Oil and gas cyber security

An EY report on oil and gas cybersecurity highlights the industry’s key vulnerabilities to attack.

Increased integration, increased risk

In the past, most operational technology (OT) networks were isolated (air gaped) from the internet and office networks and operated independently, using proprietary hardware, software and communications protocols.

However, in recent years, demand for business insight, requirements for remote network access and the spread of hardware and software from traditional IT (e.g. TCP/IP networking, Windows based platforms) caused many oil and gas companies to integrate control systems and their enterprise IT systems.

EY emphasises that this increased flexibility comes with increased IT vulnerability and provides possible access for cyber criminals to infiltrate the network and gain control of OT systems.

The nature of cyber crime

EY highlights that cyber crime has changed in recent years. There are now networks of highly skilled ‘hacktivists’ who are not interested in stealing data, but instead want to create highly visible incidents that embarrass or harm companies involved in the oil and gas industry. Taking control of and disrupting a companies OT operations is one way to achieve this.

Social engineering and its effects

IT and OT attacks often also involve non-technical methods, known as social engineering – the art of influencing people into divulging information, performing actions or unintentionally providing unauthorised access through the use of deception, coercion, fear or intimidation.

EY outlines three social engineering methods:

  • Phishing – the use of bait such as fake emails, phone calls or websites to trick employees into violating an organisation’s security policy.
  • Physical access – gaining entrance into the facility itself and using that proximity to access the local network.
  • Portable media – the use of thumb drives and other tools to obtain unauthorised physical access to the network or introduce malicious code through authorised users.

Adapted from press release by Emma McAleavey

Published on 07/07/2014

Get your FREE Oilfield Technology magazine »

Get your FREE trial of Hydrocarbon Engineering magazine »

Get your FREE trial of World Pipelines magazine »


Related articles

Insurers have bigger role to play in fighting cyber attacks

AEGIS London’s active underwriter David Croom-Johnson speaks at the Houses of Parliament in London.

Strengthening cyber security in the oil and gas industry

The American Petroleum Institute (API) has expressed its support for the new Oil and Natural Gas Information Sharing and Analysis Center.

Cyber security

Sourcefire explains how the energy industry can put the power back in its own hands.

Sustained threats to oil and gas infrastructure boost need for security

According to a recent report by Frost & Sullivan, cyber security threats will oil and gas forms to take up increased security measures.

Recommend magazines

  Hydrocarbon Engineering  LNG Industry  Oilfield Technology  World Pipelines