Cyber attacks growing more advanced - report
28 June 2013 21:53 GMT
Cyber attacks against the US oil and gas industry are increasing in frequency and sophistication, according to the Council on Foreign Relations.
The threats posed by state-backed intelligence outfits, industry insiders and freelance hackers is evolving and could deal a blow to US national security and economic competitiveness, the non-partisan think tank said in a report this week.
"Once in the system, an infiltrator could in theory cause the flow of natural gas through a pipeline to grind to a halt, trigger an explosion
at a petrochemical facility, or do damage to an offshore drilling rig that could lead to an oil spill," the group wrote.
"Such threats now have the potential to cause environmental damage, energy-supply outages for weeks or months, and even the loss of human life."
Cyberattacks cause an estimated $114 billion per year in damage to US businesses and another $250 billion in intellectual property loss, according to the National Security Agency.
It is not known how much of that can be attributed to the oil and gas industry, but at least one study has shown that the energy sector was hit by more targeted malware attacks over a six-month period in 2012 than any other industry.
The Council on Foreign Relations grouped cyber threats into two categories: espionage and attacks on infrastructure.
The most successful cyber attack against the US oil and gas industry is the attack dubbed Night Dragon, which occurred between 2008 and 2011. Chinese hackers are accused of stealing gigabytes of sensitive information related to field operations, financial transactions and bidding documents.
One US oil executive told the Council he believed that on at least one occassion, a rival national oil company seemed to know his companies plans in advance of a lease auction, which resulted in the executive's firm losing out on the bid.
Attacks on infrastructure are rarer but more worrisome, according to the report. Attacks like the Stuxnet virus against Iran's nuclear enrichment facilities and the Shamoon assault on Saudi Aramco's internal computer system are shots across the bow that have implications far beyond the damage they actually caused, given the increasing reliance on automated drilling systems like Scada, the report said.
"If infiltrated, (Scada systems) could cause assets like pumping stations or catalytic crackers to shut down or, worse, malfunction and destruct," the authors wrote.
"The immediate damage from an attack that physically disrupts oil and gas production could include local environmental harm, commercial losses, and on-site workforce casualties."
Even attacks that are initially thought to be contained can spread to the systems of other companies, given the amount of information sharing that is common in the industry.
After the damage was done in Iran, the Stuxnet virus was found in the systems of Chevron, though it caused no damage. After Aramco was hit, the Shamoon virus turned up on computers owned by RasGas, a joint venture between ExxonMobil and Qatar, causing it website to be disabled and its email servers to be shut down.
To combat the threat, the report says, oil and gas companies must be vigilant in bolstering their own cyber defences, and be more forthcoming when attacks occur.
"Oil and gas companies already share information with each other and some are holding ad hoc discussions with the Federal Bureau of Investigation at the city and state level," the authors wrote.
"The discussions should be formalised and extended to include more companies, but they will be no substitute for oil and gas companies investing more money and energy in their own security."