To stay competitive, energy companies have to be able to monitor every link in the production chain — from well to refinery to SUV fuel tank.
Drilling sites, pipelines and refining operations all rely on complex networks of sensors, controllers and software to maximize productivity and prevent costly accidents. Wireless devices like digital two-way radios, smartphones and tablets play a vital role in keeping the fuel flowing, but they also offer tempting targets for cybercriminals looking to compromise vital energy company data.
In a white paper published in 2014, Motorola Solutions noted that energy companies have represented 40 percent of the targets of cyber attacks. The white paper, “Protecting Operations in the Energy Sector Against Cyber Attacks,” also quoted a prediction that “cyber attacks against oil and gas infrastructure will cost companies $1.87 billion by 2018.”
Key sources of cyber attacks
Cyber attackers can have a whole host of motivations — personal, economic, political — for breaking into an energy company’s network and causing havoc. Motorola’s white paper noted three principal sources of intrusions:
- Spear phishing — Using emails that appear to be from an individual or business known to the target, spear phishers hoodwink unsuspecting users into providing access to company networks.
- Advanced persistent threats — Part of a longer-term campaign of espionage and sabotage, these attacks typically zero in on critical infrastructure. One such attack hit 30,000 hard drives at Saudi Aramco, destroying data on the oil and natural gas company’s Windows-based machines and forcing the replacement of the hardware.
- Insider threats — Employees with access to key networks have been known to lend assistance to cyber attackers.
- Newer technologies such as those controlling drilling rigs and cloud-based services
- Once-isolated plant control systems that are now integrated with corporate networks or vendors
- Private smartphones and devices used by company employees