Hackers’ New Target: The Oil and Energy Sector

A study conducted in April by Symantec Corporation, a cybersecurity firm determined that:

  • Malicious hackers and system invaders have attacked 43 percent of mining, gas and oil companies around the world at least once in 2014.
  • A separate survey conducted in the same month by Trend Micro Inc., another cybersecurity firm for The organization of American States showed that nearly 50% of energy organizations in the U.S reported attacks. This is the highest percentage among all corporate sectors and only governments have had a higher percentage of attacks.

Alvaro Cardenas, a current member at the Cyber Security Research and Education Institute and a Computer Science professor at the University of Texas said, “Nowadays you have computers running everything. You can create blackouts or oil spills and hurt a lot of people.”

Internet governance. A double edged sword

The power and utilities industry made the switch in connecting to the internet after the 2003 East Coast blackout, in order to make services more reliable and efficient.  However, this has inversely made the industry more vulnerable to attacks. With technology companies now producing and marketing web-connected home appliances, there is room for more attacks, according to Tom Kellerman, the chief cybersecurity officer at Trend Micro, a security firm.

“It’s a double-edged sword,” Kellerman said. “Currently the energy sector is woefully unprepared for protecting itself from cyberattacks.”

Big numbers. Bigger stakes

According to a study by the Ponemon Institute for Hewlett-Packard Company (HP), energy companies’ costs rose quicker than the average across all U.S. companies.

  • Damages and lost business costs for energy and utilities companies cost an industry average of $13.2 million a year, also higher than any other industry.
  • It is determined that cybersecurity spending among oil and gas companies and infrastructure will reach $1.9 billion by 2018.

Much like all big industry and enterprises, energy companies have an inherent need and requirement to protect and safeguard sensitive information. However, the stakes among energy and oil companies are much higher, with the control over power stations and drilling rigs by hackers and cyber-intruders potentially leading to disastrous and deadly consequences.

Last year alone, two high profile attacks on the oil and energy sector included “Operation Petrol and the “Sandworm” attack on North American power utilities with Russian hackers the alleged suspects. The Saudi Arabian Oil Corporation, the largest crude oil exporter in the world suffered a major attack in 2012 which affected 30,000 computers within its network.

While physical security with electric fencing, cameras and armed guards have long been prioritized by the energy industry, cyber and web security investment have quickly been made into a priority recently.