Three Out of Four Energy Companies Hit by Cyber-Attacks in the Last Year

Global hacking attempts have become increasingly more prevalent over the past few years. Governments, companies, and individuals alike have been victims of these attacks. Hackers targeting governments and political figures often intend to leak classified information, expose corruption, or even attack a candidate in order to see their side win.

Hackers who target large corporations often seek monetary gain, attempt to wipe out systems, gain access to sensitive data, steal intellectual property, commit fraud, or steal services.

 

 

One country or agency may hack another in order to discover information relating to potential sources of oil so they can get there and begin drilling first.

Exxon, Telvent and others hit by hackers

Whatever the reason for these attacks, many of them have been aimed at a variety of industries, including energy companies. According to a report released by industry consultant Deloitte LLP, three out of four oil and natural gas companies were victims of such attacks. Some of these attacks include the following:

  • Cyber-attack known as Night Dragon stole exploration and bidding data from major oil companies such as Exxon Mobil and BP in 2011.
  • Advanced Trojan viruses and other disk-wiping malware devastated companies throughout the Middle East and Europe in 2012 and 2014.
  • In March 2012, three alerts were issued by the U.S. Department of Homeland Security. These alerts warned of attacks against natural gas pipeline companies in the United States and Canada.
  • In September 2012, Telvent Canada Ltd. experienced an attack that compromised security systems. This threat was especially problematic, considering the company manages 60 percent of all oil and gas pipelines in the Western hemisphere.
  • Hackers targeted power plants, energy grid operators, gas pipeline companies, and industrial equipment manufacturers in the United States, Spain, and across Europe in 2014 cyber-attacks. The malware used in these attacks stole documents, usernames, and passwords.

Gas and power plant company hacks represent a safety risk

These attacks and others have shone a light on the potential risk faced by oil and gas companies as well as others. This is a frightening thought for a number of reasons. Once they are in, they can access information and systems in ways that could cripple the company and even the country. In addition to gaining access to sensitive and classified information, hackers who break into these systems can potentially use their programs and abilities for nefarious purposes. If someone hijacks system controls, they could shut the entire operation down. They could shut down the power grid and disrupt the industry, crippling the economy and causing widespread chaos.

Unfortunately, many attacks go unnoticed and unreported. Hackers have been increasing their ability to obtain access to various systems without being detected. Hackers typically begin by accessing the office environment before working their way through production networks and safety systems.

The vulnerabilities can be fixed

According to Offshore Energy Today, companies typically become vulnerable to cyber threats due to:

  • lack of cyber security awareness and training among employees, vendors, suppliers, and contractors
  • insufficient separation of data networks and physical security of data rooms and cabinets
  • vulnerable software
  • outdated control systems
  • the use of mobile devices and storage devices
  • remote work during operations and maintenance
  • and the use of standard IT products with known vulnerabilities.

Monitoring of information systems and additional security measures are necessary to safeguard against potential cyber-attacks. The fixes are:

  • implement password standard: no shared passwords, change passwords monthly, mix of characters
  • update all software at least monthly
  • implement guidelines on downloadable software employees can run (many viruses come in via downloadable free software)
  • run robust firewall and security, virus protection and monitor
  • minimize access to vulnerable systems via mobile devices. Any mobile devices used for this purposes should be password protected and encrypted
  • train teams on protocols for email attachments and links (another major pathway for viruses and hackers).

Did you miss this?

Other Popular Stories

  • New York's ban on fracking gives hope to other opponents
  • Manufacturing sales rebound in August; industry must "reinvent" itself to prosper
  • Researchers Discover Surprising Role for Water in Energy Storage
  • Researchers studied successful manufacturers for lessons for the future
  • 3D X-Rays Used to Measure Particle Movement in Lithium Ion Batteries
  • Tesla Roadster not only zero-to-sixty in 1.9 seconds — the next iteration may actually fly, says Elon Musk, CEO
  • Trucking industry moving toward use of EOBRs
  • Canada's small businesses encouraged to invest for success
  • Ontario's electricity operator announces 16 solar, wind and hydro contracts
  • Solar Powered Cars — how practical is it; who is working on it; when is it coming? 5 companies profiled.
  • Canada green tech company helps Chile reduce methane in landfills: $7 million project
  • TransCanada submits new, more costly proposal for Energy East pipeline
  • Relief as Ontario company rescues closing Heinz plant
  • Ontario to invest $900 million in energy-saving retrofits in social housing, rental stock
  • Ozone-Destroying Emissions Rising Unexpectedly, Scientists Baffled
  • Why a Russian submarine may have tried to tap into undersea communications: 95 percent of communications and $10 Trillion in data are carried on undersea cables
  • Test of SpaceX crew escape system goes off perfectly
  • Ontario wants to be heard at Enbridge pipeline hearings
  • Ford to boost profits by cutting 1400 salaried workers in North America and Asia
  • Auto Sales Down Again for Big Car Makers
Scroll to Top