Oil and gas cyber security
An EY report on oil and gas cybersecurity highlights the industry’s key vulnerabilities to attack.
Increased integration, increased risk
In the past, most operational technology (OT) networks were isolated (air gaped) from the internet and office networks and operated independently, using proprietary hardware, software and communications protocols.
However, in recent years, demand for business insight, requirements for remote network access and the spread of hardware and software from traditional IT (e.g. TCP/IP networking, Windows based platforms) caused many oil and gas companies to integrate control systems and their enterprise IT systems.
EY emphasises that this increased flexibility comes with increased IT vulnerability and provides possible access for cyber criminals to infiltrate the network and gain control of OT systems.
The nature of cyber crime
EY highlights that cyber crime has changed in recent years. There are now networks of highly skilled ‘hacktivists’ who are not interested in stealing data, but instead want to create highly visible incidents that embarrass or harm companies involved in the oil and gas industry. Taking control of and disrupting a companies OT operations is one way to achieve this.
Social engineering and its effects
IT and OT attacks often also involve non-technical methods, known as social engineering – the art of influencing people into divulging information, performing actions or unintentionally providing unauthorised access through the use of deception, coercion, fear or intimidation.
EY outlines three social engineering methods:
- Phishing – the use of bait such as fake emails, phone calls or websites to trick employees into violating an organisation’s security policy.
- Physical access – gaining entrance into the facility itself and using that proximity to access the local network.
- Portable media – the use of thumb drives and other tools to obtain unauthorised physical access to the network or introduce malicious code through authorised users.
Adapted from press release by Emma McAleavey
Read the article online at: https://www.worldpipelines.com/business-news/07072014/oil_and_gas_cybersecurity_866/
You might also like
World Pipelines Podcast: Going global with IPLOCA
In this episode, Elizabeth Corner speaks to Georges Hage, Executive Secretary at IPLOCA, about IPLOCA's insights on the culture and characteristics of the pipeline contractor community, and how it works to support sustainable energy infrastructure.
Energy industry faces short-term instability, yet remains optimistic about long-term prospects, DNV report reveals
The energy industry is braced for short-term uncertainty caused by global instability, but remains optimistic in the long-term, according to DNV’s annual Energy Industry Insights survey.
