect, record and report data remotely. Businesses can access CEMS data and analyse it using a variety of devices. It is not necessary to store and run the software on a machine on-site, which reduces cost and removes the need to have on-site staff. Additionally, data is stored securely on multiple remote servers with back up and is not dependent on the health and reliability of an on-site machine.

Companies now need to consider how effective existing security arrangements are, how connected technology has changed the threat landscape and what level of investment in cyber security and privacy is needed to prevent attack.

Recognising risk

While the finance sector was hit hardest by the recent Petya malware attacks, Cybersecurity firm Kaspersky Labs, reports that more than 50% of the remaining targets fell into the categories of manufacturing or oil and gas. The high-value and high profile nature of the Oil & Gas Industry, together with its complex layers of supply chains, processes and industrial controls, makes it a high value target for hackers. A problem in one system can effect an entire operation.

The threat landscape

Security vulnerabilities arise when companies connect industrial control systems (ICSs) – along value chains in upstream, midstream, and downstream operations – to enterprise IT networks for more operational visibility and business insight.

Advanced persistent threats (APT) are one of the most deceptive types of cyber threat, breaching security with ‘low and slow’ attacks that are hard to detect before a breach is fully executed. APTs operate under the radar of most conventional IT cybersecurity tools, executing a series of small events that may not constitute a cyber attack, but could still indicate malicious intent.

Planned ransomware assaults may be the biggest threat, but unintentional incidents are just as dangerous. For example, an infected USB drive or third-party laptop can accidentally introduce malware and an overload of connected devices can overwhelm systems. It is expected that incidents like these will increase as more IoT devices migrate to operational environments.

To continue reading this article, click here.

July 19, 2018 | News

Related posts