Due to ongoing advancements, cyber-attacks have become a prevalent threat to the modern world. Systems rely on digital systems to operate which makes them vulnerable to cybercriminals. These systems include the critical infrastructure sectors. Cybersecurity in the oil and gas industry has become vital.
The oil and gas sector relies on technology to manage a vast network of global energy assets and operations. This makes tedious work easier, improves safety, maximizes profits, and keeps the industry advanced and efficient. However, this opens the industry up to several cybersecurity risks.
Cybersecurity in the Oil and Gas Industry
According to Statista, there were 21 global ransomware attacks on the oil and gas industry in 2022. It is the 5th industry sector most affected by ransomware in the last year.
The sector makes use of digital systems to assist in the extraction, transportation, and refinement of gas and oil products. This makes it an easy target for cyber threats.
A report by the US Government Accountability Office was released in 2022. It detailed that offshore oil and gas infrastructure faces significant cybersecurity risks. These risks come from threat actors, vulnerabilities, and potential impacts.
The gas and oil sector's critical infrastructure is highly reliant on technology. This reliance makes it vulnerable to cyber-attacks, as the report explains. The report also blames outdated infrastructure that may have fewer cybersecurity measures in place - such as old surveillance systems and more.
The report found that the operational technology (OT) monitoring and controlling physical equipment on sites had multiple security flaws. These flaws could permit attackers to remotely control various functions, including those crucial to safety.
CISA, the US cybersecurity agency, has released advisories about Operational Technology vulnerabilities found in 2022. These advisories detail issues such as weak encryption and insecure firmware updates.
The US Department of the Interior's Bureau of Safety and Environmental Enforcement (BSEE) is being criticised for its lack of action. A report warns that a successful cyber-attack on offshore oil and gas infrastructure could have devastating consequences. These include physical, environmental, and economic harm.
The 6 Biggest Cyber-Attacks in the Oil and Gas Industry
According to Oil and Gas IQ, companies in the oil and gas industry are attractive targets to cybercriminals because “energy infrastructure is critical to modern economies.” Aiming for these sectors ensures ripple effects that extend far beyond the scope of a regular cyber-attack. Security threats to the oil and gas industry still rank quite high.
Gartner has estimated that by 2025, hackers would have weaponized a critical infrastructure cyber-physical system (CPS) to successfully harm or kill humans.
Below are some of the biggest cyber-attacks on the oil and gas industry so far:
DarkSide Attack on Colonial Pipeline
On the 8th of May, Colonial Pipeline suffered a ransomware attack conducted by the Darkside hacking group. The attack forced the largest oil pipeline operator in the US to halt all operations.
The company shut down its 5,500 miles of pipeline. This pipeline makes up 45% of the East Coast's supply of diesel, petrol, and jet fuel. The shutdown led to fuel shortages and panic buying in multiple US states.
Joseph Blount is the CEO of Colonial Pipeline. He told The Wall Street Journal that he authorized a ransom payment of US$ 4.4 million. The executives were uncertain about the severity of the cyber-attack and how long it would take to restore the pipeline.
According to Reuters, the incident is one of the most disruptive digital ransom operations ever reported. It drew a massive amount of attention to the vulnerability of the US energy sector.
Triton Malware Attack on Saudi Aramco
In 2017, a new and deadly malware called “Triton” caused havoc. It attacked the safety systems at Saudi Aramco, the world’s largest oil company. This was the first example of malware used to directly target the safety systems of a critical infrastructure facility.
While Aramco denied the attack even taking place, a confidential report identified Aramco as the victim of the cyber-attack. The report was obtained by Foreign Policy and authored by Area 1 Security - a computer security firm founded by veterans of the U.S. National Security Agency.
The attack also marked a significant, and terrifying, point in cybersecurity for critical infrastructure. The Triton malware can be used to disable safety systems designed to prevent catastrophic industrial accidents – which are the last line of defense against life-threatening disasters.
Being used in a petrochemical plant like Aramco could have led to the release of toxic hydrogen sulfide gas or caused explosions. This would have put lives at risk, both within the facility and in the surrounding area.
Fortunately, a bug in the attacker’s computer code shut down the plant’s production systems before it could cause significant damage to operational assets and infrastructure.
Ekans Attack on Chevron
The Ekans ransomware – also known as snake ransomware - is malware that targets Industrial Control Systems (ICS) and Operational Technology (OT).
The Chevron Corporation, one of the world's largest oil and gas companies, was the victim of a cyber-attack in 2020. While the details of the attack are not public, it is believed that the attackers gained access to Chevron's systems by exploiting a vulnerability in its VPN software. It is not known whether the Ekans ransomware was involved in the Chevron cyber-attack.
Ryuk Ransomware Attack on ExxonMobil
ExxonMobil is one of the world's largest publicly traded international oil and gas companies. In December 2019, the Ryuk ransomware attacked ExxonMobil and resulted in a significant disruption of the company's operations. It specifically impacted the company's downstream business - which includes refining, chemical production, and distribution of petroleum products.
Ryuk is a type of ransomware that encrypts files on a victim's computer, rendering them inaccessible until a ransom is paid to the attacker. In the case of ExxonMobil, the attackers demanded a ransom of US$ 1.6 million in Bitcoin. It is not clear whether ExxonMobil paid the ransom or not.
The cyber-attack on ExxonMobil highlights the increasing cyber threat to critical infrastructure and businesses worldwide. It also underscores the importance of implementing robust cybersecurity measures to protect against such attacks.
LockerGoga Ransomware Attack on Norsk Hydro
Norway-based aluminum producer, Norsk Hydro, was exposed to the LockerGoga ransomware variant in a cyber-attack in 2019. The attack began with an infected email and locked the files on thousands of servers and PCs. All 35,000 Norsk Hydro employees across 40 countries were affected.
According to a publisher, LockerGoga doesn't rely on the use of network traffic or on domain name systems, or command and control servers. This allows the ransomware to bypass many network defenses.
WannaCry Ransomware Attack on Petrobras
In 2017, the WannaCry ransomware strain affected at least 100,000 organizations in 150 countries. Amongst these was the state-owned Brazilian oil company Petrobras. Reportedly, the company turned off its computers as a precaution to respond to the cyber-attack.
While these attacks all hold significance, it’s important to not feel helpless in a world with so many cyber threats.
Cybersecurity measures and frameworks are created and continue to improve globally each day to help improve oil and gas security systems.
Cyber Resilience for Companies in the Oil and Gas Sector
Building cyber resilience for your organization refers to its ability to survive and protect itself of a cyber-attack. Ensuring that your company can effectively detect, respond to, and recover from an attack is what will make it cyber-resilient.
Cyber resiliency is very important for any enterprise and has many benefits. These include improved cybersecurity, better brand reputation, and the assurance of business continuity. The oil and gas industry is an important sector that millions of people rely on.
The disruption of an oil or gas pipeline has dire ripple effects on fuel prices, supply chains, and large-scale manufacturing. Global economies, production lines, and the general public require a higher level of cyber resilience in the oil and gas sector.
Initiatives have been created by certain organizations to help achieve this level of cyber resilience. The World Economic Forum launched its Cyber Resilience in Oil & Gas initiative. This is to foster international cooperation between public and private sector leaders “to embed cyber resilience in the business culture and operating models and take a systemic approach to risk management.”
This Cyber Resilience Pledge was launched at the Annual Meeting in Davos in 2022. The pledge asks stakeholders in the oil and gas industry, governments, and academics to develop tools that will help improve and implement cyber resilience in the sector to:
- Ensure the effective adoption of cyber-resilience principles by a board of directors.
- Establish and align cybersecurity practices across the oil and gas supply chain.
- Offer financial benefits for the adoption of proven approaches by establishing a benchmarking platform for cyber-resilience best practices.
The pledge is based on the Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers which was released in 2021.
The playbook is designed to help boards of directors take action on cybersecurity. It presents six principles to help boards at oil and gas companies govern this risk and strengthen their organization's cyber resilience.
Sourced from World Economic Forum
Establishing cyber resilience in the oil and gas industry leads to an effective cybersecurity infrastructure.
Developing a Cybersecurity Strategy for the Oil and Gas Industry
A cybersecurity strategy is a plan that focuses on the prevention of cyber-attacks rather than simply the detection of them. Gartner has said that by 2023, 75% of organizations will restructure risk and security governance to address the widespread adoption of advanced technologies, an increase from fewer than 15% today.
Gartner went on to research the ways Security and Risk Management (SRM) leaders can improve and advance their cybersecurity approach. These aspects were highlighted:
- Change your thinking: Try to understand your current situation and where you’re headed.
- Create a chain reaction: Take intentional steps that will generate momentum.
- Eliminate obstacles: Remove restrictions or limitations on the security’s function to meet business demands and progress.
- Evolve your execution: Update existing security roadmaps as needed and retire initiatives no longer aligned to the company's digital trajectory.
The World Economic Forum also released a set of guiding principles that will help industry stakeholders in the gas and oil sector to implement better cybersecurity strategies:
- Establish a comprehensive cybersecurity governance model.
- Promote a security and resilience-by-design culture.
- Increase visibility of third-party risk postures and consider a broader ecosystem impact.
- Implement holistic risk management and defense mechanisms with effective preventive, monitoring, response, and recovery capabilities.
- Prepare and test a resilience plan based on a list of pre-defined scenarios to mitigate the impact of an attack.
- Strengthen international public-private collaboration between all stakeholders in the industry.
Another example of cybersecurity strategies in action is in Italy. A National Cybersecurity Strategy was launched in the country to give 1.2% of gross national investment to cybersecurity each year.
The oil and gas sector plays a crucial role in a functional society. Cyber-attacks disrupt operations and lead to severe repercussions across the globe. Developing a cybersecurity strategy is not only an added layer of protection but a necessary one.
How to Mitigate the Threat of Cyber-attacks for Better Oil & Gas Cybersecurity
While several different cyber-attacks exist, it’s important to invest in ways to prevent the risk of these threats entirely. This is especially important for a critical sector like oil and gas.
In 2022, the New Jersey Cybersecurity and Communications Integration Cell released a threat-analysis report. The report concluded with high confidence that the oil and gas industry is at high risk from cyber attacks. Additionally, the energy sector is a priority target for state-sponsored threat actors, cybercriminals, and hacktivists.
The concern comes from New Jersey’s high-risk levels. It's a major distribution center for petroleum products – with 3 operating oil refineries and 5 key interstate natural gas carrier pipelines.
As a result, the report has also drawn up a list of recommendations to mitigate the threat of cyber-attacks in this oil and gas industry that include:
- Tamper-Resistant Controls On Field Devices: The use of field devices with secure hardware security controls will help to prevent any physical tampering. Better surveillance solutions and pipeline security systems would also help here.
- Patching And Updating for Oil & Gas Cybersecurity: Updates for critical operating systems and ICS software should be installed immediately. Regular check-ups should be done to ensure that the antivirus and other cybersecurity software used are always working properly. Unused remote access points and RDP ports should be monitored as well.
- Encryption: End-to-end encryption on all devices should be required and include embedded security. In some cases, certificate pinning (SSL pinning) must be required to avoid spoofed devices and this includes protection from side channel attacks that can compromise encryption keys.
- Authentication and Access Control Procedures: Facilities should implement strict authentication and authorization procedures for their employees and all software entities. Develop access control measures to prevent unauthorized access to critical cyber systems and enhanced security cameras.
- Penetration Testing and Internal Auditing for Oil & Gas Cybersecurity: All facilities must implement rigorous vulnerability assessments and penetration testing audits regularly to ensure continuous analysis of operational systems.
- Employee Training and Awareness: All employees working on critical systems must have proper training or certifications to support the elevated threat level of their positions. Human error and phishing attacks are most effectively avoided through proper employee awareness rather than technical means. Implement proper cyber hygiene practices to ensure effective cybersecurity.
- Creation of Backups: Regularly back up essential data, air gap, and password-protect backup copies offline. Ensure that copies of critical data are not accessible for modification or deletion from the system where the data resides.
- Recovery Plans for Enhanced Oil & Gas Cybersecurity: Create a recovery plan. Keep multiple copies of sensitive and proprietary data and servers in a secure, segmented, and physically separate location. Such locations include hard drives, storage devices, and the cloud. Establish, test, and update incident response plans and continuity of operations plans (COOPs).
- Ensure Password Security: Use Multi-Factor Authentication (MFA) where possible and ensure the use of strong passwords. Regularly change passwords for network systems and accounts, implementing the shortest acceptable time frame for password changes. Avoid reusing passwords for multiple accounts.
- Email Security: Consider adding an email banner to messages originating outside your organization and disabling hyperlinks in received emails.
Sangfor’s Cybersecurity Solutions
Sangfor also offers advanced threat detection and response tools that can collaborate and coordinate to maintain the highest security measures.
While we can't offer physical security to help in protecting oil, Sangfor offers clear security solutions for your network. These will find and remove any potential threat to the network before a cyber-attack can even happen.
Some of Sangfor’s most innovative and comprehensive cybersecurity solutions include:
Next-Generation Firewall
The AI-powered Sangfor Next-Generation Firewall (NGFW) can identify malicious files at both the network level and endpoints. Neural-X and Engine Zero provide advanced malware detection and protection. This provides comprehensive and holistic protection from all threats with easy operation. Any security threats are quickly and effectively curbed.
Endpoint Secure
The Next-Generation Firewall is also used in conjunction with Sangfor’s Endpoint Security to identify malicious files at both the network level and endpoints.
The Endpoint Secure platform offers comprehensive protection against malicious software and Advanced Persistent Threats across your organization's entire network. It is easy to manage, operate and maintain.
The platform also received the AV-TEST “Top Product” award for achieving 100% ransomware protection against zero-day malware.
Incident Response
Lastly, Incident Response is a Sangfor service geared towards flexible, fast, and effective elimination and prevention of cyber-attacks. The focus of incident response is locating and eradicating threats while implementing active disaster recovery and providing tailored analysis to help safeguard your company from future cyber-attacks.
For more information on Sangfor’s cyber security and cloud computing solutions, visit www.sangfor.com.