Three Out of Four Energy Companies Hit by Cyber-Attacks in the Last Year

Global hacking attempts have become increasingly more prevalent over the past few years. Governments, companies, and individuals alike have been victims of these attacks. Hackers targeting governments and political figures often intend to leak classified information, expose corruption, or even attack a candidate in order to see their side win.

Hackers who target large corporations often seek monetary gain, attempt to wipe out systems, gain access to sensitive data, steal intellectual property, commit fraud, or steal services.

 

 

One country or agency may hack another in order to discover information relating to potential sources of oil so they can get there and begin drilling first.

Exxon, Telvent and others hit by hackers

Whatever the reason for these attacks, many of them have been aimed at a variety of industries, including energy companies. According to a report released by industry consultant Deloitte LLP, three out of four oil and natural gas companies were victims of such attacks. Some of these attacks include the following:

  • Cyber-attack known as Night Dragon stole exploration and bidding data from major oil companies such as Exxon Mobil and BP in 2011.
  • Advanced Trojan viruses and other disk-wiping malware devastated companies throughout the Middle East and Europe in 2012 and 2014.
  • In March 2012, three alerts were issued by the U.S. Department of Homeland Security. These alerts warned of attacks against natural gas pipeline companies in the United States and Canada.
  • In September 2012, Telvent Canada Ltd. experienced an attack that compromised security systems. This threat was especially problematic, considering the company manages 60 percent of all oil and gas pipelines in the Western hemisphere.
  • Hackers targeted power plants, energy grid operators, gas pipeline companies, and industrial equipment manufacturers in the United States, Spain, and across Europe in 2014 cyber-attacks. The malware used in these attacks stole documents, usernames, and passwords.

Gas and power plant company hacks represent a safety risk

These attacks and others have shone a light on the potential risk faced by oil and gas companies as well as others. This is a frightening thought for a number of reasons. Once they are in, they can access information and systems in ways that could cripple the company and even the country. In addition to gaining access to sensitive and classified information, hackers who break into these systems can potentially use their programs and abilities for nefarious purposes. If someone hijacks system controls, they could shut the entire operation down. They could shut down the power grid and disrupt the industry, crippling the economy and causing widespread chaos.

Unfortunately, many attacks go unnoticed and unreported. Hackers have been increasing their ability to obtain access to various systems without being detected. Hackers typically begin by accessing the office environment before working their way through production networks and safety systems.

The vulnerabilities can be fixed

According to Offshore Energy Today, companies typically become vulnerable to cyber threats due to:

  • lack of cyber security awareness and training among employees, vendors, suppliers, and contractors
  • insufficient separation of data networks and physical security of data rooms and cabinets
  • vulnerable software
  • outdated control systems
  • the use of mobile devices and storage devices
  • remote work during operations and maintenance
  • and the use of standard IT products with known vulnerabilities.

Monitoring of information systems and additional security measures are necessary to safeguard against potential cyber-attacks. The fixes are:

  • implement password standard: no shared passwords, change passwords monthly, mix of characters
  • update all software at least monthly
  • implement guidelines on downloadable software employees can run (many viruses come in via downloadable free software)
  • run robust firewall and security, virus protection and monitor
  • minimize access to vulnerable systems via mobile devices. Any mobile devices used for this purposes should be password protected and encrypted
  • train teams on protocols for email attachments and links (another major pathway for viruses and hackers).

Did you miss this?

Other Popular Stories

  • Brighter outlook for Canada's economy in 2016: RBC
  • Next-Generation moon rovers: General Motors and Lockheed develop autonomous electric moon rover vehicles for future commercial space missions
  • Audit pans government's climate change progress
  • March wholesale, retail sales lower in most sectors: Statistics Canada
  • Gold miners expand production in Nunavut, estimated reserves in BC
  • Oil production should grow 33 per cent in Canada by 2030, despite lower oilsands spending
  • Researchers claim potential improvement in solar cell efficiency
  • Pratt & Whitney Canada engines to power new Gulfstream jets
  • GE increasing its investment in fracking technology
  • Drilling rigs growth depends more and more on LNG
  • Space-based solar power beamed to earth may be the future of green power
  • Solar Challenge 3,000 kilometer "race" tests solar capabilities and technologies
  • Ontario on track to lead country in employment, economic growth
  • Canada one of only three countries where clean energy investment grew
  • Regional LNG plant approved in Quebec
  • Stronger concrete made from recycled tires developed by UBC Engineers: could help reduce carbon footprint of 3 billion tires-a-year
  • Enbridge pipeline reversal approved by National Energy Board
  • Ontario trade mission to Korea focused on nuclear industry
  • English-French partners show all-electric aircraft at Paris Air Show
  • Canadian company to provide modular housing for refugees in Sweden
Scroll to Top