Security
Center for Strategic and International Studies | 19 June 2014

Questions and Answers About Iraq and Global Oil Markets

Q: How is the recent escalation of violence in Iraq impacting global oil markets?

A: Last week’s attack on and seizure of Mosul (Iraq’s second largest city) by armed groups affiliated with the Islamic State of Iraq and the Levant (ISIL), an extreme jihadist group, represents a major expansion of the group’s previously held control of areas near the Syria/Iraqi border and escalated security concerns within Iraq.

Unable to stem the tide of the incursion thus far, the Maliki government asked Parliament to declare a state of emergency and requested assistance from the US military as well. The US Embassy is already evacuating certain employees and sending in additional troops to bolster security at the Embassy, recent press reports indicate that several energy companies operating in southern Iraq have done the same, and indications are that the ISIL forces have recently take over a major refinery in Baiji, a town north of Baghdad (though the refinery provides products to the domestic market).

The deteriorating security situation in Iraq and the prospect of an even broader humanitarian and regional political crisis is at the forefront of an already tense geopolitical landscape this week with Russia cutting natural gas supplies to Ukraine and ongoing territorial posturing between China and Japan in Asia. Given the complexity of the ethnic, national, and regional disputes and alliances within in the Middle East, however, the current situation in Iraq has clear potential to follow a rapid and dangerous trajectory.

Bloomberg | 16 June 2014

UglyGorilla Hack of US Utility Exposes Cyberwar Threat

Somewhere in China, a man typed his user name, “ghost,” and password, “hijack,” and proceeded to rifle the computers of a utility in the northeastern United States.

He plucked schematics of its pipelines. He copied security-guard patrol memos. He sought access to systems that regulate the flow of natural gas. He cruised channels where keystrokes could cut off a city’s heat or make a pipeline explode.

That didn’t appear to be his intention, and neither was economic espionage. While he was one of the Chinese officers the US charged last month with infiltrating computers to steal corporate secrets, this raid was different. The hacker called UglyGorilla invaded the utility on what was probably a scouting mission, looking for information China could use to wage war.

UglyGorilla is one of many hackers the FBI has watched. Agents have recorded raids by other operatives in China and in Russia and Iran, all apparently looking for security weaknesses that could be employed to disrupt the delivery of water and electricity and impede other functions critical to the economy, according to former intelligence officials with knowledge of the investigation. The incursions spurred a debate in the Obama administration over whether and how to respond and raised alarms among lawmakers briefed on the incidents.

Rigzone | 19 May 2014

Energy Companies See Email, Hacktivists as Major Cybersecurity Threats

A recent study found that 61% of energy firms view email as the biggest threat vector for cyberattacks via malware and that hacktivists are seen as posing the biggest threat to energy companies.

The study by ThreatTrack Security examined the vulnerabilities of energy and financial service firms—the industries that are most frequently targeted by cybercriminals. Both industries are under constant pressure from attackers due to the high-value assets they own, which represents a significant risk for the US economy and critical physical infrastructure, ThreatTrack said in a press release.

“There are a wide range of threat actors and attack vectors targeting these two industries, and ThreatTrack Security’s report investigates the challenges in these organizations face in defending themselves, and what they plan to do to increase security,” said ThreatTrack.

According to the study, 72% of respondents from both industries are confident their company will be targeted by an advanced persistent threat, targeted malware attack, or other sophisticated cybercrime or cyber-espionage tactics in the next 12 months. Of these respondents, 38% of the survey respondents said an attack was a certainty or highly unlikely.

Rigzone | 13 May 2014

Oil, Gas Industry Looks To Hire More Cybersecurity Professionals To Address Risks

Oil and gas companies are looking to hire more cybersecurity professionals as recent advances in oil and gas technology, which have created greater efficiency and reliability, also raise the industry’s risk from cyberattacks.

As it becomes more lucrative and high-profile, the oil and gas industry has become more of a target for cyberattacks. “Oil and gas is holding the economy together in a lot of ways, and is one of the few sectors not struggling,” said Chad Pinson, managing director of global investigations for cybersecurity at Stroz Friedberg.

Pinson said Stroz Friedberg sees more of its clients talking with the company about cybersecurity about ways they can bolster their cybersecurity preparedness. The hiring trend is not surprising, given the growing stakes and damage that can be caused by both sophisticated and unsophisticated attackers, Pinson noted.

“While the level of sophistication for cyberattackers has grown,” he said, “even an unsophisticated hacker can download a tool and do pretty good damage.”

Reuters | 25 April 2014

Global Shipping Fleet Exposed to Hacking Threat

The next hacker playground: the open seas—and the oil tankers and container vessels that ship 90% of the goods moved around the planet.

In this internet age, as more devices are hooked up online, so they become more vulnerable to attack. As industries such as maritime and energy connect ships, containers, and rigs to computer networks, they expose weaknesses that hackers can exploit.

Hackers recently shut down a floating oil rig by tilting it, while another rig was so riddled with computer malware that it took 19 days to make it seaworthy again; Somali pirates help choose their targets by viewing navigational data online, prompting ships to either turn off their navigational devices or fake the data so it looks like they’re somewhere else; and hackers infiltrated computers connected to the Belgian port of Antwerp, located specific containers, made off with their smuggled drugs, and deleted the records.

Reuters | 16 April 2014

South Sudan Rebels Say They Have Seized Oil Hub Bentiu, Tell Foreign Firms To Go

South Sudanese rebels said on 15 April that they have seized the capital of oil-producing Unity state, Bentiu, and warned oil firms to pack up and leave within a week.

Thousands of people have been killed and more than 1 million displaced since fighting erupted in South Sudan in the middle of December, triggered by a power struggle between President Salva Kiir and former Vice President Riek Machar.

“The recapturing of Bentiu marks the first phase of liberation of oil fields from (the) antidemocratic and genocidal forces of Kiir,” rebel spokesman Lul Ruai Koang said in a statement.

Urging all oil firms operating in government-held areas to shut their operations and evacuate their staff within a week, he said, “Failure to comply with this request, the oil companies risk forced oil shutdown and the safety of their staff.”

 

Reuters | 9 April 2014

Energy Companies Need Insurance Cover for Cyberattack “Time Bomb”

Energy companies have no insurance against major cyberattacks, reinsurance broker Willis said on 8 April, likening the threat to a “time bomb” that could cost the industry billions of dollars.

Willis highlighted the industry’s vulnerability to cyberthreats in its annual review of the energy sector’s insurance market, which called on insurers to find a way to provide cover.

“A major energy catastrophe—on the same scale as … Exxon Valdez or Deepwater Horizon—could be caused by a cyberattack, and, crucially, that cover for such a loss is generally not currently provided by the energy insurance market,” the insurance broker said.

Most insurance products currently available will cover minor things such as data losses or downtime caused by IT issues, but not major events like explosions at multiple facilities triggered remotely by hackers, Willis said.

Reuters | 11 March 2014

BP Shelves Onshore Exploration in Libya as Instability Grows

Oil and gas major BP said it had mothballed plans to explore in Libya’s Ghadames basin because of security concerns, the latest in a series of companies to rethink their projects amid growing instability.

Three years of turmoil since the Arab Spring and tough contract terms have prompted oil firms to reassess their role in Libya, and several have said they would postpone their plans or scrap them altogether.

BP’s exploration and production sharing agreement with Libya covers onshore acreage in Ghadames, near the border between Libya, Algeria, and Tunisia, and offshore acreage in the central Sirte basin.

“With respect to the onshore exploration drilling program, a security review in June concluded that this could not be safely and securely delivered by BP at this time. Alternative approaches are being considered,” BP said in its annual report.

Fuel Fix | 28 February 2014

Shell Nigeria Closes Major Pipeline, Cites Theft

Shell Nigeria said on 27 February that it has closed a 6,000-km oil pipeline to repair leaks from oil theft.

Shell recently threatened to close the Nembe Creek Trunk Line because of repeated sabotage. It carries about 150,000 B/D for Africa’s biggest oil producer. Shell did not say how much oil has been lost through the leaks or how the closure may affect Nigeria’s daily output of 2.2 million B/D.

Reuters | 11 February 2014

Column: The Shale Factor in US National Security

The boom in domestic shale oil and gas production has increased US prosperity and economic competitiveness. But the potential for this to enhance our national security remains largely unrealized.

The shale surge has boosted production by 50% for oil and 20% for gas over the last 5 years. Yet our political leaders are only just beginning to explore how it can help further national strategic interests.

We led a major study at the Center for a New American Security in the last year, bringing together a nonpartisan panel to examine national security implications of the unconventional energy boom. We decided that outdated idealization of “energy independence” is preventing the administration and Congress from focusing on current energy vulnerabilities and figuring out how Washington should secure our economic and security interests.

Though the United States now imports less oil than it has for more than a dozen years, we should not distance ourselves from international oil markets by pursuing full energy self-sufficiency. The best way to advance energy security is to remain engaged internationally with major energy players.

 

Rigzone | 28 January 2014

Iraq Says Syria War Spillover Hinders Oilfields, Pipelines

Spillover attacks from the civil war in Syria have hindered development of Iraq’s gas and oil reserves and a major pipeline to the Mediterranean has been blown up dozens of times, Iraq’s top energy official said on 28 January.

Violence in Iraq climbed back to its highest level in five years in 2013, with nearly 9,000 people killed, most of them civilians, according to the United Nations.

“The ongoing conflict in Syria has resulted in an increasing number of terrorists using vast desert areas between Syria and Iraq to establish bases from which they have carried out attacks against the civilian population and economic targets and infrastructure,” Deputy Prime Minister for Energy Hussain al-Shahristani said.

“Attacking the energy sector has been among their top priorities to deprive the country of its main revenue source,” he said at an energy conference in London. “The attacks have been focussed on oil export pipelines, power generation, and transmission lines.”

Rigzone | 30 December 2013

Libyan Militia Threatens To Cut Gas Deliveries

A Libyan militia that shut down most of the country’s oil terminals for months threatened on 29 December to cut off natural gas deliveries to the capital, potentially imperiling the power supply in a serious escalation of its standoff with the central government.

A spokesman for a militia in the country’s east, who did not identify himself, said in a recorded statement aired on local television stations that the government has 48 hours to resume paying salaries to the group, which was originally in charge of securing oil and gas facilities in the country’s east.