Security
Time | 15 August 2016

Iran Investigates if Series of Oil Industry Accidents Were Caused by Cyberattack

After weeks of speculation on the cause of an unprecedented string of fires and explosions in major Iranian oil and gas facilities, Iran’s Supreme National Cyberspace Council has said that it is looking into cyberattacks as a possible cause. “Special teams will be sent to the afflicted sites to study the possibility of cybersystems having a role in the recent fires,” said Abolhasan Firoozabadi, secretary of the council.

The first of the fires, which started on 6 July, in the Bouali petrochemical plant on the Persian Gulf coast, took 3 days to put out and threatened to send toxic clouds of smoke into the nearby city of Mahshahr, with a population of 300,000. There were no fatalities, but damages are estimated to be tens of millions of US dollars, and insurers say it could be the biggest compensation claim in Iran’s history.

Less than 48 hours after the Bouali fire was put out, a worker was killed in the Marun Oil and Gas Production Company when a liquefied gas pipeline exploded. This was followed by a fire in the Bisotoon petrochemical plant in the western Iranian city of Kermanshah on 29 July, which took 2 days to put out.

Bijan Namdar Zanganeh, Iran’s petroleum minister, looks on ahead of the 169th Organization of Petroleum Exporting Countries (OPEC) meeting in Vienna, Austria, on 2 June 2016. Photo credit: Bloomberg/Getty Images.

The Iranian Petroleum Ministry, in charge of all of the affected sites denied the plants were sabotaged, and the Iranian oil minister Bijan Namdar Zanganeh said the fires and explosions were due to technical faults and human error. However, when an explosion in a gas pipeline near Gonaveh, which killed a worker, and another fire in the Imam Khomeini petrochemical plant occurred within hours of each other on 6 August, the ministry refused to comment until after investigations.

If the cyberspace council does rule that cyberattacks were behind these fires and explosions, it wouldn’t be the first time that Iran’s petroleum industry was the victim of such an attack; in April 2012, a virus forced the ministry to disconnect its main oil terminals and facilities from the Internet to protect them from damage. Officials later claimed that they had traced the service providers used by the attackers back to the US.

Reuters | 1 August 2016

Suspected Militants Attack Shell-Affiliated Pipeline in Nigeria’s Delta

Suspected militants have attacked an oil pipeline operated by a local affiliate of Shell in Nigeria’s restive southern Niger Delta region, locals and a community group said on 1 August.

Militants have attacked oil and gas facilities in the OPEC member’s energy hub over the last few months, cutting the country’s crude production—which stood at 2.2 million B/D) at the start of the year—by around 700,000 B/D.

Nobody has claimed responsibility for a blast at the Trans Ramos Pipeline near Odimodi, operated by Shell’s joint venture SPDC, which locals said happened in the early hours of 31 July shortly after 0100 (0800 EDT). Shell said the line was closed for repairs.

Rigzone | 29 July 2016

Ransomware Poses Potential Threat to Oil, Gas Cybersecurity

The number of cyberattacks against global oil and gas industry’s industrial control systems (ICSs) is expected to keep rising because of the industry’s growing use of automation, Internet of things technologies, and the increasingly unstable geopolitical environment.

Ransomware—a type of malware that infects a device and blocks access to data, then requires a ransom be paid to unlock the device—is expected to emerge as a growing threat to ICSs in a number of industries, including oil and gas, industry insiders say.

Data-wiping malware and cryptomalware are not new, but a form of ransomware, cryptoransomware, has become highly disruptive in recent years, according to a 2016 report by Forcepoint Security Labs, an Austin, Texas-based provider of cybersecurity solutions. Cryptoransomware works by encrypting a user’s files, then offering to sell the victim the decryption key, Forcepoint said. This type of ransomware can affect local files and those hosted on network shares.

Two other common types of ransomware are scareware, a demand for payment based on threat of future action, and lockers, which promise to restore user access to their screen or system in exchange for a fee.

Rigzone | 27 July 2016

Niger Delta Avengers Attack Another Pipeline

Nigerian militant group the Niger Delta Avengers (NDA) claimed late 24 July that it has blown up another pipeline.

In a statement issued by spokesperson Brigadier General Mudoch Agbinibo on the group’s website, the NDA said that it had blown up Nigerian National Petroleum Corporation’s (NNPC’s) gas pipeline at Nsit-Ibom L.G.A. in Nigeria’s Akwa Ibom state. “NNPC should check their pipeline if it’s ‘system anomaly’,” Agbinibo said.

The NDA—an organized and determined group described by security experts as “sophisticated” and having access to inside knowledge—has carried out several similar attacks in recent months. These include the destruction of wells operated by Chevron, while the group has also threatened to sink oil tankers in spite of a policy of not taking lives.

Oil and Gas facilities | 21 July 2016

Insider Threats Discussed at Cybersecurity Panel

Despite the significant and growing threat of cyberattacks oil and gas producers face, there is a persistent lack of awareness and understanding of the vulnerabilities present in the industrial control systems used for energy production and distribution operations. A panel of experts discussed the potential cybersecurity risks companies face from malicious actors, as well as risk mitigation strategies and emerging security standards in a session, “Cyber Security Assurance: Data and Critical Infrastructure Protection,” held at the 2016 Offshore Technology Conference.

Andrew Howard, director of the Cyber Technology and Information Security Laboratory at the Georgia Tech Research Institute, said cybersecurity risk is a pressing concern for all sectors of the industry, and that companies should not place the burden of handling cyberthreats solely on their information technology (IT) departments.

“It’s no longer just an IT problem,” Howard said. “It’s a multidisciplinary problem that covers just about every field. When we talk cybersecurity to complex organizations, it’s no longer about the IT channel. It’s also the upstream, the downstream, and the finances. It’s in human resources. It spreads over the entire organization, and it’s everyone’s problem.”

A common misconception companies have with regards to cybersecurity is that the “air gap,” or the physical isolation of a secure computer network from unsecured networks, is an effective strategy. Howard said a dedicated security protocol focused on physical systems must include basic cyberhygiene and asset inventory capabilities, even if it is not connected to unsecured networks.

Dawn Cappelli, vice president of information risk management at Rockwell Automation, said the biggest security threats companies face are from insiders, typically disgruntled former employees with technical knowledge and a personal predisposition to cause harm.

“People will cross that ethical line and steal your information because they rationalize in their mind why it’s OK: ‘I created that, that’s mine.’ Most people will not cross that ethical line, but the people who do tend not to get along well with other people. You have to walk on eggshells around them. They don’t take criticism well,” Cappelli said.

Early Implementation Key To Combating Cybersecurity Threats

By Stephen Whitfield, Oil and Gas Facilities Staff Writer

The business networks and technological systems that make up data-driven oil fields are susceptible to outside attacks and potential failures. As cyberattackers find ways to exploit the vulnerabilities in present security systems, the industry continues to develop more robust cybersecurity controls to protect its assets. It is important to implement these controls early in the project life cycle, an expert said.

During a Society of Petroleum Engineers webinar, “Protecting the Digital Oil Field From Emerging Cyber Threats,” Ayman al-Issa outlined various controls companies may put into the designs of their digital infrastructures. Al-Issa is the chief technologist of industrial cybersecurity at Booz Allen Hamilton.

Al-Issa said the nature of the cybersecurity threat has expanded beyond the spread of viruses and stealing data. Hackers now possess the capability to, among other things, increase pressure in a pipeline, change the parameter settings of field devices, close and open motorized valves, and cause a denial of service attack within an incident command system. An effective process control security system could be critical to preventing a disaster.

Companies help open the doors for potential attacks by incorrectly assuming a low security risk. Al-Issa said that, among other things, some companies presume they are not likely targets or that their business is not interesting enough to attract attention from hackers. They believe that having a proprietary production system, or isolating that system from other systems, provides an extra layer of security. However, as some sectors in the industry develop a more technologically integrated ecosystem, al-Issa said the risk of attacks will continue to increase.

“We need to realize that these attacks are not science fiction. They are realistic. Companies have started to realize the concern with critical infrastructures. We do have to take things more seriously, and we have to find ways to secure those critical infrastructures,” he said.

Read the full story here.

View the webinar here.

 

Rigzone | 12 July 2016

Islamic State, Political Instability Derail Libyan Oil Industry

Ongoing militant attacks on hydrocarbon installations in Libya have helped stem the production of oil in the country to well below pre-2011 output levels.

“Such activity, in combination with oil embargoes, has contributed to an 80% fall in national oil output since 2011,” said Ruth Lux, a senior consultant within JLT’s credit, political, and security risk division consulting team.

For most of the last 2 years, oil production in Libya has been stuck at around 300,000 to 400,000 B/D, Martijn Murphy, research manager for Wood Mackenzie’s Middle East and North Africa upstream oil and gas team said.

This output drop is not good news for the country considering it’s one of the most dependent oil economies in the world, according to a study by Bloomberg released in January.

Since the start of 2016, Islamic State (IS) has launched a number of attacks on Libya’s oil and gas assets.

In January, IS set fire to oil storage tanks in an assault on the Ras Lanuf terminal in northern Libya, and the group is suspected to have staged an attack on a water plant near the Sarir oil field in eastern Libya in March. An attempted assault on an oil field on 2 April led to the death of two guards, and it was revealed on 10 April that staff from three oilfields in eastern Libya had been evacuated because of fears of further attacks.

Following the latest assaults, the most senior United Nations official in Libya, Martin Kobler, said he was deeply concerned.

“The attacks of the so called Islamic State … are a serious threat to Libya’s oil installations,” said Kobler, the special representative of the secretary-general and head of the UN support mission in Libya, in a 27 April press release.

Reuters | 12 July 2016

Militants Blow Up Oil Pipelines in Nigeria’s Southern Niger Delta

Militants launched a fresh round of attacks on oil pipelines in Nigeria’s southern Niger Delta energy hub belonging to Italy’s Eni and Aiteo, Nigerian security forces, Eni, and a militant group said.

The attacks are the latest in a spate targeting oil and gas facilities in the OPEC member’s Niger Delta region over the last few months, which briefly pushed oil production this spring to 30-year lows.

The renewed violence could further cut into exports that were depressed as a result of infrastructure damage, underscoring the serious security threat to the oil production on which Nigeria relies for around 70% of its revenue.

Niger Delta Avengers, the group that has carried out most of the attacks, said on its website that it blew up the Nembe 1, 2, and 3 trunkline, which is owned by the Aiteo group, in Bayelsa and Rivers states in an early hours attack.

A spokesman for Eni confirmed that a separate attack on a crude pipeline in Bayelsa state, operated through its subsidiary, Nigerian Agip Oil Company, had taken place. No group has claimed responsibility for that attack.

The company said the impact on the group’s equity production was 4,000 BOE/D.

Bloomberg | 5 July 2016

Nigeria Gunmen Attack Oil Boat Crew, Kill Two People

Gunmen in Nigeria opened fire on a boat transporting Eni workers in the oil-rich Niger River delta, killing at least two people, the company said.

The team was attacked on 29 June “on the way to a well location for routine operations in the Nembe area,” Rome-based Eni said in an emailed statement on 2 July. “Three members of the team managed to escape.”

The bodies of the two that were missing were found 2 days later, the oil producer said. Security agencies are investigating the incident, according to the company. No group has claimed responsibility for the attack, said Desmond Agu, the local commandant of the Civil Defence Force, whose agency had been part of the search party that recovered the bodies.

Reuters | 5 July 2016

Niger Delta Avengers Group Claims Five Attacks in Nigeria’s Southern Delta

The Niger Delta Avengers, a militant group that has been carrying out attacks on Nigerian oil facilities in the past few months, claimed responsibility on 3 July for five new attacks in the southern energy hub since 1 July.

The group had previously not laid claim to any attacks in the Niger Delta—the source of most of the OPEC member’s oil—since June 16.

Petroleum Ministry sources said in late June that a month-long truce had been agreed with militants. But the Avengers said they did not “remember” agreeing to a ceasefire.

Attacks in the Niger Delta have pushed Nigerian crude production to 30-year lows, although the Nigerian National Petroleum Corporation (NNPC) said last week that output was rising because of repairs and a fall-off in attacks.

In messages posted on Twitter in the early hours of 3 July, the Avengers said they had attacked a pipeline connected to the Warri refinery operated by NNPC on the night of 1 July.

They added that they blew up two lines on on the night of 2 July close to Batan flow station in Delta state run by NPDC, a subsidiary of NNPC.

The militants also said two Chevron facilities close to Abiteye flow station, in Delta state, came under attack early on 3 July.

Residents in some of those areas reported hearing blasts.

“All five operations” were carried out by an Avengers “strike team”, the group said.

Garba Deen Muhammad, a spokesman for state oil company NNPC, whose managing director is the oil minister, confirmed that the crude facilities identified by the Avengers had been attacked.

“Government will not be deterred in its efforts to find a lasting solution to these attacks,” he said.

Chevron spokeswoman Isabel Ordonez said that “as a matter of long-standing policy,” the company did not comment on “the safety and security” of its personnel and operations.

The militants say they want a greater share of Nigeria’s oil wealth, which accounts for around 70% of national income, to be passed on to communities in the impoverished region and for areas blighted by oil spills to be cleaned up.

Rigzone | 22 June 2016

Niger Delta Attacks Threaten West African Production, Power Supply

Recent attacks on Nigeria’s energy infrastructure are sending shockwaves throughout the region as the disruption in supply poses a significant threat to the economy.

Attacks on oil and gas production sites in the Niger Delta are threatening both production volumes and power supply of West African countries.

Oil producing assets in the Niger Delta have driven production down by almost 40% to 1.4 million B/D, the country’s oil minister has said.

These attacks—carried out by a group that calls itself the Niger Delta Avengers—have pushed Nigeria’s crude output to a 20 year low, Verisk Maplecroft Senior Africa Analyst Malte Liewerscheidt said. The result is “offsetting the benefits of a 70% oil price rally since January 2016,” he said.

“Disruption to energy infrastructure in the delta has tremendous repercussions for the economy as a whole, and the shockwaves are being felt even beyond Nigeria’s borders,” Liewerscheidt said.

“In addition to Nigeria itself, the attacks are having devastating effects on power supply in Benin, Togo, and Ghana, which rely on Nigerian gas supplied through the West African Gas Pipeline (WAGP). Power supply in Nigeria, which has been erratic for many years, dropped by another 50% between January and May. Meanwhile, gas supply through the WAGP, which is supposed to fuel power plants along the West African coast, is down by 95% due to pipeline attacks and production shut-ins in Nigeria,” Liewerscheidt said.

The lack of power supply is a severe blow to the region’s industrial sector, he explained, adding that the economies of Nigeria and Ghana are already reeling from the consequences of the commodity price downturn.

Rigzone | 15 June 2016

Militant Group Threatens To Sink Oil Tankers, Review Its Stance of Not Taking Lives

The Niger Delta Avengers (NDA) militant group has threatened to sink oil tankers and review its stance of not taking lives in its latest warning to oil and gas companies operating in the Niger Delta.

In a press statement released on the group’s official website, the NDA also restated its intention to attack the interests of oil corporations if they repaired any facilities damaged by the group.

“They should not undertake any repair of pipeline, oil and gas facilities that is damaged or attacked by our forces,” said General Mudoch Agbinibo in an NDA statement.

The NDA has carried out several attacks on oil and gas firms in the region since the start of the year, blowing up Chevron’s Escravos terminal and the company’s RMP 24 and RMP 23 wells in the process.

The Escravos attack followed NDA’s warning to Chevron that no repair works should be carried out to facilities previously targeted by the group until NDA’s demands are fully met. NDA claimed on its official website on 11 May that it suspected Chevron was preparing to carry out repair works at the Okan Valve platform, which was blown up by the group at the start of the month.