Rigzone | 19 March 2015

Government Agencies To Monitor Offshore Marine, Energy Sector Cyberthreats

Cybersecurity is attaining the same level of importance that health, safety, and environment issues have in oil and gas over the past 20 years. Over the past 18 months, the US federal government also has undertaken a series of actions regarding cybersecurity issues in the oil and gas sector, said Glenn Legge, a partner at Legge, Farrow, Kimmitt, McGrath & Brown.

Through different agencies and the executive branch, the federal government has sought to encourage the private sector to create a more robust cybersecurity network. Late last year, the US Department of Homeland Security and the US Coast Guard announced that they would develop cybersecurity regulations for the marine and offshore energy sectors. These regulations would address concerns over cyberrisks and vulnerabilities among vessels and facilities subject to the Maritime Transportation Security Act of 2002.

The regulations will create standards and minimum requirements for companies working in the marine and offshore energy industries. Legge said his firm anticipates that some of the proposed regulatory requirements will be drawn from industry cybersecurity standards, as well as recommendations created by the National Institute of Standards and Technology, a nonregulatory branch of the US Department of Commerce.

Prior to this order, most of the existing regulations have been focused on data breach events, such as the theft of credit card and Social Security numbers, instead of a cyberattack on offshore infrastructure.

“Unlike exercising oversight over other marine and offshore energy activities, regulating cybersecurity will be very challenging, as industry standards in this area are continually evolving at a rapid rate in response to ever-changing cyberthreats,” according to the law firm’s February 2015 newsletter. “The new regulatory framework will have to have some degree of adaptability to oversee cybersecurity in an evolving threat environment.”

Rigzone | 16 March 2015

Will Low Oil Prices Prompt Cutbacks in Cybersecurity Spending?

The collapse in global oil prices has prompted companies across the industry, from operators to contractors, to sharply reduce capital and operating expenditures. Are these reductions also affecting spending on cybersecurity?

Most industry experts and government authorities, including the Department of Homeland Security, US Cyber Command, and the National Security Agency estimate that over 40% of the recent cyberattacks in North America targeted the oil, energy, and resources segments. Thus, it would be unwise and inappropriate to compromise some areas of security and safeguards, whether they address workplace safety, environmental impairment, pollution, or cybersecurity, said Glenn Legge, a partner at Legge, Farrow, Kimmitt, McGrath & Brown.

OE Digital | 29 January 2015

Research Shows Dragonfly Malware Not Targeting Energy Industry

Belden Inc. released new research that shows the recently revealed Dragonfly (Havex) malware is likely targeting the pharmaceutical sector, not the energy sector as previously believed.

Belden says, until now, advanced cyberattacks against industry have focused on the critical energy and chemical sectors. Manufacturing management teams are advised to update their risk assessments and ensure that their cybersecurity defenses can withstand what are clearly highly coordinated attacks by teams of professional hackers.

The new report, entitled “Defending Against the Dragonfly Cyber Security Attacks, Part A—Identifying the Targets,” is the first of four from Belden and investigates the victims, methods, and consequences of the Dragonfly cyberattack campaign. The series will close with an analysis of what defenses have proven to be either effective or ineffective against advance persistent threats, including Dragonfly. Many of the suggested actions are distinct from current common security practices.

Shale Energy Insider | 14 January 2015

Police Investigate Possible Sabotage of Hydraulic Fracturing Well

Western Australia’s Department of Mines and Petroleum (DMP) has completed a preliminary investigation into damage at hydraulic fracturing gas well Yulleroo 2, which was one of the first to be fractured in the Laurel wet gas formation.

The well was damaged recently, with the DMP becoming aware of the incident after an environmental group, Environs Kimberley reported it and an anti-fracturing group, Lock The Gate, took footage of the well.

The investigation has concluded that the valve had not been faulty but had been physically damaged. When the incident was first announced, the company that had fractured the well in 2010, Buru Energy, said that there had been no issues with well at the previous inspection.

The executive director of the DMP, Jeff Haworth, has said the evidence points to deliberate sabotage, which had been an initial speculation when the damage was first revealed.

Shale Energy Insider | 12 January 2015

Western Australia’s DMP Investigates Hydraulic Fracturing Gas Well Leak

A hydraulic fracturing gas well in the north of Western Australia is under investigation by the Department of Mines and Petroleum (DMP) following a leak that was reported by an environmental group with accompanying video evidence of the damage.

The well, which was fractured by Buru Energy in 2010, was one of the first stimulation wells in the Laurel wet gas formation.

The DMP became aware of the incident after an environmental group, Environs Kimberley, reported it and an anti-fracturing group, Lock The Gate, took footage of the well and its gas meter, which the group claims was showing readings that the pressure at the Yulleroo-2 well was “dangerous enough to explode.”

Petroleum division executive director Jeff Haworth said that, following an initial investigation, “it appears at this stage there has been no equipment or process failure” but continued “the damage presents a serious concern if a third part was involved.”

Mr Haworth added that, “in light of the serious nature of the damage involved, the department will be investigating further.”

The damage to the well was described by Haworth as physical damage rather than a stress or pressure failure, with the wellhead valve stem bent out of shape, which brought suggestions of possible sabotage.

Rigzone | 30 December 2014

Report: Oil and Gas Cybersecurity Risks Will Continue in 2015

The oil and gas industry’s need to prepare for cyberattacks will not abate in 2015 as attacks continue to grow in number and sophistication.

During the past 30 years, the oil and gas sector has been the target of well-known cyberattacks. One of the most famous was launched against Saudi Aramco in 2012 by the terrorist organization Cutting Sword of Justice. The group launched the attack to stop oil and gas production in the largest exporter within the Organization of the Petroleum Exporting Countries (OPEC), according to a white paper by Lockheed Martin Corporation. The attack crippled 30,000 computers and disrupted Saudi Aramco for months.

“The attack on Saudi Aramco ultimately failed to disrupt production but was one of the most destructive cybersecurity strikes against a single business,” according to Lockheed Martin. “More importantly, this attack echoed the need for oil and gas companies to evaluate the importance of a cyberthreat landscape with regard to attacks and uncovered vulnerabilities.”

Another recent example of cybersecurity threats facing the oil and gas industry is the attack on Mexico’s state energy company Pemex by Iran-backed cyberattackers, reported by Bloomberg on 2 December. Hackers working for Iran have targeted at least 50 companies and government organizations, including commercial airlines, looking for vulnerabilities that could be used in physical attacks, Bloomberg quoted cybersecurity firm Cylance as saying.

Estimates vary, but the number of cyberattacks is on the rise. Lockheed Martin quoted reports by Symantec, which reported a 91% increase in targeted attack campaigns in 2013. This includes a 62% rise in the number of breaches. In the United States alone, IBM reported an estimated 1.5 million monitored cyberattacks occurred in 2013, a 12% year-to-year increase in security events.

Oilpro | 12 November 2014

Boko Haram—Is Nigeria’s Oil Future in Danger?

Boko Haram is a militant Islamist movement based primarily in northeast Nigeria and was classed as a terrorist organization by the US in 2013. It was founded in 2002 as a Sunni Islamic fundamentalist sect advocating a strict form of Sharia law.

Can Boko Haram really pose a credible threat to the Nigerian oil industry? Since the ascendancy of ISIS in the Middle east, Boko Haram has grown not only in numbers and equipment but also in confidence. Recently, abandoning their usual hide and seek tactics, they took on the Nigerian army and defeated it in Mubi, a city of some 129,000 inhabitants in Adamawa State, forcing the army to retreat in haste and disorder.

Although as yet they have not advanced any further south from their heartlands, Boko Haram have recently issued threats against oil refineries and pipelines specifically in the Niger Delta, threats that should not be ignored.

Shale World | 11 September 2014

Investment in Mexico’s Shale Plays Could Be Slowed by Security Concerns

With the world’s fourth largest shale reserves, Mexico is an attractive prospect for operators and investors hoping to extend the US shale boom south of the border. Geological risk in Mexico’s shale plays is relatively low because the geology is already proven. And now, foreign players are presented with real opportunities to participate as Mexico begins to define the legislation for landmark energy reform announced in 2013, which ended the state energy monopoly, allowing participation from foreign companies.

Despite the attractive opportunities and proven geology, shale gas operators may be reticent to proceed because of high levels of drug-related violence and alarmingly high murder rates in Mexico’s northern regions, which happen to offer some of the country’s most promising shale plays. The Tamaulipas state in particular is an attractive region for shale gas but has the highest number of homicides in Mexico. There have been a number of attacks on oil workers, and this risk could hamper future investment.

Dwight Dyer, a political risk analyst based in Mexico City, commented that “Shale will not take off in Mexico like it did in Texas in the near future. Unless the security situation along the northeastern border improves significantly, smaller companies will probably take their time before jumping in,” he said.

Reuters | 2 September 2014

Algeria’s In Amenas Gas Plant Returning to Normal After Attack

A major gas plant in Algeria where 40 employees were killed by Islamist militants last year is returning to normal operations following a big step up in security, one of the plant’s operators said on 1 September.

A general view of Tiguentourine Gas Plant in In Amenas, 994 miles southeast of Algiers. Credit: Reuters/Louafi Larbi

Norway’s Statoil said the In Amenas plant, which accounted for about 11.5% of Algeria’s natural gas output before the attack, would return to full production in a few months.

Statoil had kept its permanent workers away from the plant, which it operates jointly with BP and Algeria’s Sonatrach, after gunmen raided the site deep in the Sahara desert in January 2013.

They took foreign workers hostage in a 4-day siege that ended when Algerian forces stormed the facility.

“The corporate executive committee has decided that ordinary rotation (of staff) is to be resumed at the plant as all defined security measures have been implemented,” Statoil said in a statement.

There is greater control of people coming near the installations, an airport has been built inside the site, and more barriers have been constructed around the site, Statoil told Reuters.

“The security has been boosted with a permanent military presence on the site, helicopters scanning the region, and the airport is ready to receive the expats who will no longer need to travel the 50 km (31 miles) from In Amenas’ airport to the base,” Bachir Benzergua, head of the union for workers at In Amenas, said.

He said there were already some expats working at the gas plant but that they spent the night at Hassi Messaoud’s oilfield base, some 310 miles away.

A second local source, who asked not to be named, said, “I don’t understand why (expats) they are not back yet, security is OK, and Algerian workers and technicians are making sure production is OK.”

Read the full story here.

Bloomberg | 25 August 2014

Oil Search Temporarily Suspends Well in Kurdistan Because of Turmoil

Oil Search temporarily suspended a well in Iraqi Kurdistan after violence in the region disrupted its ability to get skilled technicians and equipment to the Taza oil project.

Oil Search’s other operations in the area are continuing with the security situation stable, the oil producer said on 18 August in a statement.

“We are continuing to monitor the security situation closely and plan to recommence Taza-2 operations once we are confident that the long-term integrity of our supply chain has been safely re-established,” the statement said.

Journal of Petroleum Technology | 8 August 2014

Control-System Cybersecurity: Staying Ahead of Evolving Threats

The benefits of modern industrial control systems have never been greater. However, as these systems have evolved, the threats to their safe and secure operation have grown. While the return on investment for a complete control-system security audit may be difficult to calculate, the cost of not having a complete plan in place may, if a worst-case condition arises, be impossible to comprehend. A baseline system security image, as a start, allows a vessel owner or operator to understand the security risks.


A diver-support-vessel control system suddenly loses position control and begins to drift while the divers below are put in harm’s way. A programmable–logic controller on the vessel’s dynamic–positioning system had entered an error state and flooded the primary and backup control networks with erroneous data, knocking all connected systems offline. Before control is restored, the vessel is 200 m from its station and one diver has been left unconscious on the template bailout and the other is stranded in the diving bell. The unconscious diver is rescued by his companion from the diving bell once the vessel arrives back on station. Is this a scene from a movie? Unfortunately not; it was a recent, real-world failure. Just as unsettling is the fact that the root cause of the network jamming was never identified.

While viruses, Trojans, worms, and backdoors have been generally associated with Web servers, personal computers, and phones with access to the Internet, serious concerns about cyberphysical attacks on industrial control systems have also been raised—attacks that could result in conditions similar to the loss of positional control just described.

Offshore assets with complex operational capabilities, such as floating production, storage, and offloading vessels; drillships; and semisubmersibles, while not necessarily targets for national–security-based malicious attacks, are nevertheless high-value targets whose compromise may have high-consequence results. Control systems onboard the vessel demand real-time operation, interference with which may result in costly and even life-threatening situations.

Fuel Fix | 14 July 2014

Report: Oil Companies Remain Complacent About Computer Dangers

Oil companies and others with critical infrastructure are ill-prepared to thwart computer system threats, even though more than two-thirds have had at least one significant security compromise in the past year, according to a recent report.

The Ponemon Institute analysis shows that the people in charge of managing critical control systems know their organizations are not ready for the sophistication and frequency of cyberattacks.

Just 17% of the 599 security executives at utility, oil, gas, energy, and manufacturing companies surveyed by the research group said they had deployed most of their major information technology initiatives meant to fend off cyberattacks.

And only 28% of the respondents said security was one of the top five strategic priorities at their organizations.