Rigzone | 8 November 2016

The State of Cybersecurity in Today’s Oil, Gas Industry

The convergence of digital technology with existing supervisory control and data acquisition (SCADA) infrastructure has increased the oil and gas industry’s risk to cyberattacks, industry insiders say.

Oil and gas companies are lucrative targets for cyberattackers motivated to perform industrial espionage, steal intellectual property, or cause critical infrastructure disruptions, Todd O’Boyle, cofounder and chief technology officer of Percipient Networks, said. Attacks are typically part of an ongoing attempt by individuals and interest groups worldwide—in some cases, government agencies and nation-states—to disrupt the oil and gas market and damage the financial standing of these companies, said Jessica Cooper, lead marketing manager for Check Point Software.

The oil and gas industry not only faces cyberthreats that are commercial in nature but also cyberthreats from activists such as environmental groups. These threats, if successful, “could have severe threats not just on the industry but also on the environment, public health and safety, and even national security,” according to March 2016 report by The Boston Consulting Group.

The oil and gas industry’s value chain not only offers many potential points for entry of attack but also leaves the industry vulnerable to multiple types of attacks. The Boston Consulting Group found that upstream data was the most vulnerable to cyberattacks. This is due to data often being transmitted from old or unsecured equipment and without standard protocols or security precautions.

Reuters | 1 November 2016

Niger Delta Leaders Want Army Out and Oil Firms To Relocate to Region

Leaders from the Nigeria’s Niger Delta called on 1 November on President Muhammadu Buhari to pull the army out from the oil hub, order oil firms to move headquarters there, and spend more on development to end militancy in the region.

Buhari met leaders from the southern swampland for the first time since militants started a wave of attacks on oil pipelines in January to push for a greater share of oil revenues.

At the meeting in the presidential villa in Abuja, Niger Delta leaders, joined by representatives of militant groups, gave Buhari a list of 16 demands to pacify the impoverished region where many say they do not benefit from the oil wealth.

The list “includes the withdrawal of the military in oil producing communities in the region,” King Alfred Diete-Spiff, a Niger Delta leader leading the region’s delegation, said after the meeting, adding, “We don’t want the communities militarized.”

Buhari sent in army reinforcements in May to hunt down militants, a move that stoked anger as residents complained of rape, looting, and arrests of youths unrelated to the militants, charges denied by the military.

The delegation leader also said oil firms should move headquarters to the region so unemployed youths—who often work for militants—could get more jobs. Foreign firms active in Nigeria are often based in the commercial capital Lagos.

Rigzone | 26 October 2016

Industry Should Hire Hackers to Boost Cybersecurity

The oil and gas industry should hire hackers in order to boost cybersecurity, said Eric Knapp, chief engineer for cybersecurity solutions and technology at Honeywell Process Solutions.

The oil and gas industry should hire hackers in order to boost cybersecurity, said Eric Knapp, chief engineer for cybersecurity solutions and technology at Honeywell Process Solutions.

The oil and gas industry should hire hackers in order to boost cybersecurity, said Eric Knapp, chief engineer for cybersecurity solutions and technology at Honeywell Process Solutions.

Speaking at the EMEA HUG conference in The Hague, Knapp urged delegates to shed their negative perceptions of these people and offer them a place in the sector.

“We have to stop thinking of hackers as evil … . The truth is hackers are people. They have a curiosity, they have an interest, they have a skill, and a skill isn’t good or evil. A person isn’t good or evil. The circumstances you put them in dictate that,” Knapp said.

“If we hire them, and we put them on the good team, then they’re our heroes. If we don’t hire them, they’re going to find some other way to make money off of their skills … . If they’re on our team they help, if they’re on the other team, they hurt. They’re not going to just go away,” he added.

Knapp’s comments followed a stark warning from Laura Pilia of energy company SARAS and Jos Oelers of petrochemicals firm SABIC, made during the opening speech of the third day of the conference, which outlined a growing spate of cyberattacks in the industry.

Eighty-two percent of oil and gas industry respondents have reported an increase in successful cyberattacks over the past 12 months, Pilia and Oelers told conference participants. Looking at the influence of cyberattacks in the wider community, the conference leaders outlined that these occurrences cost businesses as much as USD 400 billion per year.

In a further warning to the sector, Honeywell’s Global Cyber Security Business Leader Jeff Zindel said that cyberattacks on oil and gas facilities are bound to increase over the next year.

“I think it will certainly increase,” Zindel said.

“The hacker community is increasingly focusing on industrial plants … . It’s a multibillion-dollar market that’s out there, and that’s growing, and we’re certainly seeing an increasing focus on critical infrastructure in industrial,” he added.

Rigzone | 14 September 2016

Directive Seeks To Coordinate Response to Oil, Gas Cyberattacks

A US presidential policy directive will treat companies targeted by cyberattackers as victims of a crime—and not automatically at fault—as the government looks to create an environment conducive to sharing information on cyberattacks, according to a former official with the US Federal Bureau of Investigation (FBI).

A new presidential directive aims to establish guidelines for a significant cyberattack against US companies, including oil and gas.

The Presidential Policy Directive 41 (PPD 41) on United States Cyber Incident Coordination, signed 26 July by President Obama and now in effect, establishes guidelines for how the US federal government will respond to cyberattacks launched against the public and private sectors.

This includes US companies across a number of industries, including oil and gas. The cybersecurity risks that oil and gas companies face continue to grow, according to the 2016 BDO report Oil & Gas Risk Factor. Risks associated with data breaches have grown from just 12% in 2012 to 74% in 2016, with cybersecurity proving to be a rapidly moving target as bad actors evolve and leverage increasingly sophisticated hacking methods, BDO stated in the report. BDO is an accounting and consulting firm that provides services to more than 400 publicly traded domestic and international clients.

“Cyberincidents are a fact of contemporary life, and significant cyberincidents are occurring with increasing frequency, impacting public and private infrastructure located in the United States and abroad,” the White House said in a 26 July press statement. “While the vast majority of cyberincidents can be handled through existing policies, certain cyberincidents that have more significant impacts on an entity, our national security, or the broader economy require a unique approach to response efforts,” the White House stated.

Rigzone | 6 September 2016

Dealing With Cyberthreats in the Middle East

Since the 2010 discovery of the Stuxnet worm targeted at industrial programmable logic controllers, the Middle East has been central to the increased profile of cybersecurity threats facing industrial enterprises worldwide.

While the threats have continued to evolve, the Middle East remains a key target for attackers. In early 2015, for example, cybersecurity firm Symantec identified a new information harvesting malware—dubbed “Trojan.Laziok”—targeting energy companies worldwide. The most frequent target for these attacks, according to Symentec, were the UAE (25%), Saudi Arabia and Kuwait (10%), and Oman and Qatar (5%).

With attacks increasing both in terms of numbers and sophistication, for most it is not a question of if they are attacked, but when. Whether from enemy states, terrorists, “hacktivists” criminals, or insiders, the risks facing oil and gas producers in the region are ever changing and ever growing.

A survey conducted for Honeywell by researchers Ipsos shows this message has been heard—more than two thirds (69%) in the UAE, for example, fear cyberhackers breaching the defenses of major sectors of the economy, and 64% say oil and gas producers are vulnerable to attack.

Reuters | 1 September 2016

Niger Delta Avengers Says It Has Halted Hostilities in Nigerian Delta

A Nigerian militant group, which has claimed responsibility for a series of attacks on oil and gas facilities in the southern Niger Delta energy hub in the last few months, said on 29 August that it had halted hostilities.

An oil slick clots the bottom of mangroves in Bodo creek in Ogoniland, near Nigeria’s oil hub city of Port Harcourt on 4 December 2012. Source: Reuters/Akintunde Akinleye/File Photo.

The statement by the Niger Delta Avengers comes just over a week after the militant group said it was ready for a ceasefire and talks with the government.

The swampland region—which produces most of the oil that makes up 70% of government revenue—has been hit by pipeline attacks since January that have cut the OPEC member’s output by 700,000 B/D to 1.56 million B/D.

“We have listened carefully and halted hostilities in the Niger Delta,” said the Avengers in the statement, presented as an open letter to President Muhammadu Buhari on the group’s website.

Time | 15 August 2016

Iran Investigates if Series of Oil Industry Accidents Were Caused by Cyberattack

After weeks of speculation on the cause of an unprecedented string of fires and explosions in major Iranian oil and gas facilities, Iran’s Supreme National Cyberspace Council has said that it is looking into cyberattacks as a possible cause. “Special teams will be sent to the afflicted sites to study the possibility of cybersystems having a role in the recent fires,” said Abolhasan Firoozabadi, secretary of the council.

The first of the fires, which started on 6 July, in the Bouali petrochemical plant on the Persian Gulf coast, took 3 days to put out and threatened to send toxic clouds of smoke into the nearby city of Mahshahr, with a population of 300,000. There were no fatalities, but damages are estimated to be tens of millions of US dollars, and insurers say it could be the biggest compensation claim in Iran’s history.

Less than 48 hours after the Bouali fire was put out, a worker was killed in the Marun Oil and Gas Production Company when a liquefied gas pipeline exploded. This was followed by a fire in the Bisotoon petrochemical plant in the western Iranian city of Kermanshah on 29 July, which took 2 days to put out.

Bijan Namdar Zanganeh, Iran’s petroleum minister, looks on ahead of the 169th Organization of Petroleum Exporting Countries (OPEC) meeting in Vienna, Austria, on 2 June 2016. Photo credit: Bloomberg/Getty Images.

The Iranian Petroleum Ministry, in charge of all of the affected sites denied the plants were sabotaged, and the Iranian oil minister Bijan Namdar Zanganeh said the fires and explosions were due to technical faults and human error. However, when an explosion in a gas pipeline near Gonaveh, which killed a worker, and another fire in the Imam Khomeini petrochemical plant occurred within hours of each other on 6 August, the ministry refused to comment until after investigations.

If the cyberspace council does rule that cyberattacks were behind these fires and explosions, it wouldn’t be the first time that Iran’s petroleum industry was the victim of such an attack; in April 2012, a virus forced the ministry to disconnect its main oil terminals and facilities from the Internet to protect them from damage. Officials later claimed that they had traced the service providers used by the attackers back to the US.

Reuters | 1 August 2016

Suspected Militants Attack Shell-Affiliated Pipeline in Nigeria’s Delta

Suspected militants have attacked an oil pipeline operated by a local affiliate of Shell in Nigeria’s restive southern Niger Delta region, locals and a community group said on 1 August.

Militants have attacked oil and gas facilities in the OPEC member’s energy hub over the last few months, cutting the country’s crude production—which stood at 2.2 million B/D) at the start of the year—by around 700,000 B/D.

Nobody has claimed responsibility for a blast at the Trans Ramos Pipeline near Odimodi, operated by Shell’s joint venture SPDC, which locals said happened in the early hours of 31 July shortly after 0100 (0800 EDT). Shell said the line was closed for repairs.

Rigzone | 29 July 2016

Ransomware Poses Potential Threat to Oil, Gas Cybersecurity

The number of cyberattacks against global oil and gas industry’s industrial control systems (ICSs) is expected to keep rising because of the industry’s growing use of automation, Internet of things technologies, and the increasingly unstable geopolitical environment.

Ransomware—a type of malware that infects a device and blocks access to data, then requires a ransom be paid to unlock the device—is expected to emerge as a growing threat to ICSs in a number of industries, including oil and gas, industry insiders say.

Data-wiping malware and cryptomalware are not new, but a form of ransomware, cryptoransomware, has become highly disruptive in recent years, according to a 2016 report by Forcepoint Security Labs, an Austin, Texas-based provider of cybersecurity solutions. Cryptoransomware works by encrypting a user’s files, then offering to sell the victim the decryption key, Forcepoint said. This type of ransomware can affect local files and those hosted on network shares.

Two other common types of ransomware are scareware, a demand for payment based on threat of future action, and lockers, which promise to restore user access to their screen or system in exchange for a fee.

Rigzone | 27 July 2016

Niger Delta Avengers Attack Another Pipeline

Nigerian militant group the Niger Delta Avengers (NDA) claimed late 24 July that it has blown up another pipeline.

In a statement issued by spokesperson Brigadier General Mudoch Agbinibo on the group’s website, the NDA said that it had blown up Nigerian National Petroleum Corporation’s (NNPC’s) gas pipeline at Nsit-Ibom L.G.A. in Nigeria’s Akwa Ibom state. “NNPC should check their pipeline if it’s ‘system anomaly’,” Agbinibo said.

The NDA—an organized and determined group described by security experts as “sophisticated” and having access to inside knowledge—has carried out several similar attacks in recent months. These include the destruction of wells operated by Chevron, while the group has also threatened to sink oil tankers in spite of a policy of not taking lives.

Oil and Gas facilities | 21 July 2016

Insider Threats Discussed at Cybersecurity Panel

Despite the significant and growing threat of cyberattacks oil and gas producers face, there is a persistent lack of awareness and understanding of the vulnerabilities present in the industrial control systems used for energy production and distribution operations. A panel of experts discussed the potential cybersecurity risks companies face from malicious actors, as well as risk mitigation strategies and emerging security standards in a session, “Cyber Security Assurance: Data and Critical Infrastructure Protection,” held at the 2016 Offshore Technology Conference.

Andrew Howard, director of the Cyber Technology and Information Security Laboratory at the Georgia Tech Research Institute, said cybersecurity risk is a pressing concern for all sectors of the industry, and that companies should not place the burden of handling cyberthreats solely on their information technology (IT) departments.

“It’s no longer just an IT problem,” Howard said. “It’s a multidisciplinary problem that covers just about every field. When we talk cybersecurity to complex organizations, it’s no longer about the IT channel. It’s also the upstream, the downstream, and the finances. It’s in human resources. It spreads over the entire organization, and it’s everyone’s problem.”

A common misconception companies have with regards to cybersecurity is that the “air gap,” or the physical isolation of a secure computer network from unsecured networks, is an effective strategy. Howard said a dedicated security protocol focused on physical systems must include basic cyberhygiene and asset inventory capabilities, even if it is not connected to unsecured networks.

Dawn Cappelli, vice president of information risk management at Rockwell Automation, said the biggest security threats companies face are from insiders, typically disgruntled former employees with technical knowledge and a personal predisposition to cause harm.

“People will cross that ethical line and steal your information because they rationalize in their mind why it’s OK: ‘I created that, that’s mine.’ Most people will not cross that ethical line, but the people who do tend not to get along well with other people. You have to walk on eggshells around them. They don’t take criticism well,” Cappelli said.

Early Implementation Key To Combating Cybersecurity Threats

By Stephen Whitfield, Oil and Gas Facilities Staff Writer

The business networks and technological systems that make up data-driven oil fields are susceptible to outside attacks and potential failures. As cyberattackers find ways to exploit the vulnerabilities in present security systems, the industry continues to develop more robust cybersecurity controls to protect its assets. It is important to implement these controls early in the project life cycle, an expert said.

During a Society of Petroleum Engineers webinar, “Protecting the Digital Oil Field From Emerging Cyber Threats,” Ayman al-Issa outlined various controls companies may put into the designs of their digital infrastructures. Al-Issa is the chief technologist of industrial cybersecurity at Booz Allen Hamilton.

Al-Issa said the nature of the cybersecurity threat has expanded beyond the spread of viruses and stealing data. Hackers now possess the capability to, among other things, increase pressure in a pipeline, change the parameter settings of field devices, close and open motorized valves, and cause a denial of service attack within an incident command system. An effective process control security system could be critical to preventing a disaster.

Companies help open the doors for potential attacks by incorrectly assuming a low security risk. Al-Issa said that, among other things, some companies presume they are not likely targets or that their business is not interesting enough to attract attention from hackers. They believe that having a proprietary production system, or isolating that system from other systems, provides an extra layer of security. However, as some sectors in the industry develop a more technologically integrated ecosystem, al-Issa said the risk of attacks will continue to increase.

“We need to realize that these attacks are not science fiction. They are realistic. Companies have started to realize the concern with critical infrastructures. We do have to take things more seriously, and we have to find ways to secure those critical infrastructures,” he said.

Read the full story here.

View the webinar here.