Most Common Oil and Gas Cybersecurity Threats

We are currently in the middle of a technological revolution, and the signs are all around us. Go ahead and name any tech buzz word such as the Internet of Things, Big Data, or Artificial Intelligence, and it will definitely be related to so many industries out there. Here, however, we’re not going to talk about the new opportunities, but we’ll be warning you about emerging threats.

Integration and automatization have exposed many industries to new threats and vulnerabilities, and the oil and gas industry is no exception. It has never been more important to protect critical infrastructures due to the increase in cybersecurity threats in the oil and gas industry.

According to research conducted by ABI, the oil and gas industry has been gearing up against cyber threats by taking some preventative measures. The report illustrates how a cumulative $1.87 billion has been spent against cybersecurity threats in the oil and gas industry. Even though this is the case, most of the players in the industry still lack awareness and can easily fall victim to dangerous cyber-attacks.

InventU

What Could Possibly Happen?

The possible consequences of a cyber-attack highly depend on the cybercriminal’s aims. An example can be state-backed hackers or competitors that are interested in attaining or revealing important information held by the victim companies. Sabotage, on the other hand, is a whole new problem and is usually the aim of hacktivists – such as the case of #OpPetrol operation back in 2013.

The Possible Risks of a Successful Attack

Some of the risks that can be faced by victims of a successful cyber-attack can include the following:

  1. Plant shutdowns
  2. Equipment damages
  3. Interruption of utilities
  4. Shutdowns of production cycles
  5. Inappropriate or inconsistent product qualities
  6. Undetected spills
  7. Violations of safety measures which could result in injuries or even death

Hackers Can Break Into Operational Technology (OT) Networks

A computer worm called Stuxnet has been known to target PLCs or the industry’s programmable logic controllers along with SCADA systems. This was a wake-up call for so many industries other than the oil and gas industry because the worm had been designed in this way.

The general idea of cyber-attacks of this nature is quite simple. Applications in enterprises such as Enterprise Resource Planning systems or even Business Intelligence systems are usually connected with a large number of devices in plants. This is done with the help of some integration technologies that are used to transfer data across platforms such are smart devices. If these connections are not secured, such as the connections between OT and IT environments, then refineries are most definitely vulnerable to cyber-attacks.

Oil Market Fraud

Imagine if a cybercriminal uploaded malicious software into a system which has the ability to change stock information for oil and gas companies. An example can be the case where malware had the ability to fake certain types of data and make quantities appear much larger than they really are.

Once this occurs, the victim company will easily run out of production resources and hence fail to satisfy its respective obligations. As a result, the malware would have wreaked havoc and caused the company to experience huge losses while driving the oil price much higher.

Plant Destruction

In the production units of oil and gas companies, tank gauging systems and tank information management systems are connected. Some of these are equipped with functionalities that allow them to send individual commands to PLCs, which in turn are placed to control the filling of tanks.

When cybercriminals make their way to this information, nothing can prevent them from changing its critical values. How is this dangerous? Well, a cybercriminal could easily engineer an oil explosion by simply increasing the maximum filling limits of individual oil tanks.

In a similar manner, there are numerous processes in refineries and oil separation units that can be open to potential attacks via their burner management systems. These systems are not only meant to send information, but they are also designed in a manner to be managed remotely via special intermediate systems and business applications. Vulnerabilities in these remote operations can easily be compromised leading to the worst-case scenario of a plant explosion by simply turning off the purge functionalities.

Equipment Sabotage

Remote plant equipment is usually at risk of data manipulations as well. This can be in terms of pressure or temperature measurements and hackers could easily implant false forms of data which show breakdowns have occurred in remote facilities. This would then lead the victim refinery to waste their financial resources and time in false investigations.

The takeaway from all of the above may sound banal, but it is the ugly truth. The newest technological features and booming usage of the Internet of Things have simplified our lives quite a lot, but have also brought ahead some new risks. Now, it’s not only a question of the vulnerabilities of the people who use the Internet of Things or even electric skateboards. Every critical infrastructure that is connected to these technologies should take the threat seriously.

It is now time for oil and gas companies to realize that there are no gaps between OT and IT systems and that there are certain business applications that exchange critical information with devices. Due to this, these companies should seriously consider cybersecurity and setting strong lines of defense against possible attacks.

Author Profile
CEO/Publisher - 

The CEO of U.S. Energy Media, Emmanuel Sullivan is a technical writer who has built up his profile in the oil and gas industry. He lives and works in Houston, where he publishes Oilman and Oilwoman on a bimonthly basis, and Energies quarterly, distributing the magazine to energy thought leaders and professionals throughout the United States and around the world. At a time when technology is rapidly changing, he provides an invaluable service to oil & gas, and renewable energy executives, engineers, and managers, offering them both broad and specific looks at the topics that affect their livelihoods. Sullivan earned his BA in Communications at Thomas Edison State University and his MA in Professional Writing at Chatham University. 

CCUS
InventU


The Plaza Group Defining and Embracing the Core Values


Progressive Strides in Unconventional Oil and Gas Recovery


The State of Water 2019: How to Sustain the Oil and Gas Industry’s Lifeblood


Conductor Supported Platforms: Demystifying the Industry’s Best Kept Secret


Machine as a Service Will Be the Star of Industry 4.0


Virtual Reality is Not Just a Game, But Training


Why bbl? Energy Units in the USA and Other Countries


Pipeline Technology: Data’s Role in Midstream Pipeline Segmentation


Robotic Process Automation: Four Key Considerations for Oil & Gas


The Case for AI in Planning and Forecasting


A Closer Look at Remote Operations Centers


Feature Podcast: Progressive Strides in Unconventional Oil and Gas Recovery


Four Steps to Advanced Data Science in the Oil and Gas Industry


Coarse Filtration: The “First Line of Defense” In Protecting Oil and Gas Processes


From Gemini Corporation to Gemini Fabrication: Recovery after Receivership


What Safety Measures Should You Take for Lone Workers


Revolutionary Evaporation System Cuts Costs To $.006 Per Barrel And Protects Environment From Particulate Contamination


Letter from the Publisher (November-December 2019)


Drilling for IoT Data Insight


Automation and Economy: Driving Principles of the Modern Oil and Gas Industry


Five Essential Mobile Device Management Features for Oil and Gas Personnel


Driving Offshore Growth with Satellite Communications


Whose Milkshake is Whose?: Pennsylvania Supreme Court Considers Whether the Rule of Capture Applies to Hydraulic Fracturing


Boone’s Impact and Vision!


Pipelines as Critical Infrastructure


Most Common Oil and Gas Cybersecurity Threats

E-Fuels
InventU