The New York Times | 3 July 2014

Russian Hackers Targeting Oil and Gas Companies

Russian hackers have been systematically targeting hundreds of Western oil and gas companies, as well as energy investment firms, according to private cybersecurity researchers.

The motive behind the attacks appears to be industrial espionage—a natural conclusion given the importance of Russia’s oil and gas industry, the researchers said.

The manner in which the Russian hackers are targeting the companies also gives them the opportunity to seize control of industrial control systems from afar, in much the same way the United States and Israel were able to use the Stuxnet computer worm in 2009 to take control of an Iranian nuclear facility’s computer systems and destroy a fifth of the country’s uranium supply, the researchers said.

The Russian attacks, which have affected more than 1,000 organizations in more than 84 countries, were first discovered in August 2012 by researchers at CrowdStrike, a security company in Irvine, California. The company noticed an unusually sophisticated and aggressive Russian group targeting the energy sector, in addition to health care, governments, and defense contractors.


SNL | 30 June 2014

Industry Forms Information-Sharing Center To Thwart Cyberattacks

Prompted by the threat of cyberattacks against US energy infrastructure, the oil and gas industry has formed the Oil and Natural Gas Information Sharing and Analysis Center, or ONG-ISAC.

Formed with the help of the American Petroleum Institute, the center will be an industry-owned and -operated organization that enables exchange of information, helps gauge risks, and provides security guidance to US companies, according to a statement by the institute.

BE Digest | 20 June 2014

Experts Analyze Impact of ISIS Advances on Iraq’s Oil Industry

Oil industry analysts said the attack by militants on Iraq’s main Baiji refinery shows the growing impact they are having on the country’s stability, energy supplies, and government revenues.

The pre-dawn assault on the Baiji refinery north of Baghdad by fighters from the Islamic State of Iraq and Syria (ISIS) poses new questions about the security of the oil industry in Iraq, OPEC’s second biggest crude producer.

Q: How are oil prices affected by the violence in Iraq?
Even though the fighting has not yet reached the southern oilfields, which account for 90% of Iraq’s oil production, oil prices rose last week to their highest level for 9 weeks (USD 114.69/bbl for Brent crude) and investors are worried about the long-term prospects for Iraqi oil.

Price rises have calmed since then as Iraq’s oil production has not been significantly disrupted, but climbed back towards USD 114/bbl on 18 June following the refinery attack.

Analysts agree that if Iraq’s oil exports were suspended—it exports 2.5 million B/D—they would be hard to replace on international markets.

If “all of Iraq’s production is lost for a sustained period, the impact on oil prices would be significant,” Morgan Stanley said in an analysts’ note. “OPEC’s effective spare capacity … may be able to replace some of this volume, but at a substantial cost.”

The Paris-based International Energy Agency estimates OPEC has 3.3 million B.D in spare capacity, with 80% of that in Saudi Arabia.

Crude oil sales account for 75% of Iraq’s GDP, according to the International Monetary Fund.

Reuters | 19 June 2014

Oil Majors Cut Staff in Iraq on Fears Violence Will Spread

Some oil companies are pulling foreign staff from Iraq, fearing Sunni militants from the north could strike at major oil fields concentrated in the Shi’ite south despite moves by the Baghdad government to tighten security.

Iraqi officials say the southern regions that produce some 90% of the country’s oil are completely safe from the Islamic State of Iraq and the Levant (ISIL), which has seized much of the north in a week as Baghdad’s forces there collapsed.

The government says 100,000 police dedicated to protecting oil facilities are on high alert and well armed.

But oil firms are taking no chances with the foreign expert staff who could be prime targets for jihadists. And some importers of Iraqi oil are getting nervous about supplies.

“We are just very vigilant in Iraq. Nonessential production people have left, but operations continue,” said Bob Dudley, chief executive at BP, a major investor in Iraq through the giant Rumaila field. He was speaking to reporters in Moscow.

Center for Strategic and International Studies | 19 June 2014

Questions and Answers About Iraq and Global Oil Markets

Q: How is the recent escalation of violence in Iraq impacting global oil markets?

A: Last week’s attack on and seizure of Mosul (Iraq’s second largest city) by armed groups affiliated with the Islamic State of Iraq and the Levant (ISIL), an extreme jihadist group, represents a major expansion of the group’s previously held control of areas near the Syria/Iraqi border and escalated security concerns within Iraq.

Unable to stem the tide of the incursion thus far, the Maliki government asked Parliament to declare a state of emergency and requested assistance from the US military as well. The US Embassy is already evacuating certain employees and sending in additional troops to bolster security at the Embassy, recent press reports indicate that several energy companies operating in southern Iraq have done the same, and indications are that the ISIL forces have recently take over a major refinery in Baiji, a town north of Baghdad (though the refinery provides products to the domestic market).

The deteriorating security situation in Iraq and the prospect of an even broader humanitarian and regional political crisis is at the forefront of an already tense geopolitical landscape this week with Russia cutting natural gas supplies to Ukraine and ongoing territorial posturing between China and Japan in Asia. Given the complexity of the ethnic, national, and regional disputes and alliances within in the Middle East, however, the current situation in Iraq has clear potential to follow a rapid and dangerous trajectory.

Bloomberg | 16 June 2014

UglyGorilla Hack of US Utility Exposes Cyberwar Threat

Somewhere in China, a man typed his user name, “ghost,” and password, “hijack,” and proceeded to rifle the computers of a utility in the northeastern United States.

He plucked schematics of its pipelines. He copied security-guard patrol memos. He sought access to systems that regulate the flow of natural gas. He cruised channels where keystrokes could cut off a city’s heat or make a pipeline explode.

That didn’t appear to be his intention, and neither was economic espionage. While he was one of the Chinese officers the US charged last month with infiltrating computers to steal corporate secrets, this raid was different. The hacker called UglyGorilla invaded the utility on what was probably a scouting mission, looking for information China could use to wage war.

UglyGorilla is one of many hackers the FBI has watched. Agents have recorded raids by other operatives in China and in Russia and Iran, all apparently looking for security weaknesses that could be employed to disrupt the delivery of water and electricity and impede other functions critical to the economy, according to former intelligence officials with knowledge of the investigation. The incursions spurred a debate in the Obama administration over whether and how to respond and raised alarms among lawmakers briefed on the incidents.

Rigzone | 19 May 2014

Energy Companies See Email, Hacktivists as Major Cybersecurity Threats

A recent study found that 61% of energy firms view email as the biggest threat vector for cyberattacks via malware and that hacktivists are seen as posing the biggest threat to energy companies.

The study by ThreatTrack Security examined the vulnerabilities of energy and financial service firms—the industries that are most frequently targeted by cybercriminals. Both industries are under constant pressure from attackers due to the high-value assets they own, which represents a significant risk for the US economy and critical physical infrastructure, ThreatTrack said in a press release.

“There are a wide range of threat actors and attack vectors targeting these two industries, and ThreatTrack Security’s report investigates the challenges in these organizations face in defending themselves, and what they plan to do to increase security,” said ThreatTrack.

According to the study, 72% of respondents from both industries are confident their company will be targeted by an advanced persistent threat, targeted malware attack, or other sophisticated cybercrime or cyber-espionage tactics in the next 12 months. Of these respondents, 38% of the survey respondents said an attack was a certainty or highly unlikely.

Rigzone | 13 May 2014

Oil, Gas Industry Looks To Hire More Cybersecurity Professionals To Address Risks

Oil and gas companies are looking to hire more cybersecurity professionals as recent advances in oil and gas technology, which have created greater efficiency and reliability, also raise the industry’s risk from cyberattacks.

As it becomes more lucrative and high-profile, the oil and gas industry has become more of a target for cyberattacks. “Oil and gas is holding the economy together in a lot of ways, and is one of the few sectors not struggling,” said Chad Pinson, managing director of global investigations for cybersecurity at Stroz Friedberg.

Pinson said Stroz Friedberg sees more of its clients talking with the company about cybersecurity about ways they can bolster their cybersecurity preparedness. The hiring trend is not surprising, given the growing stakes and damage that can be caused by both sophisticated and unsophisticated attackers, Pinson noted.

“While the level of sophistication for cyberattackers has grown,” he said, “even an unsophisticated hacker can download a tool and do pretty good damage.”

Reuters | 25 April 2014

Global Shipping Fleet Exposed to Hacking Threat

The next hacker playground: the open seas—and the oil tankers and container vessels that ship 90% of the goods moved around the planet.

In this internet age, as more devices are hooked up online, so they become more vulnerable to attack. As industries such as maritime and energy connect ships, containers, and rigs to computer networks, they expose weaknesses that hackers can exploit.

Hackers recently shut down a floating oil rig by tilting it, while another rig was so riddled with computer malware that it took 19 days to make it seaworthy again; Somali pirates help choose their targets by viewing navigational data online, prompting ships to either turn off their navigational devices or fake the data so it looks like they’re somewhere else; and hackers infiltrated computers connected to the Belgian port of Antwerp, located specific containers, made off with their smuggled drugs, and deleted the records.

Reuters | 16 April 2014

South Sudan Rebels Say They Have Seized Oil Hub Bentiu, Tell Foreign Firms To Go

South Sudanese rebels said on 15 April that they have seized the capital of oil-producing Unity state, Bentiu, and warned oil firms to pack up and leave within a week.

Thousands of people have been killed and more than 1 million displaced since fighting erupted in South Sudan in the middle of December, triggered by a power struggle between President Salva Kiir and former Vice President Riek Machar.

“The recapturing of Bentiu marks the first phase of liberation of oil fields from (the) antidemocratic and genocidal forces of Kiir,” rebel spokesman Lul Ruai Koang said in a statement.

Urging all oil firms operating in government-held areas to shut their operations and evacuate their staff within a week, he said, “Failure to comply with this request, the oil companies risk forced oil shutdown and the safety of their staff.”


Reuters | 9 April 2014

Energy Companies Need Insurance Cover for Cyberattack “Time Bomb”

Energy companies have no insurance against major cyberattacks, reinsurance broker Willis said on 8 April, likening the threat to a “time bomb” that could cost the industry billions of dollars.

Willis highlighted the industry’s vulnerability to cyberthreats in its annual review of the energy sector’s insurance market, which called on insurers to find a way to provide cover.

“A major energy catastrophe—on the same scale as … Exxon Valdez or Deepwater Horizon—could be caused by a cyberattack, and, crucially, that cover for such a loss is generally not currently provided by the energy insurance market,” the insurance broker said.

Most insurance products currently available will cover minor things such as data losses or downtime caused by IT issues, but not major events like explosions at multiple facilities triggered remotely by hackers, Willis said.

Reuters | 11 March 2014

BP Shelves Onshore Exploration in Libya as Instability Grows

Oil and gas major BP said it had mothballed plans to explore in Libya’s Ghadames basin because of security concerns, the latest in a series of companies to rethink their projects amid growing instability.

Three years of turmoil since the Arab Spring and tough contract terms have prompted oil firms to reassess their role in Libya, and several have said they would postpone their plans or scrap them altogether.

BP’s exploration and production sharing agreement with Libya covers onshore acreage in Ghadames, near the border between Libya, Algeria, and Tunisia, and offshore acreage in the central Sirte basin.

“With respect to the onshore exploration drilling program, a security review in June concluded that this could not be safely and securely delivered by BP at this time. Alternative approaches are being considered,” BP said in its annual report.