Cyber security in oil and gas

14/09/17

Cyber security has experienced plenty of media airtime recently and these events have made one thing abundantly clear; everyone must be aware of the risks and understand what can be done to mitigate them. This is especially true for oil & gas, an industry that is critical to the global economy. Pre-empting and defending your organisation from attacks is essential if the industry is to work together successfully and protect the ecosystem.

There is a lot that distinguishes the oil & gas industry from other sectors, but when it comes to information security, it is like any other. In line with many other industries, oil and gas companies are seeing an increasing level of convergence as operational environments are getting closer to the enterprise IT environment and by extension, closer to the internet.

This is relevant to all parts of the value stream, from upstream through to the petrol pump. To encompass threats across the sector, we have analysed each step of the supply chain to identify the primary threat actors and what they are targeting, as well as the potential impact of a security breach.

Broadly, the following areas are most likely to be impacted by Cyber attack in the Oil & Gas sector.  The infographics below discuss which are most affected at each stage of the process

Step 1: Exploration and Production (E&P)

The potential risks to E&P from a cyber attack range from health & safety all the way through to environmental damage.  The inherently risky nature of offshore oil & gas exploration & production activity is well known and this risk is exacerbated by risk of cyber attack, whether that be nation state led, corporate espionage or even terrorist activity.

Targets
  • Field Plants
  • Intellectual Property
  • Research and exploration data
  • IIoT
  • Reservoir information
Primary threat actors
  • Nation State
  • Corporate Espionage

 

Step 2: Processing and Refining

The processing and refining of hydrocarbons involves many processes and control systems that could be targeted by a cyber attack.  Risk of service disruption and environmental impact is high.  Attacks could come from a nation state, disgruntled employee through to corporate espionage with potentially significant financial implications for the victim.

Target
  • Pipeline control
  • Refinement
  • Storage
  • Oil distribution
Primary threat actors
  • Hacktivists
  • Nation state 

Step 3: Distribution and Consumer

Transportation of hydrocarbons to distribution points and end consumers represents an opportunity for lower level hacktivists and cyber criminals to attack the system.  Risks include health & safety, reputation and regulatory as well as financial impacts.  At its most basic level, the opportunity could exist for hackers to infiltrate payment systems at a service station, leading to financial losses and potential for identity theft.

Targets
  • Pipeline control
  • Refinement
  • Storage
  • Oil distribution
Primary threat actors
  • Hacktivists

 

Step 4: Trading

As global trading of commodities becomes ever more complex, so too does the opportunity for organised crime, among others, to infiltrate payment systems, CTRM platforms and inventory management systems.  The potential exists for those threat actors to gain financially from payment theft through to virtual inventory theft.

Target
  • Payment security
  • CTRM Platforms
  • Commodity flow/Inventory management
Primary threat actors
  • Insiders
  • Organised crime

Conclusion

The Oil & Gas industry is massively complex, with stakeholders from huge corporate entities through to individuals.  There are opportunities throughout the life cycle for threat actors to attack the system, disrupt services, steal information and gain financially from security lapses.  

Often the solution to the risk is relatively simple and it is vital that the industry frames its security against the principles of Identify, Protect, Detect, Respond & Recover in order to stay cyber resilient.  Balancing security measures, protecting the right things and investing in the ability to detect and respond effectively to challenges will help position organisations to deal with future attacks.

One thing is clear, the threat actors are very often one step ahead and therefore it is vital that organisations stay vigilant and active in monitoring and responding to the threat of attack.

 

Contact us

Colin Slater
Cyber Security Partner
Tel: +44 (0) 7711 589065
Email

Stuart Birnie
Director
Tel: 0141 355 4132
Email

Follow us