Security
1 July 2015

West Africa Oil and Gas Security Summit Pushes Whole-Government Approach

The West Africa Oil and Gas Security 2015 Summit, organized by global Summits organizer IRN, and held 10–11 June 2015 at the Eko Hotel in Lagos, Nigeria, brought together senior-level security specialists from international oil companies (IOCs), national oil companies (NOCs), major service providers, and governmental bodies to discuss the security issues affecting the oil and gas industry in Nigeria and wider West Africa.

In terms of national security, the feeling within the conference was that adopting a whole-governmental approach is essential to improving security in West African countries. All sectors have a responsibility to support the national security establishment because there is a need for greater unity of purpose within the government parastatals to improve security in the country. It was also pointed out that the responsibility lies with Nigerians and foreigners who live, work, or do business in Nigeria for the benefit of all.

This sentiment was also felt in the maritime sessions on the second day, where it appeared that there is not a real political will to implement the International Ship and Port Facility Security Code by the African countries at present. The delegation called for them to come together in partnership with the governments of West Africa to fight piracy, armed robbery attacks, and hijacking in the Gulf of Guinea.

As for local communities, the need for lateral thinking was also highlighted, with delegates pointing out the fact that those working in artisanal refineries require basic engineering expertise. Those engaged in illegal oil production, therefore, could be a great asset to the legal industry if they were trained and invested in by the IOCs and NOCs. It is clear that local communities are still not benefiting enough from the wealth created by the oil and gas industry, and more needs to be done to address this if the industry is to be lucrative.

Additionally, speakers drew attention to the importance of private security, which is gradually coming into the limelight and will continue to be a lucrative profession in years to come. The delegation agreed it should be a collective responsibility to position this profession the same way as it is in the US, the UK, and other countries.

Over 2 days, panel discussions focused on community engagement and corporate social responsibility, as well as on the challenges around disaster and crisis management for the oil and gas industry. Other presentations and case studies focused on topics such as

  • Terrorism as a challenge for energy security
  • Business travel security
  • Managing the threat of kidnap for ransom
  • Enhancing security strategies to prevent theft and petty criminality
  • Oil theft in the Niger Delta
  • Creating a port security plan

Senior level delegates have called the turnout “very impressive,” calling the meeting a “well-organized summit [with] fascinating speakers and very articulated topics.”

The Summit’s official sponsors were the pipeline protection company Atmos International, maritime security experts Ocean Marine Security, security engineering provider Kontz Engineering, canine oil detection services K2 Solutions, bulletproof wears supplier Forts and Shields, and Proton Security Services. The forum was also supported by the Information Security Forum and the Africa Gas Association.

Read more about the summit here.

Bloomberg | 15 June 2015

Hackers’ Favorite Target: Big Oil and All That Deadly Equipment

Hackers have made the energy industry a favorite target.

A study conducted in April by Symantec, the world’s biggest cybersecurity firm, found that computer-system invaders attacked 43% of global mining and oil and gas companies at least once last year. In a separate survey the same month, conducted for the Organization of American States by another security company, Trend Micro, 47% of energy organizations reported attacks, the highest among all corporate sectors and surpassed only by governments.

“Nowadays, you have computers running everything,” said Alvaro Cardenas, a computer-science professor at the University of Texas at Dallas and a member of the Cyber Security Research and Education Institute. “You can create blackouts or oil spills and hurt a lot of people.”

As if last year’s oil-price drop wasn’t enough, costs for energy companies rose faster than the US average over the last 5 years, according to a study by the Ponemon Institute for Hewlett-Packard. Cybercrimes cost energy and utilities companies an average of USD 13.2 million each a year for lost business and damaged equipment, higher than in any other industry, according to Ponemon’s survey of 257 businesses.

Spending worldwide on cybersecurity for oil and gas infrastructure will reach USD 1.9 billion by 2018, according to ABI Research, a technology data company with offices worldwide.

Oil & Gas IQ | 10 June 2015

Cyber 9/11: Is the Oil and Gas Industry Sleepwalking Into a Nightmare?

Cyber Security within the oil and gas industry is a threat that is, in many cases, being ignored. It has a direct effect in the creation of government regulation and legislation, can have deep financial impact and—in some cases—can even cost lives.

The 2014 Verizon Data Breach report states that 40% of the attacks performed in the manufacturing and mining industry are cyberespionage-based. A UK survey revealed that 81% of large companies were digitally attacked, at an average cost of GBP 1 million per company. Similarly, 62% of small and medium-sized enterprises were digitally attacked in 2014 at an average cost of more than GBP 100,000 per incident.

28 May 2015

Summit Addresses Security Issues in West Africa

The director of development of the Nigeria Defense Headquarters from the Nigerian Ministry of Defense will give the welcome address at the second West Africa Oil & Gas Security Summit, taking place 10–11 June at the Eko Hotel and Suites in Lagos, Nigeria.

Oil production in Nigeria accounts for 70% of the economy, but the natural resource is much less profitable than it once was because of widespread corruption and vandalism. The fight against terrorism, piracy, and pipeline vandalism, as well as risk mitigation and asset integrity within the oil and gas industry will be the core focus of the senior level summit.

High-level speakers from Chevron, Sea Petroleum & Gas, Addax, Oando, Subsea7, the Nigerian Navy, and many more, combined with an intensively researched content, will provide the industry leaders in attendance with a comprehensive knowledge of the current oil and gas security situation in West Africa and the solutions to face the challenges of the industry.

The aim of the 2-day summit is to enable security heads in the region to forge new valuable business relations for the long-term resolution of current problems. Two panel discussions, several networking breaks, a gala dinner, and a brandy and cigar reception will allow delegates to discuss and assess the solutions that have proven to be successful and could benefit their business in the near future.

The summit’s official sponsors are the pipeline protection company Atmos International, maritime security experts Ocean Marine Security, security engineering provider Kontz Engineering, canine oil detection services K2 Solutions, and bulletproof wears supplier Forts and Shields. The forum is also supported by the Information Security Forum and the Africa Gas Association.

BLG via Mondaq | 14 May 2015

The Emergence of Cybersecurity and Cyberlitigation Issues Affecting the Oil And Gas Industry

Cybersecurity and related cyberlitigation issues continue to emerge and become top of mind for businesses. The frequency of cybersecurity attacks is startling. Research conducted in 2012 by the International Cyber Security Protection Alliance (ICSPA) revealed that 69% of Canadian businesses had experienced some type of attack within a 12-month period. Twenty-six percent of those affected reported “considerable” impact on their businesses in terms of financial and reputation damage.

As has been stated by Mike Rogers, US Intelligence Committee chairman, “There are two kinds of companies. Those that have been hacked and those that have been hacked but don’t know it yet”.

Steps are now being taken by regulators and businesses to bring awareness to these issues:

  • In 2014, the Securities Exchange Commission (SEC) held a roundtable discussion on the topic of cybersecurity, where it was noted according to speaker Mary Jo White that cyberthreats are first on the division of intelligence’s list of global threats, even surpassing terrorism.
  • In 2015, the SEC identified “the cybersecurity of registered investment companies and registered investment advisers as an important issue” and provided updated guidance in reducing cybersecurity risks.
  • In April 2015, the Cybersecurity Unit (Computer Crime & Intellectual Property Section Criminal Division) of the US Department of Justice, published “Best Practices for Victim Response and Reporting of Cyber Incidents.”

Upstream | 26 March 2015

Saudi Arabia Plans To Boost Oilfield Security

Saudi Arabia is to step up security around its oil fields and installations as the country leads a campaign of air strikes against rebel forces in Yemen.

The top OPEC producer is also to beef up security at its borders and around industrial facilities, the state-owned Saudi Press Agency reported.

Interior Minister Muhammad bin Nayef said at a meeting to review developments in Yemen that Saudi Arabia will be “strengthening all security measures on the borders of the kingdom and in all public utilities and around the oil and industrial facilities.”

Saudi Arabia is leading a coalition of regional partners in air strikes against Houthi Shia rebels in Yemen who are threatening to overthrow the government of President Abd-Rabbu Mansour Hadi.

Rigzone | 19 March 2016

Cybersecurity Activity Generating Its Own Set of Big Data

With more data and more sources of data, cybersecurity analytics in the oil and gas industry is rapidly becoming a big problem addressed by Big Data.

The growing amount of data associated with cybersecurity analysis involves multiple types of data. These sources include structured and unstructured data such as log files, instrumentation data, and network data, as well as investments by companies in intrusion detection systems, prevention detection systems, firewalls, data loss prevention centers, servers, and database applications, all of which generate a lot of data, said Rene Moreda, who oversees energy and utilities for the Americas at BAE Systems Applied Intelligence. Cybersecurity analytics also involves combing through data sources such as email, video surveillance feeds, geospatial information, and physical security data from access readers and logs.

“There is more data and more formats of data speeding across enterprises today,” Moreda said. “When you look at the Internet of Things and the need by companies to reduce costs and gain greater efficiencies through tools such as automation and wireless, the attack surface for oil and gas companies keeps getting bigger every day.”

Rigzone | 19 March 2015

Government Agencies To Monitor Offshore Marine, Energy Sector Cyberthreats

Cybersecurity is attaining the same level of importance that health, safety, and environment issues have in oil and gas over the past 20 years. Over the past 18 months, the US federal government also has undertaken a series of actions regarding cybersecurity issues in the oil and gas sector, said Glenn Legge, a partner at Legge, Farrow, Kimmitt, McGrath & Brown.

Through different agencies and the executive branch, the federal government has sought to encourage the private sector to create a more robust cybersecurity network. Late last year, the US Department of Homeland Security and the US Coast Guard announced that they would develop cybersecurity regulations for the marine and offshore energy sectors. These regulations would address concerns over cyberrisks and vulnerabilities among vessels and facilities subject to the Maritime Transportation Security Act of 2002.

The regulations will create standards and minimum requirements for companies working in the marine and offshore energy industries. Legge said his firm anticipates that some of the proposed regulatory requirements will be drawn from industry cybersecurity standards, as well as recommendations created by the National Institute of Standards and Technology, a nonregulatory branch of the US Department of Commerce.

Prior to this order, most of the existing regulations have been focused on data breach events, such as the theft of credit card and Social Security numbers, instead of a cyberattack on offshore infrastructure.

“Unlike exercising oversight over other marine and offshore energy activities, regulating cybersecurity will be very challenging, as industry standards in this area are continually evolving at a rapid rate in response to ever-changing cyberthreats,” according to the law firm’s February 2015 newsletter. “The new regulatory framework will have to have some degree of adaptability to oversee cybersecurity in an evolving threat environment.”

Rigzone | 16 March 2015

Will Low Oil Prices Prompt Cutbacks in Cybersecurity Spending?

The collapse in global oil prices has prompted companies across the industry, from operators to contractors, to sharply reduce capital and operating expenditures. Are these reductions also affecting spending on cybersecurity?

Most industry experts and government authorities, including the Department of Homeland Security, US Cyber Command, and the National Security Agency estimate that over 40% of the recent cyberattacks in North America targeted the oil, energy, and resources segments. Thus, it would be unwise and inappropriate to compromise some areas of security and safeguards, whether they address workplace safety, environmental impairment, pollution, or cybersecurity, said Glenn Legge, a partner at Legge, Farrow, Kimmitt, McGrath & Brown.

OE Digital | 29 January 2015

Research Shows Dragonfly Malware Not Targeting Energy Industry

Belden Inc. released new research that shows the recently revealed Dragonfly (Havex) malware is likely targeting the pharmaceutical sector, not the energy sector as previously believed.

Belden says, until now, advanced cyberattacks against industry have focused on the critical energy and chemical sectors. Manufacturing management teams are advised to update their risk assessments and ensure that their cybersecurity defenses can withstand what are clearly highly coordinated attacks by teams of professional hackers.

The new report, entitled “Defending Against the Dragonfly Cyber Security Attacks, Part A—Identifying the Targets,” is the first of four from Belden and investigates the victims, methods, and consequences of the Dragonfly cyberattack campaign. The series will close with an analysis of what defenses have proven to be either effective or ineffective against advance persistent threats, including Dragonfly. Many of the suggested actions are distinct from current common security practices.

Shale Energy Insider | 14 January 2015

Police Investigate Possible Sabotage of Hydraulic Fracturing Well

Western Australia’s Department of Mines and Petroleum (DMP) has completed a preliminary investigation into damage at hydraulic fracturing gas well Yulleroo 2, which was one of the first to be fractured in the Laurel wet gas formation.

The well was damaged recently, with the DMP becoming aware of the incident after an environmental group, Environs Kimberley reported it and an anti-fracturing group, Lock The Gate, took footage of the well.

The investigation has concluded that the valve had not been faulty but had been physically damaged. When the incident was first announced, the company that had fractured the well in 2010, Buru Energy, said that there had been no issues with well at the previous inspection.

The executive director of the DMP, Jeff Haworth, has said the evidence points to deliberate sabotage, which had been an initial speculation when the damage was first revealed.

Shale Energy Insider | 12 January 2015

Western Australia’s DMP Investigates Hydraulic Fracturing Gas Well Leak

A hydraulic fracturing gas well in the north of Western Australia is under investigation by the Department of Mines and Petroleum (DMP) following a leak that was reported by an environmental group with accompanying video evidence of the damage.

The well, which was fractured by Buru Energy in 2010, was one of the first stimulation wells in the Laurel wet gas formation.

The DMP became aware of the incident after an environmental group, Environs Kimberley, reported it and an anti-fracturing group, Lock The Gate, took footage of the well and its gas meter, which the group claims was showing readings that the pressure at the Yulleroo-2 well was “dangerous enough to explode.”

Petroleum division executive director Jeff Haworth said that, following an initial investigation, “it appears at this stage there has been no equipment or process failure” but continued “the damage presents a serious concern if a third part was involved.”

Mr Haworth added that, “in light of the serious nature of the damage involved, the department will be investigating further.”

The damage to the well was described by Haworth as physical damage rather than a stress or pressure failure, with the wellhead valve stem bent out of shape, which brought suggestions of possible sabotage.