|40% OF ALL CYBER ATTACKS HAVE BEEN AGAINST THE ENERGY SECTOR|
|WHITEPAPER: PROTECTING OPERATIONS IN THE ENERGY SECTOR AGAINST CYBER ATTACKS|
The future is brighter than ever for the hydrocarbon industry – particularly with the recovery of unconventional resources such as shale oil and gas, and coal bed methane. Yet this also brings with it some controversy, and this is just one reason for the industry’s increased vulnerability to cyber attack.
Political espionage, malicious attack for financial gain, disgruntled employees, even human error; all have the potential to significantly disrupt processes at rigs and refineries. With a typical oil pipeline pumping $3m oil per hour, effective digital data management keeps revenues flowing1. But it’s not just the hydrocarbons – a large refinery produces an average 1TB of data per day2.
TRANSITION TO THE DIGITAL OILFIELD
But the combination of open standard based IP protocols and integration into back office systems also exposes oil and gas companies to the threat of cyber attacks.
THE RAPID RISE OF CYBER CRIME
The Stuxnet virus, which targeted programmable logic controllers (PLC) and SCADA systems in 2010, was one of the first examples of cyber-sabotage. Typically introduced by infected USB flash drives, it subverted industrial process control systems, collecting system information and causing them to self-destruct3.
These are complex, intelligent viruses: Stuxnet was notable for including code to fake control sensor signals to prevent the precautionary shutdown of an infected system due to detected abnormal behaviour, and also for making itself inert if the specific SCADA software wasn't found on the infected machine.
Even two-way radio systems that are considered "isolated" from the enterprise IT network are vulnerable to attack. Indeed, the source of computer virus that infected the radio dispatch system of an Australian ambulance service in 2011 was thought to have been a compromised USB stick4.
Back to the present day, and global security experts are currently investigating the Shellshock bug which appears to primarily target Unix servers5. Early indications show that the level of vulnerability has yet to be fully understood but could be uncommonly wide-ranging.
WIDESPREAD VULNERABILITY NEEDS SYSTEMATIC PROTECTION
Successful attacks show that companies often underestimate the vulnerability of digitally enabled technology and devices7. 45% of oil and gas companies responding to the IDC security survey were unclear just how many security events happened during the last 12 months, and of that percentage, half didn't know the nature of the breaches6.
A CYBER SECURITY FRAMEWORK ALIGNED TO GLOBAL SECURITY STANDARDS
In response to these changing conditions, we've published Protecting Operations in the Energy Sector Against Cyber Attacks. The whitepaper discusses the threats in detail and presents a best practice cybersecurity strategy that is consistent with the NIST Framework. We've also included a handy checklist so you can assess your company's current levels of protection.
If, after reading, you find that your operations are indeed vulnerable to attack then we do offer a cyber assessment service, details of how to arrange the assessment can be found on the back page of the whitepaper.
If you'd like to join the conversation about protecting oil and gas operations from cyber threats, we'd be delighted to welcome you to the Motorola Solutions Community EMEA LinkedIn Group.
Tunde Williams is Global Product and Solutions for TETRA.
Tunde is on LinkedIn at https://www.linkedin.com/pub/olatunde-williams/5/282/67a