The US: Oil and gas networks, potential targets for cyber criminality

Hardly a day goes by without the announcement of another significant data breach. What was once a nuisance, oriented around petty theft and vandalism, has become an industry in its own right? An industry costing companies billions of dollars a year through extortion, theft, and espionage. In addition, in recent years a wide variety of hacking tools have been released or made available for purchase. These tools allow relatively unskilled hackers to simulate the behavior of highly skilled professionals. In essence, hacking has now become as easy for them as using an app on an iPhone is to the rest of us. This phenomenon is known as the “democratization of hacking”. In addition to professional criminals and nation states, your network must deal with highly enabled amateurs. As a result, the number of threats is increasing at a stunning rate. In contrast, the number of lucrative targets is increasing at a slower rate, meaning the number of hackers per target is increasing. In other words, if they haven’t gotten around to your network yet they will get to it eventually.

The Oil and Gas industry (O&G) is a particularly attractive target for a variety of reasons: First, the cash flow within the industry is very high. O&G networks also tend to be highly geographically dispersed leading to significant use of various telecommunication mediums for moving data, data that has great economic value of interest to competitors such as nation state owned oil and gas companies (with nation state level hackers). Finally, and perhaps most concerning, the highly complex and integrated operations of O&G networks rely heavily on computerized mechanisms, tampering with which could be catastrophic.

Whether the object of the hack is to skim money off the cash flow, steal proprietary data, or sabotage O&G infrastructure, these threats are extremely serious and the defense against such threats must be equally serious.

While the statements above may seem largely theoretical, it is reflected in the real world. For example, in a recent survey more than 80% of Oil and Gas industry respondents reported a successful network breach. Deloitte’s 2017 hacking report indicated that 75% of US O&G companies were attacked by a hacker at least once in 2016.


Read more about these potential facts on: PennEnergy.