Washington Examiner | 3 September 2015

Energy Secretary Says Cyberattacks Threaten Natural Gas Industry

The administration is seeing a “big and growing threat” from possible cyberattack against the nation’s natural gas infrastructure, as well as new cars and the sprawling traffic management system.

Energy Secretary Ernest Moniz discussed the threat on 24 August while addressing Democratic Minority Leader Harry Reid’s National Clean Energy Summit in Las Vegas.

He said the utility sector is usually the “poster child” for the threat the US faces from cyberattacks, but there is also a threat to natural gas compressor stations, vehicle traffic management system, and new cars and trucks that have much more digital hardware that makes them increasingly vulnerable to being hacked.

He said much more has to be done on training cybersecurity specialists to counter the threat, but “training of professionals [is] … not keeping up with demand.”

Reuters | 19 August 2015

Iraqi Kurdistan Says Oil Pipeline Sabotage Cost It USD 501 Million

Repeated sabotage by “organized gangs” of the oil pipeline from northern Iraq to Turkey has cost the autonomous Kurdistan region USD 501 million since 1 July, its ministry of natural resources said on 18 August.

The flow of oil is currently suspended because of a theft attempt on the pipeline, which runs to the Turkish port of Ceyhan from fields in Iraq’s Kurdish north and Kirkuk.

The pipeline was previously idled for a week after being blown up by members of the Kurdistan Workers’ Party (PKK) in late July, when Turkey began bombing the outlawed group in northern Iraq.

The PKK later denied the attack had been ordered by its leadership, and said it would not target the pipeline.

But the Ministry of Natural Resources appeared to blame the PKK for the latest disruption, saying the “organized gangs” behind it were understood to have close links with the perpetrators of the July attack.

Reuters | 17 August 2015

Islamic State Attacks In and Around Iraqi Refinery Town

Islamic State militants attacked the outskirts of Iraq’s northern oil refinery town of Baiji overnight on 13 August with car bombs and clashed with the army and Shi’ite militias in the town’s western districts, the local mayor and security sources said on 14 August.

The town of Baiji and its refinery—Iraq’s largest—have been a battlefront for more than a year. The hardline Islamists seized the town in June 2014 as they swept through much of northern Iraq toward the capital Baghdad.

Control of Baiji neighborhoods has changed hands many times during the conflict. Authorities said last month they had recaptured most of the town, but the radical jihadist group attacked central neighborhoods days later, forcing pro-government forces to pull back.

Reuters | 14 August 2015

Libya’s El Feel, El Sharara Oilfields Remain Closed

Libya’s El Sharara and El Feel oilfields remain closed because of protests and a pipeline blockage, oil officials said on 10 August.

Tribal elders have been trying for months to resume work at both fields, which could add some 400,000 B/D of crude, doubling Libya’s current output.

Unconfirmed postings on social media suggested there had been progress in the talks, but Mohamed El Harari, spokesman for state oil firm NOC, said the fields were still closed.

An oil source at the western Zawiya port linked to the El Sharara oilfield said there were efforts to reopen the 340,000-B/D field but so far there was no breakthrough. An engineer at El Feel also said there was no sign of output resuming.

The two oilfields have been shuttered by salary demands from security guards and the country’s conflict between the two rival governments vying for control of the north African OPEC state.

GlobalData | 7 July 2015

Analyst: Conflict Continues To Stifle South Sudan’s Oil Sector

Continued armed fighting, trade disputes, and low oil prices are having a considerable negative effect on South Sudan’s oil industry, with existing asset holders reducing investments and potential investors being deterred by instability in the region, says an analyst with research and consulting firm GlobalData.

According to Jonathan Markham, GlobalData’s analyst covering upstream oil and gas, reported production in South Sudan was approximately 240,000 B/D at the end of 2013, before the start of the conflict, but this is believed to have fallen to approximately 165,000 B/D in 2014.

At current oil prices of USD 60–65/bbl, South Sudan is earning approximately USD 100 million in profit per month from oil exports, approximately 90% of the government’s income. However, it is likely that 2015 production will fall even further following the recent conflict escalation around the oil regions.

Markham said, “Neither government nor rebel forces are in full control of the locations in key oil regions. Ineffective ceasefire agreements and declining oil exports mean operations in South Sudan will continue to be affected in the short to medium term. Damage to infrastructure will set the country back at least 7 years, with production not expected to return to 2013 levels, of approximately 240,000 B/D, until 2020.

”Furthermore, despite proven reserves of 3.5 billion bbl and potential for further exploration, oil companies are not willing to invest until the political and security situation in South Sudan improves.”

The situation is further exacerbated by South Sudan’s reliance on two Sudanese pipelines to export crude oil. While the government has explored the possibility of building new pipelines through Uganda and Kenya, these plans have not progressed past the feasibility study because of the ongoing conflict.

Markham added, “South Sudan pays between USD 9.1 and USD 11 per barrel to use Sudan’s facilities and an additional UD 15 per barrel as compensation for the country’s lost oil revenue after independence.

“The country currently has no other export routes if the existing pipelines are cut off. Without alternative routes, South Sudan will remain vulnerable to shutdown threats and unfavorable transportation contracts.”

Read more about GlobalData here.

Bloomberg | 15 June 2015

Hackers’ Favorite Target: Big Oil and All That Deadly Equipment

Hackers have made the energy industry a favorite target.

A study conducted in April by Symantec, the world’s biggest cybersecurity firm, found that computer-system invaders attacked 43% of global mining and oil and gas companies at least once last year. In a separate survey the same month, conducted for the Organization of American States by another security company, Trend Micro, 47% of energy organizations reported attacks, the highest among all corporate sectors and surpassed only by governments.

“Nowadays, you have computers running everything,” said Alvaro Cardenas, a computer-science professor at the University of Texas at Dallas and a member of the Cyber Security Research and Education Institute. “You can create blackouts or oil spills and hurt a lot of people.”

As if last year’s oil-price drop wasn’t enough, costs for energy companies rose faster than the US average over the last 5 years, according to a study by the Ponemon Institute for Hewlett-Packard. Cybercrimes cost energy and utilities companies an average of USD 13.2 million each a year for lost business and damaged equipment, higher than in any other industry, according to Ponemon’s survey of 257 businesses.

Spending worldwide on cybersecurity for oil and gas infrastructure will reach USD 1.9 billion by 2018, according to ABI Research, a technology data company with offices worldwide.

Oil & Gas IQ | 10 June 2015

Cyber 9/11: Is the Oil and Gas Industry Sleepwalking Into a Nightmare?

Cyber Security within the oil and gas industry is a threat that is, in many cases, being ignored. It has a direct effect in the creation of government regulation and legislation, can have deep financial impact and—in some cases—can even cost lives.

The 2014 Verizon Data Breach report states that 40% of the attacks performed in the manufacturing and mining industry are cyberespionage-based. A UK survey revealed that 81% of large companies were digitally attacked, at an average cost of GBP 1 million per company. Similarly, 62% of small and medium-sized enterprises were digitally attacked in 2014 at an average cost of more than GBP 100,000 per incident.

BLG via Mondaq | 14 May 2015

The Emergence of Cybersecurity and Cyberlitigation Issues Affecting the Oil And Gas Industry

Cybersecurity and related cyberlitigation issues continue to emerge and become top of mind for businesses. The frequency of cybersecurity attacks is startling. Research conducted in 2012 by the International Cyber Security Protection Alliance (ICSPA) revealed that 69% of Canadian businesses had experienced some type of attack within a 12-month period. Twenty-six percent of those affected reported “considerable” impact on their businesses in terms of financial and reputation damage.

As has been stated by Mike Rogers, US Intelligence Committee chairman, “There are two kinds of companies. Those that have been hacked and those that have been hacked but don’t know it yet”.

Steps are now being taken by regulators and businesses to bring awareness to these issues:

  • In 2014, the Securities Exchange Commission (SEC) held a roundtable discussion on the topic of cybersecurity, where it was noted according to speaker Mary Jo White that cyberthreats are first on the division of intelligence’s list of global threats, even surpassing terrorism.
  • In 2015, the SEC identified “the cybersecurity of registered investment companies and registered investment advisers as an important issue” and provided updated guidance in reducing cybersecurity risks.
  • In April 2015, the Cybersecurity Unit (Computer Crime & Intellectual Property Section Criminal Division) of the US Department of Justice, published “Best Practices for Victim Response and Reporting of Cyber Incidents.”

Upstream | 26 March 2015

Saudi Arabia Plans To Boost Oilfield Security

Saudi Arabia is to step up security around its oil fields and installations as the country leads a campaign of air strikes against rebel forces in Yemen.

The top OPEC producer is also to beef up security at its borders and around industrial facilities, the state-owned Saudi Press Agency reported.

Interior Minister Muhammad bin Nayef said at a meeting to review developments in Yemen that Saudi Arabia will be “strengthening all security measures on the borders of the kingdom and in all public utilities and around the oil and industrial facilities.”

Saudi Arabia is leading a coalition of regional partners in air strikes against Houthi Shia rebels in Yemen who are threatening to overthrow the government of President Abd-Rabbu Mansour Hadi.

Rigzone | 19 March 2016

Cybersecurity Activity Generating Its Own Set of Big Data

With more data and more sources of data, cybersecurity analytics in the oil and gas industry is rapidly becoming a big problem addressed by Big Data.

The growing amount of data associated with cybersecurity analysis involves multiple types of data. These sources include structured and unstructured data such as log files, instrumentation data, and network data, as well as investments by companies in intrusion detection systems, prevention detection systems, firewalls, data loss prevention centers, servers, and database applications, all of which generate a lot of data, said Rene Moreda, who oversees energy and utilities for the Americas at BAE Systems Applied Intelligence. Cybersecurity analytics also involves combing through data sources such as email, video surveillance feeds, geospatial information, and physical security data from access readers and logs.

“There is more data and more formats of data speeding across enterprises today,” Moreda said. “When you look at the Internet of Things and the need by companies to reduce costs and gain greater efficiencies through tools such as automation and wireless, the attack surface for oil and gas companies keeps getting bigger every day.”

Rigzone | 19 March 2015

Government Agencies To Monitor Offshore Marine, Energy Sector Cyberthreats

Cybersecurity is attaining the same level of importance that health, safety, and environment issues have in oil and gas over the past 20 years. Over the past 18 months, the US federal government also has undertaken a series of actions regarding cybersecurity issues in the oil and gas sector, said Glenn Legge, a partner at Legge, Farrow, Kimmitt, McGrath & Brown.

Through different agencies and the executive branch, the federal government has sought to encourage the private sector to create a more robust cybersecurity network. Late last year, the US Department of Homeland Security and the US Coast Guard announced that they would develop cybersecurity regulations for the marine and offshore energy sectors. These regulations would address concerns over cyberrisks and vulnerabilities among vessels and facilities subject to the Maritime Transportation Security Act of 2002.

The regulations will create standards and minimum requirements for companies working in the marine and offshore energy industries. Legge said his firm anticipates that some of the proposed regulatory requirements will be drawn from industry cybersecurity standards, as well as recommendations created by the National Institute of Standards and Technology, a nonregulatory branch of the US Department of Commerce.

Prior to this order, most of the existing regulations have been focused on data breach events, such as the theft of credit card and Social Security numbers, instead of a cyberattack on offshore infrastructure.

“Unlike exercising oversight over other marine and offshore energy activities, regulating cybersecurity will be very challenging, as industry standards in this area are continually evolving at a rapid rate in response to ever-changing cyberthreats,” according to the law firm’s February 2015 newsletter. “The new regulatory framework will have to have some degree of adaptability to oversee cybersecurity in an evolving threat environment.”

Rigzone | 16 March 2015

Will Low Oil Prices Prompt Cutbacks in Cybersecurity Spending?

The collapse in global oil prices has prompted companies across the industry, from operators to contractors, to sharply reduce capital and operating expenditures. Are these reductions also affecting spending on cybersecurity?

Most industry experts and government authorities, including the Department of Homeland Security, US Cyber Command, and the National Security Agency estimate that over 40% of the recent cyberattacks in North America targeted the oil, energy, and resources segments. Thus, it would be unwise and inappropriate to compromise some areas of security and safeguards, whether they address workplace safety, environmental impairment, pollution, or cybersecurity, said Glenn Legge, a partner at Legge, Farrow, Kimmitt, McGrath & Brown.