Reuters | 26 May 2016

Nigerian Leaders Warn Against Crackdown in Delta as Chevron Attacked

Chevron’s onshore operations in Nigeria’s Niger Delta have been shut by a militant attack at its Escravos terminal, sources said on 26 May, and local leaders said military confrontation would not end the violence.

A militant group called the Niger Delta Avengers, which has told oil firms to leave the Delta before the end of May, said late on 25 May that it had blown up the facility’s mains electricity feed. Its attacks have hobbled oil output over the past month.

A company source said that “all activities in Chevron are grounded” onshore while oil industry sources said roughly 90,000 B/D of Escravos were gone due to the latest attack and another on Chevron’s offshore facilities earlier this month. Planned Escravos exports in the first half of 2016 averaged 167,000 B/D.

A Twitter account with the group’s name said late on 25 May: “We Warned #Chevron … but they didn’t Listen. @NDAvengers just blow up the Escravos tank farm Main Electricity Feed PipeLine.”

A Chevron spokeswoman in the United States said it was against policy to comment on the safety and security of personnel and operations.

Reuters | 10 May 2016

Nigerian Oil Output Falls Toward 22-Year Low as Violence Spreads

A series of attacks on Nigeria’s oil infrastructure has pushed its output of crude close to a 22-year low, Reuters data shows, putting intense pressure on the country’s finances.

Shell workers at Nigeria’s Bonga oilfield in the southern Niger Delta were evacuated following a militant threat, a senior labor union official said on 9 May, while attacks late last week forced Chevron to shut its Okan offshore facility, taking out 35,000 B/D.

While Shell said the latest unrest had not yet affected production, its Forcados field is still closed and under force majeure following a February subsea pipeline attack, taking out 250,000 B/D.

The violence has depressed production in what is typically Africa’s largest producer to roughly 1.69 million B/D in May, the lowest since at least June 2007, when production fell to 1.68 million B/D, International Energy Agency data shows.

A small reduction from any field would quickly send output to the next low, seen in August 1994, when it hit 1.46 million B/D, according to the IEA data.

“It’s really not a good situation,” said Eugene Lindell, senior energy analyst with JBC Energy in Vienna, noting that the global excess of crude was keeping Brent prices from moving significantly higher on the back of the outages. “They have less production, and they’re getting less bang for their buck.”

Reuters | 10 May 2016

Nigerian Union Says Oil Firms Should Evacuate Niger Delta Staff

Oil companies operating in Nigeria should evacuate staff from the southern Niger Delta following several attacks on oil facilities, a senior oil workers’ union official said on 10 May.

The attacks have pushed Nigeria’s crude output near to a 22-year low, sparking worries that militants might resume a full-scale insurgency in the Delta, a region where many complain of poverty despite sitting on much of the country’s energy wealth.

Last week, a group known as Niger Delta Avengers attacked a Chevron facility in the Delta after claiming a strike in February against a Shell pipeline, which shut down the 250,000-B/D Forcados export terminal.

“Best thing for any reasonable company to do is evacuate its workforce,” Cogent Ojobor, chairman of the Warri branch of the Nupeng oil labour union, said.

Reuters | 10 May 2016

Union Says Shell Workers Evacuated From Bonga Field After Militant Threat

Shell workers at Nigeria’s Bonga oil field in the southern Niger Delta are being evacuated following a militant threat, a senior labour union official said on 9 May.

“We are aware of the development, and the evacuation is being done in categories of workers and cadres,” Cogent Ojobor, chairman of the Warri branch of the Nupeng oil labor union, said. “My members are yet to be evacuated.”

He gave no numbers.

Shell said earlier on 9 May that oil output was continuing at its oil fields in Nigeria despite local media reports of a militant attack near its Bonga facilities.

“Our operations at Bonga are continuing,” a spokesman for Shell Nigeria Exploration and Production Company said in a statement. It said it would continue to monitor the security situation in its operating areas and take all possible steps to ensure the safety of staff and contractors.

Last week, militants attacked a Chevron platform in the Delta where tensions have been building up since authorities issued an arrest warrant in January for a former militant leader on corruption charges.

The Associated Press | 10 May 2016

Militants Attack Chevron Oil Facililty in Nigeria

Armed militants attacked a major Chevron oil and gas facility off Nigeria’s southern coast, the military said on 6 May, and the US-based multinational said it was forced to shut production there but its exports will continue.

A new group called the Niger Delta Avengers said it bombed Chevron’s Okan platform on 4 May and warned international companies that “the Nigerian military can’t protect your facilities.”

“This is what we promised the Nigeria government. Since they have refused to listen to us, we are going to bring the country’s economy to zero,” a statement said, threatening more attacks including in Abuja, the capital, and Lagos, the commercial center.

Rigzone | 3 May 2016

Jobs Set to Grow in Oil, Gas: Cybersecurity

The increasing use of the Internet of Things and Big Data in oil and gas is bound to lead to further concerns about cybersecurity among companies that operate in the sector. Indeed, it is a problem that already plagues the industry. Several organizations focused on cybersecurity see the energy industry as being especially susceptible to cyberattacks.

The US Department of Homeland Security (DHS) frequently highlights the energy sector as being the target of cybersecurity incidents. In 2015, DHS reported that of the 245 incidents reported to it by asset owners and industrial organizations during the previous year, 79 of these, about 32%, were reported by the energy sector. Another report, Trend Micro’s Report on Cybersecurity and Critical Infrastructure in the Americas, which was based on a survey conducted in 2015 of companies and government bodies in the Americas, found that 47% of energy organizations had experienced cyberattacks that attempted to delete or destroy their information.

DHS identifies the cyberthreat coming from what it calls “sophisticated actors” (code for state-sponsored hacking) as well as hacktivists, insiders, and criminals.

The oil and gas industry itself appears to be concerned about the threat. Ernst & Young stated in 2015 that 61% of oil and gas organizations surveyed believed they would be unlikely to be able to detect a sophisticated cyberattack. Only 13% thought that their information security function met their organizational needs.

Bennett Jones via Mondaq | 1 March 2016

Toward the Creation of IT Security Standards for the Alberta Oil and Gas Industry

In its first public report of 2016, the Office of the Auditor General of Alberta reviewed, among other things, information technology (IT) security for industrial control systems used in Alberta’s oil and gas industries. Forming part of the industry’s critical infrastructure, these systems consist of hardware and software technologies that facilitate the production and delivery of energy produced in Alberta (e.g., flow measurement and control products and pipeline leak detection solutions).

The auditor general’s office states the rationale for its audit is “… we believe Albertans may be at risk if [control standards] are unsecured or do not meet minimum IT security standards.”

Given that no entity within the government of Alberta has assessed the threats, risks, and effects of cyberattacks on control systems used in the Alberta oil and gas industry, the Alberta auditor general recommended that the Department of Energy and Alberta Energy Regulator work together to determine whether an assessment of such threats, risks, and effects should be undertaken.

Rigzone | 11 February 2016

Digital Shadows Offers New Defense to Oil, Gas Cyberthreats

As the oil and gas industry pushes toward greater use of automation and digital technologies to enhance operational efficiency, productivity, and safety, it must grapple with the cybersecurity threats that automation and digital technology present. With cyberthreats affecting energy operations, from upstream to energy trading, the traditional tools of perimeter monitoring make it challenging for oil and gas companies to gather and understand all of the information that lies in their digital shadows.

Digital Shadows’ technology goes beyond the perimeter, prowling through everything online, to find potential threats to oil and gas companies and their operations. These sources not only include the visibly open Internet that everybody uses but also sources not indexed by Google. Digital Shadows also monitors a subset of the Internet called the Deep Web, or Dark Web. This includes websites that that allow people to remain anonymous online. While much of this material is benign, forums and message boards where weapons, drugs, or company data can be bought and sold are found there.

Offshore Energy Today | 1 December 2015

Top 10 Cybersecurity Threats for the Oil and Gas Industry

With the exploitation of new cost-effective operational concepts, use of digital technologies, and increased dependence on cyberstructures, the oil and gas industry is exposed to new sets of vulnerabilities and threats, DNV GL writes in an article identifying the biggest cybersecurity threats to the oil and gas industry.

According to the company, cyberattacks have grown in stature and sophistication, making them more difficult to detect and defend against, and costing companies increasing sums of money to recover from.

DNV GL is delivering a cybersecurity study to the Lysne Committee, a body appointed by the Norwegian Ministry of Justice and Public Security to assess the country’s digital vulnerabilities. DNV GL’s study reveals the top 10 most pressing cybersecurity vulnerabilities for companies operating offshore Norway.

The top 10 cybersecurity vulnerabilities identified from the study are

  1. Lack of cybersecurity awareness and training among employees
  2. Remote work during operations and maintenance
  3. Using standard information-technology products with known vulnerabilities in the production environment
  4. A limited cybersecurity culture among vendors, suppliers, and contractors
  5. Insufficient separation of data networks
  6. The use of mobile devices and storage units including smartphones
  7. Data networks between on- and offshore facilities
  8. Insufficient physical security of data rooms, cabinets, etc.
  9. Vulnerable software
  10. Outdated and aging control systems in facilities

Read the full story here.

Rigzone | 19 November 2015

Oil, Gas Cyberattacks Increasing

Cyberattacks in the upstream oil and gas sector are increasing, according to Eric Knapp, the global director of cybersecurity solutions and technology for Honeywell Process Solutions.

At an annual meeting for Honeywell users in Europe, the Middle East, and Africa being held in Madrid , Knapp said that not only is the oil and gas industry seeing more cyberthreat activity but that threats of this nature are becoming more advanced.

“In those sites that we support directly, we have seen that there’s an increase in activity. We can extrapolate from that that globally there’s an increase … . Malware creation and the cyberthreat as an entity is an organization. Malware changes and evolves … . We’re seeing activity increase across the board.”

Rigzone | 17 November 2015

Changing Human Behavior Key To Thwarting Cybersecurity Attacks

Despite increased spending on technology to stave off cyberattacks, companies are getting compromised more and taking bigger hits.

The revenue of cybersecurity companies traded on the public market grew an annual average of 20% last year, said Rohyt Belani, cofounder and chief executive officer of PhishMe, during a keynote presentation at the API Cybersecurity Conference in Houston.

But a PricewaterhouseCoopers report found that the number of reported cybersecurity incidents rose by 48% this year and the number of companies reporting cyber-related financial hits of over USD 20 million grew by 92%.

“We love silver bullets in cybersecurity,” Belani said.

However, companies using this approach will likely fall flat on their face. Just like living a healthy lifestyle is no guarantee against a person getting cancer, cybersecurity is about mitigating risk and rapidly responding to events. But cybersecurity preparedness provides no guarantee that an incident won’t occur.

“Often what I find is that people equate compliance with security,” said Belani, but compliance isn’t enough. Instead, a threat-based approach is needed.

Rigzone | 17 November 2015

Security Chief Says Cybersecurity Ranks as Top Long-Term Threat to Statoil

While terrorist attacks grab headlines, cybersecurity poses the greatest long-term threat to Statoil ASA’s global oil and gas operations.

The 2013 terrorist attack on Statoil, BP, and Sonatrach’s jointly held facility in El Amenas, Libya, prompted Statoil to set up an independent investigation to assess the risk of a similar attack occurring in the future. The company’s report on the incident, published in September 2013, concluded that the company lacked a security culture and the security it had in place was not fit-for-purpose for a company with international aspirations.

After completing its assessment, Statoil determined that the great long-term threat to its operations came not from physical attacks but from cybersecurity attacks, Adrian Fulcher, head of security threat assessment at Statoil, told attendees at the API Cybersecurity Conference in Houston.

While the company operates in a number of challenging environments worldwide, most of Statoil’s assets are on the Norwegian continental shelf, Fulcher said. As a possible consequence, the company has had a fairly easygoing security culture, which also extended to Statoil’s cybersecurity culture.

“If we were to suffer a major large-scale accident as a result of an attack on our industrial control systems, it is something that would shape and change the future course of the company in a big way,” Fulcher said.