Report: Oil and Gas Cybersecurity Risks Will Continue in 2015
The oil and gas industry’s need to prepare for cyberattacks will not abate in 2015 as attacks continue to grow in number and sophistication.
During the past 30 years, the oil and gas sector has been the target of well-known cyberattacks. One of the most famous was launched against Saudi Aramco in 2012 by the terrorist organization Cutting Sword of Justice. The group launched the attack to stop oil and gas production in the largest exporter within the Organization of the Petroleum Exporting Countries (OPEC), according to a white paper by Lockheed Martin Corporation. The attack crippled 30,000 computers and disrupted Saudi Aramco for months.
“The attack on Saudi Aramco ultimately failed to disrupt production but was one of the most destructive cybersecurity strikes against a single business,” according to Lockheed Martin. “More importantly, this attack echoed the need for oil and gas companies to evaluate the importance of a cyberthreat landscape with regard to attacks and uncovered vulnerabilities.”
Another recent example of cybersecurity threats facing the oil and gas industry is the attack on Mexico’s state energy company Pemex by Iran-backed cyberattackers, reported by Bloomberg on 2 December. Hackers working for Iran have targeted at least 50 companies and government organizations, including commercial airlines, looking for vulnerabilities that could be used in physical attacks, Bloomberg quoted cybersecurity firm Cylance as saying.
Estimates vary, but the number of cyberattacks is on the rise. Lockheed Martin quoted reports by Symantec, which reported a 91% increase in targeted attack campaigns in 2013. This includes a 62% rise in the number of breaches. In the United States alone, IBM reported an estimated 1.5 million monitored cyberattacks occurred in 2013, a 12% year-to-year increase in security events.