Bloomberg | 25 August 2014

Oil Search Temporarily Suspends Well in Kurdistan Because of Turmoil

Oil Search temporarily suspended a well in Iraqi Kurdistan after violence in the region disrupted its ability to get skilled technicians and equipment to the Taza oil project.

Oil Search’s other operations in the area are continuing with the security situation stable, the oil producer said on 18 August in a statement.

“We are continuing to monitor the security situation closely and plan to recommence Taza-2 operations once we are confident that the long-term integrity of our supply chain has been safely re-established,” the statement said.

Journal of Petroleum Technology | 8 August 2014

Control-System Cybersecurity: Staying Ahead of Evolving Threats

The benefits of modern industrial control systems have never been greater. However, as these systems have evolved, the threats to their safe and secure operation have grown. While the return on investment for a complete control-system security audit may be difficult to calculate, the cost of not having a complete plan in place may, if a worst-case condition arises, be impossible to comprehend. A baseline system security image, as a start, allows a vessel owner or operator to understand the security risks.


A diver-support-vessel control system suddenly loses position control and begins to drift while the divers below are put in harm’s way. A programmable–logic controller on the vessel’s dynamic–positioning system had entered an error state and flooded the primary and backup control networks with erroneous data, knocking all connected systems offline. Before control is restored, the vessel is 200 m from its station and one diver has been left unconscious on the template bailout and the other is stranded in the diving bell. The unconscious diver is rescued by his companion from the diving bell once the vessel arrives back on station. Is this a scene from a movie? Unfortunately not; it was a recent, real-world failure. Just as unsettling is the fact that the root cause of the network jamming was never identified.

While viruses, Trojans, worms, and backdoors have been generally associated with Web servers, personal computers, and phones with access to the Internet, serious concerns about cyberphysical attacks on industrial control systems have also been raised—attacks that could result in conditions similar to the loss of positional control just described.

Offshore assets with complex operational capabilities, such as floating production, storage, and offloading vessels; drillships; and semisubmersibles, while not necessarily targets for national–security-based malicious attacks, are nevertheless high-value targets whose compromise may have high-consequence results. Control systems onboard the vessel demand real-time operation, interference with which may result in costly and even life-threatening situations.

Fuel Fix | 14 July 2014

Report: Oil Companies Remain Complacent About Computer Dangers

Oil companies and others with critical infrastructure are ill-prepared to thwart computer system threats, even though more than two-thirds have had at least one significant security compromise in the past year, according to a recent report.

The Ponemon Institute analysis shows that the people in charge of managing critical control systems know their organizations are not ready for the sophistication and frequency of cyberattacks.

Just 17% of the 599 security executives at utility, oil, gas, energy, and manufacturing companies surveyed by the research group said they had deployed most of their major information technology initiatives meant to fend off cyberattacks.

And only 28% of the respondents said security was one of the top five strategic priorities at their organizations.

The New York Times | 3 July 2014

Russian Hackers Targeting Oil and Gas Companies

Russian hackers have been systematically targeting hundreds of Western oil and gas companies, as well as energy investment firms, according to private cybersecurity researchers.

The motive behind the attacks appears to be industrial espionage—a natural conclusion given the importance of Russia’s oil and gas industry, the researchers said.

The manner in which the Russian hackers are targeting the companies also gives them the opportunity to seize control of industrial control systems from afar, in much the same way the United States and Israel were able to use the Stuxnet computer worm in 2009 to take control of an Iranian nuclear facility’s computer systems and destroy a fifth of the country’s uranium supply, the researchers said.

The Russian attacks, which have affected more than 1,000 organizations in more than 84 countries, were first discovered in August 2012 by researchers at CrowdStrike, a security company in Irvine, California. The company noticed an unusually sophisticated and aggressive Russian group targeting the energy sector, in addition to health care, governments, and defense contractors.


SNL | 30 June 2014

Industry Forms Information-Sharing Center To Thwart Cyberattacks

Prompted by the threat of cyberattacks against US energy infrastructure, the oil and gas industry has formed the Oil and Natural Gas Information Sharing and Analysis Center, or ONG-ISAC.

Formed with the help of the American Petroleum Institute, the center will be an industry-owned and -operated organization that enables exchange of information, helps gauge risks, and provides security guidance to US companies, according to a statement by the institute.

BE Digest | 20 June 2014

Experts Analyze Impact of ISIS Advances on Iraq’s Oil Industry

Oil industry analysts said the attack by militants on Iraq’s main Baiji refinery shows the growing impact they are having on the country’s stability, energy supplies, and government revenues.

The pre-dawn assault on the Baiji refinery north of Baghdad by fighters from the Islamic State of Iraq and Syria (ISIS) poses new questions about the security of the oil industry in Iraq, OPEC’s second biggest crude producer.

Q: How are oil prices affected by the violence in Iraq?
Even though the fighting has not yet reached the southern oilfields, which account for 90% of Iraq’s oil production, oil prices rose last week to their highest level for 9 weeks (USD 114.69/bbl for Brent crude) and investors are worried about the long-term prospects for Iraqi oil.

Price rises have calmed since then as Iraq’s oil production has not been significantly disrupted, but climbed back towards USD 114/bbl on 18 June following the refinery attack.

Analysts agree that if Iraq’s oil exports were suspended—it exports 2.5 million B/D—they would be hard to replace on international markets.

If “all of Iraq’s production is lost for a sustained period, the impact on oil prices would be significant,” Morgan Stanley said in an analysts’ note. “OPEC’s effective spare capacity … may be able to replace some of this volume, but at a substantial cost.”

The Paris-based International Energy Agency estimates OPEC has 3.3 million B.D in spare capacity, with 80% of that in Saudi Arabia.

Crude oil sales account for 75% of Iraq’s GDP, according to the International Monetary Fund.

Reuters | 19 June 2014

Oil Majors Cut Staff in Iraq on Fears Violence Will Spread

Some oil companies are pulling foreign staff from Iraq, fearing Sunni militants from the north could strike at major oil fields concentrated in the Shi’ite south despite moves by the Baghdad government to tighten security.

Iraqi officials say the southern regions that produce some 90% of the country’s oil are completely safe from the Islamic State of Iraq and the Levant (ISIL), which has seized much of the north in a week as Baghdad’s forces there collapsed.

The government says 100,000 police dedicated to protecting oil facilities are on high alert and well armed.

But oil firms are taking no chances with the foreign expert staff who could be prime targets for jihadists. And some importers of Iraqi oil are getting nervous about supplies.

“We are just very vigilant in Iraq. Nonessential production people have left, but operations continue,” said Bob Dudley, chief executive at BP, a major investor in Iraq through the giant Rumaila field. He was speaking to reporters in Moscow.

Center for Strategic and International Studies | 19 June 2014

Questions and Answers About Iraq and Global Oil Markets

Q: How is the recent escalation of violence in Iraq impacting global oil markets?

A: Last week’s attack on and seizure of Mosul (Iraq’s second largest city) by armed groups affiliated with the Islamic State of Iraq and the Levant (ISIL), an extreme jihadist group, represents a major expansion of the group’s previously held control of areas near the Syria/Iraqi border and escalated security concerns within Iraq.

Unable to stem the tide of the incursion thus far, the Maliki government asked Parliament to declare a state of emergency and requested assistance from the US military as well. The US Embassy is already evacuating certain employees and sending in additional troops to bolster security at the Embassy, recent press reports indicate that several energy companies operating in southern Iraq have done the same, and indications are that the ISIL forces have recently take over a major refinery in Baiji, a town north of Baghdad (though the refinery provides products to the domestic market).

The deteriorating security situation in Iraq and the prospect of an even broader humanitarian and regional political crisis is at the forefront of an already tense geopolitical landscape this week with Russia cutting natural gas supplies to Ukraine and ongoing territorial posturing between China and Japan in Asia. Given the complexity of the ethnic, national, and regional disputes and alliances within in the Middle East, however, the current situation in Iraq has clear potential to follow a rapid and dangerous trajectory.

Bloomberg | 16 June 2014

UglyGorilla Hack of US Utility Exposes Cyberwar Threat

Somewhere in China, a man typed his user name, “ghost,” and password, “hijack,” and proceeded to rifle the computers of a utility in the northeastern United States.

He plucked schematics of its pipelines. He copied security-guard patrol memos. He sought access to systems that regulate the flow of natural gas. He cruised channels where keystrokes could cut off a city’s heat or make a pipeline explode.

That didn’t appear to be his intention, and neither was economic espionage. While he was one of the Chinese officers the US charged last month with infiltrating computers to steal corporate secrets, this raid was different. The hacker called UglyGorilla invaded the utility on what was probably a scouting mission, looking for information China could use to wage war.

UglyGorilla is one of many hackers the FBI has watched. Agents have recorded raids by other operatives in China and in Russia and Iran, all apparently looking for security weaknesses that could be employed to disrupt the delivery of water and electricity and impede other functions critical to the economy, according to former intelligence officials with knowledge of the investigation. The incursions spurred a debate in the Obama administration over whether and how to respond and raised alarms among lawmakers briefed on the incidents.

Rigzone | 19 May 2014

Energy Companies See Email, Hacktivists as Major Cybersecurity Threats

A recent study found that 61% of energy firms view email as the biggest threat vector for cyberattacks via malware and that hacktivists are seen as posing the biggest threat to energy companies.

The study by ThreatTrack Security examined the vulnerabilities of energy and financial service firms—the industries that are most frequently targeted by cybercriminals. Both industries are under constant pressure from attackers due to the high-value assets they own, which represents a significant risk for the US economy and critical physical infrastructure, ThreatTrack said in a press release.

“There are a wide range of threat actors and attack vectors targeting these two industries, and ThreatTrack Security’s report investigates the challenges in these organizations face in defending themselves, and what they plan to do to increase security,” said ThreatTrack.

According to the study, 72% of respondents from both industries are confident their company will be targeted by an advanced persistent threat, targeted malware attack, or other sophisticated cybercrime or cyber-espionage tactics in the next 12 months. Of these respondents, 38% of the survey respondents said an attack was a certainty or highly unlikely.

Rigzone | 13 May 2014

Oil, Gas Industry Looks To Hire More Cybersecurity Professionals To Address Risks

Oil and gas companies are looking to hire more cybersecurity professionals as recent advances in oil and gas technology, which have created greater efficiency and reliability, also raise the industry’s risk from cyberattacks.

As it becomes more lucrative and high-profile, the oil and gas industry has become more of a target for cyberattacks. “Oil and gas is holding the economy together in a lot of ways, and is one of the few sectors not struggling,” said Chad Pinson, managing director of global investigations for cybersecurity at Stroz Friedberg.

Pinson said Stroz Friedberg sees more of its clients talking with the company about cybersecurity about ways they can bolster their cybersecurity preparedness. The hiring trend is not surprising, given the growing stakes and damage that can be caused by both sophisticated and unsophisticated attackers, Pinson noted.

“While the level of sophistication for cyberattackers has grown,” he said, “even an unsophisticated hacker can download a tool and do pretty good damage.”

Reuters | 25 April 2014

Global Shipping Fleet Exposed to Hacking Threat

The next hacker playground: the open seas—and the oil tankers and container vessels that ship 90% of the goods moved around the planet.

In this internet age, as more devices are hooked up online, so they become more vulnerable to attack. As industries such as maritime and energy connect ships, containers, and rigs to computer networks, they expose weaknesses that hackers can exploit.

Hackers recently shut down a floating oil rig by tilting it, while another rig was so riddled with computer malware that it took 19 days to make it seaworthy again; Somali pirates help choose their targets by viewing navigational data online, prompting ships to either turn off their navigational devices or fake the data so it looks like they’re somewhere else; and hackers infiltrated computers connected to the Belgian port of Antwerp, located specific containers, made off with their smuggled drugs, and deleted the records.