Oil companies fell behind in hardening their computer control systems against cyberattacks after the collapse of crude prices more than 3 years ago, putting security initiatives on hold while state-sponsored hacking groups became more proficient at probing US energy networks, according to cybersecurity experts.
Oil and gas cybersecurity teams faced funding shortfalls for projects to protect networks that run pipelines, drilling rigs, and other oil field operations as energy companies slashed thousands of jobs and cut production, security professionals said in recent interviews and conferences. Meanwhile, the worst of the downturn in early 2016 and some of the deepest cuts to jobs and spending coincided with an intensifying campaign of online attacks on energy networks by hackers backed by the Russian government, according to a recent report by the FBI and Department of Homeland Security.
The hackers almost certainly penetrated the networks, according to government and private cybersecurity specialists, likely with the aim of testing detection capabilities and responses and preparing for a a day when they could launch an attack aimed at shutting down operations or damaging facilities. Attacks that interrupted the flow of power or crude oil or gasoline could disrupt, if not derail, the US economy.
During an oil bust, said Paul Brager Jr., a cybersecurity specialist at Houston oil field services firm Baker Hughes, “projects, capabilities, and needs that aren’t exactly on top of mind go to the bottom of the pile.”
In recent years, federal authorities, and security consultants have warned of the vulnerability of the US energy industry to cyberattacks, pointing to outdated software that hackers can easily crack, a vast network of internet-connected devices that provide avenues to control systems, and lack of monitoring and detection of attempted intrusions. In many cases, specialists said, companies can’t tell if hackers have penetrated their networks or if they are still lurking in their systems.
Read the full story here.
Don't miss our latest HSE content, delivered to your inbox twice monthly. Sign up for the HSE Now newsletter. If you are not logged in, you will receive a confirmation email that you will need to click on to confirm you want to receive the newsletter.
3 Oct 2019
- Calgary, Alberta, Canada
Being Human - reserve your place at this one-day course
3 - 4 Oct 2019
- Calgary, Alberta, Canada
For a better understanding of geomechanical factors, attend this course
1 Nov 2019
- Bali, Indonesia
Don't miss out!
9 - 11 Nov 2019
- Abu Dhabi, UAE
The programme combines expert input, case studies, and immersive scenarios from the E&P and other industries to embed your learning and enable you to progress to the next level of your career.
10 Nov 2019
- Abu Dhabi, United Arab Emirates
Safety Leadership focuses on the ‘Human Factors’ (HF) which complement technical training to optimize reliability, safety, compliance, efficiency and risks within a team-based environment.
This course will help you develop a better understanding of factors that could impact your daily economic decisions as well as establish a new set of applicable tools to use in your professional career.
Through this workshop, attendees will go through the different processes involved in strategic planning including the elements of organizational SWOT, business scenario and options development, elaboration of strategic options and communication to stakeholders.
HSE Now is a source for news and technical information affecting the health, safety, security, environment, and social responsibility discipline of the upstream oil and gas industry.
©2003-2019 Society of Petroleum Engineers, All Rights Reserved.