Rigzone | 17 November 2015

Changing Human Behavior Key To Thwarting Cybersecurity Attacks

Despite increased spending on technology to stave off cyberattacks, companies are getting compromised more and taking bigger hits.

The revenue of cybersecurity companies traded on the public market grew an annual average of 20% last year, said Rohyt Belani, cofounder and chief executive officer of PhishMe, during a keynote presentation at the API Cybersecurity Conference in Houston.

But a PricewaterhouseCoopers report found that the number of reported cybersecurity incidents rose by 48% this year and the number of companies reporting cyber-related financial hits of over USD 20 million grew by 92%.

“We love silver bullets in cybersecurity,” Belani said.

However, companies using this approach will likely fall flat on their face. Just like living a healthy lifestyle is no guarantee against a person getting cancer, cybersecurity is about mitigating risk and rapidly responding to events. But cybersecurity preparedness provides no guarantee that an incident won’t occur.

“Often what I find is that people equate compliance with security,” said Belani, but compliance isn’t enough. Instead, a threat-based approach is needed.

Rigzone | 17 November 2015

Security Chief Says Cybersecurity Ranks as Top Long-Term Threat to Statoil

While terrorist attacks grab headlines, cybersecurity poses the greatest long-term threat to Statoil ASA’s global oil and gas operations.

The 2013 terrorist attack on Statoil, BP, and Sonatrach’s jointly held facility in El Amenas, Libya, prompted Statoil to set up an independent investigation to assess the risk of a similar attack occurring in the future. The company’s report on the incident, published in September 2013, concluded that the company lacked a security culture and the security it had in place was not fit-for-purpose for a company with international aspirations.

After completing its assessment, Statoil determined that the great long-term threat to its operations came not from physical attacks but from cybersecurity attacks, Adrian Fulcher, head of security threat assessment at Statoil, told attendees at the API Cybersecurity Conference in Houston.

While the company operates in a number of challenging environments worldwide, most of Statoil’s assets are on the Norwegian continental shelf, Fulcher said. As a possible consequence, the company has had a fairly easygoing security culture, which also extended to Statoil’s cybersecurity culture.

“If we were to suffer a major large-scale accident as a result of an attack on our industrial control systems, it is something that would shape and change the future course of the company in a big way,” Fulcher said.

Dark Reading | 5 November 2015

How Hackers Can Hack the Oil and Gas Industry With ERP Systems

Researchers at the Black Hat Europe conference in November will demonstrate how SAP applications can be used as a stepping stone to sabotage oil and gas processes.

Hackers can exploit weaknesses in enterprise resource planning (ERP) systems on oil and gas firms’ corporate networks in order to sabotage pipeline pressure or hide oil spills, researchers have discovered.

Researchers at Black Hat Europe, set for 10–13 November in Amsterdam, will demonstrate these and other attacks on oil and gas networks by abusing holes in SAP ERP applications used in the industrial sector. Oil and gas industrial networks rely on ERP software to help manage and oversee the oil and gas production and delivery processes.

“We want to show that not only Stuxnet-type attacks using USB are possible,” said Alexander Polyakov, chief technology officer and founder of ERPScan, who, with Mathieu Geli, a researcher with ERPScan, will demonstrate several proof-of-concept attacks at the conference. An attacker could hack the systems remotely over the Internet, he says, or from the oil and gas firm’s corporate network.

“SAP is a key to this kingdom because it has a lot of products specifically designed to manage some processes such as operational integrity or hydrocarbon supply chain. Since SAP systems are implemented in, if I’m not mistaken, about 90% of oil and gas companies, this key can open many doors,” he said. “SAP is connected with some critical processes which, in their turn, are connected with other processes, and so on.”

Valley News | 20 October 2015

Dartmouth College Receives USD 925,000 Cybersecurity Grant

Dartmouth College has received nearly USD 1 million from the Cyber Resilient Energy Delivery Consortium as part of its USD 28.1 million effort to create and foster cyberattack-resistant systems for electric power and oil and gas industries.

The consortium includes 11 national laboratories and universities and is led by the University of Illinois. It is a successor to earlier efforts to create trustworthy cyberinfrastructure for the power grid. Dartmouth has been a partner in the project since the beginning 10 years ago, according to a news release from the college.

The funding comes from the US Department of Energy.

Dartmouth’s USD 925,000 grant “will improve the protection of the US electric grid and oil and natural gas infrastructure from cyberthreats,” according to a statement from the Energy Department posted on Dartmouth’s website.

Rigzone | 20 October 2015

Security in Oil and Gas: The Threat From Within

Since the Second World War, one of the realities of the upstream oil and gas industry is that it often has to operate in dangerous parts of the world. Being a precious commodity that much of the modern world relies upon in order to function, access to oil itself is a driver of political turmoil and can be blamed—at least in part—for numerous conflicts from the Suez Crisis in 1950s through the Gulf War in the 1990s to today.

Right now, one of the major threats to oil and gas assets, and to engineers and other frontline staff, based in the Middle East and Africa is from Islamist terrorism. No single event comes closer to exemplifying this threat than the January 2013 attack against expatriate and local energy company workers at the In Amenas gas processing facility in Algeria.

That incident became a 4-day siege that resulted in the deaths of 39 foreign hostages and an Algerian security guard.

At the recent Offshore Europe conference in Aberdeen, the In Amenas atrocity was discussed in some detail by Adrian Fulcher, a British counter-terrorism specialist who served on Statoil ASA’s special investigation team that looked into the incident.

Taking part in a conference session on security of personnel and assets, Fulcher explained that the attack on In Amenas was extremely well planned and prepared and that it was carried out by people who had the ability to be flexible and think on their feet when dealing with contingencies.

The terrorists had navigated through the desert during the night to arrive at the break of day and then had complete control of a 10-square-kilometer area that encompassed the In Amenas gas facility. They separated out the foreign staff from the local employees, and they knew some of these expats workers and managers by name while they were able to identify others using documentation that they found at the facility. It was clear that they had had insider help.

“There was an impressive amount of intelligence, insider support and preplanning. I think that’s … a characteristic of the threat profile that, more widely, the industry has to face. That the people who threaten us, whether they’re terrorists, whether they’re cybercriminals or whether they’re organized criminals, they increasingly do their intelligence homework first,” Fulcher said.

“They look at us very hard, they seek to understand how we operate and where our vulnerabilities are, and they exploit those vulnerabilities against us. And how do they do that? Typically, with insider support.”

The implication is that oil and gas companies are going to have to spend a lot more time and effort vetting their employees—particularly those who work in politically sensitive parts of the world.

Houston Chronicle | 19 October 2015

Column: Oil and Gas Industry Must Face Challenge of Cybersafety

The oil and gas business is a significant part of Texas history and culture and a major economic contributor to our overall state economy. Houston and Dallas are widely recognized for their part in the industry, but many might be surprised at the substantial number and size of oil and gas companies in San Antonio, Austin, Midland, and smaller cities throughout Texas.

New production technologies have led to a recent boom of “unconventional” production in both older fields and new areas where drilling was previously untenable. The Texas economy has thrived with shale production and offshore exploration and drilling. But the current climate of low oil prices and decreasing global demand has already significantly affected our economy, and there are other, less visible threats.

I recently attended an oil and gas conference in Houston geared specifically toward the industry’s unique cybersecurity challenges. While oil and gas organizations share similar cybersecurity concerns with every information-technology organization, they also have the added responsibility of protecting the critical infrastructure-control systems that run many aspects of upstream and downstream operations. But, until recently, the industry has been slow to act on the risk.

We now live in a world where cyberattacks can result in physical, and possibly catastrophic, damage and loss of life if these control systems are compromised.

Offshore Engineer | 19 October 2015

The ISIS Threat

While much of SPE Offshore Europe focused on the North Sea, there was also a strong global focus, via UK Trade and Investment’s country briefings, as well as keynote sessions looking at global security issues.

Oil and gas assets in the Middle East and Africa are facing an increase threat from ISIS, a security expert has warned, as the group grows and seeks to acquire new territory.

Al-Qaida and jihadist expert Aymen Ali Dean told delegates on Day 2 of SPE Offshore Europe during one of the keynote sessions how Al-Qaida has become more dangerous since 2004–06 when its ideology prompted a change in strategy.

“If you took 10 Al-Qaida leaders in 2004–05 and asked what they wanted, you would get 20 different answers,” Dean told show delegates. Today, he said, the organization has featured a lack of discipline and commitment from recruits.

But its approach has been refined, and today the Islamic State group (ISIS) and jihadists pose a threat to the security of the energy industry, delegates heard.

But the organization’s logic has dictated that no jihad—holy war—can exist without an imam, and an imam cannot exist without a state and that, therefore, a state and an imam have to exist first, before a jihad—directed against the West—can be pursued, explaining why ISIS is now seeking to establish a caliphate, or Islamic state, within Syria and Iraq.

Rigzone | 15 October 2015

Life in Libya: The Endurance of Eni

Eni has faced a spate of security threats in Libya since the beginning of the revolution that ousted Muammar Gaddafi in 2011. The most recent incident occurred 31 August, when a car bomb exploded in front of the headquarters of Mellitah—a joint oil and gas venture between Eni and the Libyan state oil firm National Oil Corp. (NOC). The attack  caused damage to the facility that Islamic State militants claimed in a twitter statement the next day.

In July of this year, the Italian foreign ministry (Farnesina) reported that four Italian employees of oil services firm Bonatti had been kidnapped in the vicinity of the Mellitah compound, and Reuters revealed in June that Yousef al-Shoumani, a manager at the Mellitah oil and gas consortium, had also been taken by abductors. Other notable incidents since the start of the 2011 revolution include:

  • A strike in April 2015 by Libyan security guards protecting the El Feel oilfield, co-owned by NOC and Eni, which forced the facility to close
  • A firefight in 2013 between former rebel fighters from Zuwara and those guarding Mellitah, which led to Libya temporarily stopping gas exports to Italy from the Mellitah complex
  • The 2011 civil war, which forced Eni to temporarily halt production at almost all of its Libyan facilities early that year

A range of companies have scaled back upstream operations in Libya because of the country’s political instability. Royal Dutch Shell abandoned two exploration blocks in Libya in 2012, blaming the decision on disappointing exploration results, although reports at the time indicated the company was also concerned about the insecure situation in the North African country. In September 2013, Exxon Mobil cut back its staff and operations in the region following its decision that the security situation in Libya no longer justified a large presence, Reuters reported, and Marathon Oil was considering the sale of its stake in Libya’s Waha Oil company, before its efforts were blocked. Total said in its first quarter 2015 results, released 28 April, that it halted production in the country in February because of the “deteriorating security conditions in Libya,” and BP announced 28 July that it had written-off USD 600 million of exploration costs in the region, “primarily due to circumstances in the country.”

Washington Examiner | 3 September 2015

Energy Secretary Says Cyberattacks Threaten Natural Gas Industry

The administration is seeing a “big and growing threat” from possible cyberattack against the nation’s natural gas infrastructure, as well as new cars and the sprawling traffic management system.

Energy Secretary Ernest Moniz discussed the threat on 24 August while addressing Democratic Minority Leader Harry Reid’s National Clean Energy Summit in Las Vegas.

He said the utility sector is usually the “poster child” for the threat the US faces from cyberattacks, but there is also a threat to natural gas compressor stations, vehicle traffic management system, and new cars and trucks that have much more digital hardware that makes them increasingly vulnerable to being hacked.

He said much more has to be done on training cybersecurity specialists to counter the threat, but “training of professionals [is] … not keeping up with demand.”

Reuters | 19 August 2015

Iraqi Kurdistan Says Oil Pipeline Sabotage Cost It USD 501 Million

Repeated sabotage by “organized gangs” of the oil pipeline from northern Iraq to Turkey has cost the autonomous Kurdistan region USD 501 million since 1 July, its ministry of natural resources said on 18 August.

The flow of oil is currently suspended because of a theft attempt on the pipeline, which runs to the Turkish port of Ceyhan from fields in Iraq’s Kurdish north and Kirkuk.

The pipeline was previously idled for a week after being blown up by members of the Kurdistan Workers’ Party (PKK) in late July, when Turkey began bombing the outlawed group in northern Iraq.

The PKK later denied the attack had been ordered by its leadership, and said it would not target the pipeline.

But the Ministry of Natural Resources appeared to blame the PKK for the latest disruption, saying the “organized gangs” behind it were understood to have close links with the perpetrators of the July attack.

Reuters | 17 August 2015

Islamic State Attacks In and Around Iraqi Refinery Town

Islamic State militants attacked the outskirts of Iraq’s northern oil refinery town of Baiji overnight on 13 August with car bombs and clashed with the army and Shi’ite militias in the town’s western districts, the local mayor and security sources said on 14 August.

The town of Baiji and its refinery—Iraq’s largest—have been a battlefront for more than a year. The hardline Islamists seized the town in June 2014 as they swept through much of northern Iraq toward the capital Baghdad.

Control of Baiji neighborhoods has changed hands many times during the conflict. Authorities said last month they had recaptured most of the town, but the radical jihadist group attacked central neighborhoods days later, forcing pro-government forces to pull back.

Reuters | 14 August 2015

Libya’s El Feel, El Sharara Oilfields Remain Closed

Libya’s El Sharara and El Feel oilfields remain closed because of protests and a pipeline blockage, oil officials said on 10 August.

Tribal elders have been trying for months to resume work at both fields, which could add some 400,000 B/D of crude, doubling Libya’s current output.

Unconfirmed postings on social media suggested there had been progress in the talks, but Mohamed El Harari, spokesman for state oil firm NOC, said the fields were still closed.

An oil source at the western Zawiya port linked to the El Sharara oilfield said there were efforts to reopen the 340,000-B/D field but so far there was no breakthrough. An engineer at El Feel also said there was no sign of output resuming.

The two oilfields have been shuttered by salary demands from security guards and the country’s conflict between the two rival governments vying for control of the north African OPEC state.