Oil & gas cyber threat

Livingston, UK – Information security breaches at businesses, government agencies and industrial companies worldwide are occurring with increasing frequency and at great cost to the victims of these attacks.

While none of the North Sea’s major players have publicly admitted to being victims of such a breach, a recent statement from the Head of MI5, stating that cyber attacks by a foreign state resulted in a British company losing £800m in revenue, provides evidence that such attacks are possible, if not already happening.

As the oil and gas industry has increased its reliance on technology over recent years, it has opened itself up to new forms of security breaches, notes Sam Mackay, chief executive of Livingston-based Asset Guardian Solutions Ltd.

Process critical systems, controlled by software, are frequently the most vulnerable with security breaches potentially resulting in lengthy shutdowns and impact assessments, added Mackay, whose firm specialises in software protection for the process and manufacturing industry.

“Unfortunately there are currently no silver bullet solutions to prevent such attacks, he said. “However, there are ways to ensure that recovery is as quick and efficient as possible.

“To minimise the losses associated with information security breaches, companies need to not only look at protection, but also ensure that they have adequate software management and back-up for their data and process critical software. Effective ‘back-up’ will allow such companies to access the right version of ‘clean’ software from a secure source which is protected from any unauthorised access.

“This latter point is very important. Research suggests that a significant proportion of security incidents are perpetrated by insiders. So ensuring the right person has access to the right information, and at the right time, is critical to guaranteeing effective management and security.

“As cyber attacks increase with frequency, unprotected software systems will become an even greater liability. The UK’s oil and gas companies should act now to ensure that they are able to recover from such an attack as quickly as possible.”

“The UK is by no means alone in facing the challenges posed by cyber attacks. The Department of Homeland Security’s investigative division - ICS-CERT - recently publicly raised awareness of the problem in what it has referred to as the “Gas Pipeline Cyber Intrusion Campaign”.

“Elsewhere in world, Iran’s national oil company was the subject of a cyber attack back in April this year, followed by nearly three days of impact assessment. Iran subsequently blamed the Flame virus for causing data loss on computers in the country’s main oil export terminal and Oil Ministry.

“Alarmingly, upon further analysis of the virus, Symantec Corp. identified a component of Flame that allows operators to delete files from computers, which means it can cause critical programs to fail or completely disable operating systems.”