Analysis by GlobalData shows that despite a 35% decline in cybersecurity mentions in global oil and gas company filings in the second quarter of 2024 compared to the previous quarter, full-year mentions are expected to surpass those of 2023 and reach a new high in the next one to two months.

These concerns are not unfounded, as both the UK National Cyber ​​Security Centre and the White House have been prompted to warn of a growing cyber threat to critical national infrastructure (CNI) organisations.

In May, Edgard Capdevielle, CEO of operational technology and cybersecurity company Nozomi Networks, spoke to Offshore Technology’s sister site Verdict about the threat faced by countries’ CNI. He said that a decade ago, the sector was barely affected by cyberattacks, but ten years later: “The type and frequency of attacks has increased dramatically.”

This view is shared by Anthony Young, CEO of CNI cybersecurity firm Bridewell. He said that while financial services firms were once the main target of cyber attackers, cyber attackers have now recognised the financial and political potential of disrupting the CNI.

Many of these attacks are indeed purely for financial gain, but Richard Hummel, head of threat intelligence at Netscout, told Verdict: “I would say there are more attacks related to geopolitical events than ever before. Honestly, if I had to pinpoint the tipping point, it was Russia’s invasion of Ukraine.”

The changing threat landscape is of particular concern for the oil and gas sector. Attacks can not only disrupt supplies, they can also be deadly, with explosive commodities potentially being used as weapons.

Speaking to Offshore Technology, Andrew Lintell, General Manager for EMEA at Claroty, a cyber-physical system protection company that provides industrial cybersecurity controls for oil and gas companies, outlined the evolving threat to the sector, the motivation of perpetrators and what organizations need to do to protect themselves.

How have cyber threats in the oil and gas industry evolved over the years?

Andrew Lintell: The biggest development in recent years is the digital revolution that has transformed the oil and gas industry. It has introduced technologies such as the Internet of Things (IoT), artificial intelligence (AI), virtual reality and big data analytics that have driven efficiency and innovation. However, digital transformation has also brought new challenges and exposed the sector to complex cyber threats.

Major cyberattacks such as the Colonial Pipeline and the ARA refinery center attack are evidence of how an attack on the oil and gas sector can impact the daily lives of individuals. The attacks have also highlighted the vulnerability of critical infrastructure and led to stricter regulations.

As a result, new policies and standards have been introduced such as the TSA Guideline for Pipeline Owners and Operators, IEC standards, ISO/IEC 27001 and NIST CSF. However, complying with these evolving regulations is a burden, especially for smaller companies that may struggle with the associated costs and resource requirements.

In addition, much of the industry’s infrastructure is outdated. The legacy systems are often outdated and lack the necessary security patches, making them prime targets for cyberattacks. Among standards, the IEC standards (particularly IEC 62443) specifically address the challenges of securing legacy systems, while ISO/IEC 27001 and NIST CSF promote risk management practices that fundamentally cover legacy infrastructure, although they do not explicitly focus on it.

What type of perpetrators pose the greatest threats today?

Over the past decade, state actors have increasingly advanced cyber threats, particularly targeting critical infrastructure sectors such as oil and gas, energy, healthcare and telecommunications. These attacks are often motivated by espionage, sabotage and the desire to influence geopolitical events.

But now, with the advent of AI, even the most amateur criminal gangs can carry out sophisticated cyberattacks at the highest level. Adversaries can use machine learning to automate attacks, evade detection, and execute sophisticated threats. They can also orchestrate attacks such as AI-powered phishing, deep fake scams, and automated vulnerability exploitation.

Nation-state-backed cybercriminals, whose modus operandi is to cause maximum disruption, are increasingly using AI-powered tactics such as targeted phishing and automated vulnerability exploitation. These threats, which specifically target critical sectors such as oil and gas, will only intensify as AI becomes more commonplace and the industry becomes a prime target for such disruptive attacks.

To what extent has geopolitical turbulence increased the threat within the sector?

Fluctuating oil prices caused by geopolitical tensions, economic instability and environmental pressures create a volatile environment that makes long-term planning and investment difficult. Trade pressures, political instability in key producing regions and disruptions such as the shift in energy trade between Europe and Russia exacerbate the threat.

The financial uncertainty these issues bring often forces companies to cut costs, with cybersecurity often being the first to suffer. Such cuts in cybersecurity investments can have serious financial, reputational and regulatory consequences in the long run. The cost of a breach is almost always higher than the cost of investing in effective cybersecurity measures and tools.

The industry’s increasing reliance on modern extraction methods such as offshore drilling and fracking also further complicates the situation. These methods are highly dependent on networked operational technology (OT) systems, industrial control systems (ICS) and SCADA systems.

The integration of these systems into various processes creates more entry points or a larger attack surface for cybercriminals to exploit. Because these systems are often connected to both IT networks and physical machines, a breach can cause significant disruption, including the potential manipulation of physical operations, making the sector more vulnerable to sophisticated cyberattacks.

What types of cyberattacks are the industry most at risk from?

Because the oil and gas sector is classified as critical national infrastructure, a successful ransomware attack can have devastating consequences, not only financially but also in terms of public safety.

This year, 67% of energy, oil, gas and utility companies were hit by ransomware, with 80% of these attacks resulting in data encryption. To make matters worse, the financial impact is severe, with recovery costs averaging $3.12 million per incident. As mentioned above, the fact that so many legacy systems are used in the oil and gas sector is also a major problem.

Legacy systems and outdated designs lack the strong security measures to counter modern threats. These systems often run on outdated operating systems that no longer receive security updates, making them prime targets for cyberattacks such as data leaks and ransomware. The incompatibility of these legacy systems with modern security tools further exacerbates their vulnerability.

How should companies in the industry protect themselves?

To effectively protect the oil and gas sector from cyber threats, comprehensive visibility of all cyber-physical systems (CPS) within the OT environment is essential. Maintaining a real-time inventory of all assets at well sites, pipelines, refineries and plants is fundamental to industrial cybersecurity. Without this detailed understanding, securing these assets becomes an overwhelming challenge.

Another key strategy is seamless integration of IT and OT systems. Since many CPSs in the oil and gas industry are based on legacy systems and proprietary protocols, compatibility with traditional IT systems can be an issue. Instead of overhauling existing technology stacks, companies should adopt solutions that extend IT tools and workflows into the OT environment, ensuring unified security management.

In addition, it is important to consistently apply IT security controls and governance in OT environments such as SCADA systems and ICS, as these often lack effective cybersecurity measures. Unified security governance for IT and OT is necessary to build resilience against cyber threats.

Finally, network segmentation is critical. By isolating critical systems and sensitive data, organizations can limit the spread of malware and reduce the impact of potential attacks. This enables tailored security policies that are tailored to the specific needs of each network segment.

What does the future of cybersecurity look like in the oil and gas industry?

With digitalization now a necessity for the sector, modern defenses must also be a top priority. The future of cybersecurity in the oil and gas industry will be defined by the integration of modern technologies and the need for a proactive, resilient approach. AI and machine learning will play a critical role in detecting and responding to threats, enabling real-time monitoring and automation of security processes.

In addition, the convergence of IT and OT environments requires a unified security strategy that addresses both traditional IT threats and the unique vulnerabilities of operational technology.

With geopolitical tensions rising, organizations must prioritize network segmentation, asset visibility, and continuously updating their security frameworks. Adopting zero-trust architectures and improving regulatory compliance will also be critical. Ultimately, a strong, adaptable cybersecurity posture will protect the industry’s critical infrastructure and ensure its operational continuity in the face of evolving threats.

?

Read the latest issue of World Pipelines magazine, featuring pipeline news, project reports, industry insights and technical articles.

World Pipelines’ August 2024 Issue

The August 2024 issue of World Pipelines includes a main section on pipeline project management, as well as technical articles on inspection, condition assessment, maintenance and surface preparation. We also cover OT software, CO2 and hydrogen pipelines, and pipeline construction topics.

Read the article online at: https://www.worldpipelines.com/business-news/19082024/globaldata-cyberattacks-a-growing-threat-for-oil-and-gas/