Oil And Gas Companies Seen As Vulnerable to Cyber-Attacks

26 Jun

Timothy Gardner / Reuters

U.S. oil and natural gas operations are increasingly vulnerable to cyber attacks that can harm the competitiveness of energy companies or lead to costly outages at pipelines, refineries or drilling platforms, a report said on Wednesday.

The energy business, including oil and gas producers, was hit by more targeted malware attacks from April to September last year than any other industry, said the Council on Foreign Relations (CFR) report, citing data from a Houston-based security company, Alert Logic.

Cyber attacks on energy companies, which are increasing in frequency and sophistication, take two main forms, the CFR report said. The first kind, cyber espionage, is carried out by foreign intelligence and defense agencies, organized crime, or freelance hackers.

These parties covertly capture sensitive corporate data or communications with the goal of gathering commercial or national security intelligence. U.S. energy companies are subject to frequent and often successful attempts by competitors and foreign governments to access long-term strategic plans, bids tendered for new drilling acreage, talks with foreign officials and other trade secrets, the report said.

A campaign against U.S. energy companies by hackers based in China, called Night Dragon by McAfee, a leading security company that is part of Intel Corp, began in 2008 and lasted into 2011. The campaign stole gigabytes of material, including bidding data in advance of a lease auction. One unidentified energy company official believes his company lost a bid in a lease auction because of the attack, the CFR report said.

Many companies are either unaware of similar attacks or are afraid to disclose them for fear of upsetting investors, it said.

“That’s too bad because it makes it harder for Washington to help them and it also makes it harder for the public to be aware of what threats are out there,” said Blake Clayton, a fellow in energy and national security at CFR and a co-author of the report.

The second main cyber risk to energy companies is the disruption of critical businesses or physical operations through attacks on networks.

“This has a lower probability but potentially higher cost,” said Clayton.

The Stuxnet virus, said to have been created by the United States and Israel to attack Iran’s nuclear program, is an example of a campaign that ended up escaping from its intended target at the risk of causing harm to a U.S. company. Chevron Corp said late last year it had been infected by Stuxnet, but said without elaborating the virus was quickly controlled.

An attack dubbed Shamoon last year on Saudi Aramco, Riyadh’s state oil company, ultimately disabled some 30,000 computers. The company said the attack was aimed at stopping oil and gas output at the biggest OPEC crude exporter.

Oil production was apparently unaffected, but damage could have been more severe had the attack penetrated further into the network, the report said.

Hackers from a group called “Cutting Sword of Justice,” suspected to be insiders, claimed responsibility for the attack, which was believed to have been delivered using a USB drive.

2 Responses to “Oil And Gas Companies Seen As Vulnerable to Cyber-Attacks”

  1. Alan July 19, 2013 at 8:31 am #

    Oil and gas companies should take steps to protect sensitive data from getting hacked or being compromised. They should opt for reliable anti-theft security solutions.

Trackbacks/Pingbacks

  1. Energy Threat Consideration and a Technology Response | LANDsds Sustainable Voice - June 28, 2013

    […] Oil And Gas Companies Seen As Vulnerable to Cyber-Attacks (earthfirstnews.wordpress.com) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: