Global hacking attempts have become increasingly more prevalent over the past few years. Governments, companies, and individuals alike have been victims of these attacks. Hackers targeting governments and political figures often intend to leak classified information, expose corruption, or even attack a candidate in order to see their side win.
Hackers who target large corporations often seek monetary gain, attempt to wipe out systems, gain access to sensitive data, steal intellectual property, commit fraud, or steal services.
One country or agency may hack another in order to discover information relating to potential sources of oil so they can get there and begin drilling first.
Exxon, Telvent and others hit by hackers
Whatever the reason for these attacks, many of them have been aimed at a variety of industries, including energy companies. According to a report released by industry consultant Deloitte LLP, three out of four oil and natural gas companies were victims of such attacks. Some of these attacks include the following:
- Cyber-attack known as Night Dragon stole exploration and bidding data from major oil companies such as Exxon Mobil and BP in 2011.
- Advanced Trojan viruses and other disk-wiping malware devastated companies throughout the Middle East and Europe in 2012 and 2014.
- In March 2012, three alerts were issued by the U.S. Department of Homeland Security. These alerts warned of attacks against natural gas pipeline companies in the United States and Canada.
- In September 2012, Telvent Canada Ltd. experienced an attack that compromised security systems. This threat was especially problematic, considering the company manages 60 percent of all oil and gas pipelines in the Western hemisphere.
- Hackers targeted power plants, energy grid operators, gas pipeline companies, and industrial equipment manufacturers in the United States, Spain, and across Europe in 2014 cyber-attacks. The malware used in these attacks stole documents, usernames, and passwords.
Gas and power plant company hacks represent a safety risk
These attacks and others have shone a light on the potential risk faced by oil and gas companies as well as others. This is a frightening thought for a number of reasons. Once they are in, they can access information and systems in ways that could cripple the company and even the country. In addition to gaining access to sensitive and classified information, hackers who break into these systems can potentially use their programs and abilities for nefarious purposes. If someone hijacks system controls, they could shut the entire operation down. They could shut down the power grid and disrupt the industry, crippling the economy and causing widespread chaos.
Unfortunately, many attacks go unnoticed and unreported. Hackers have been increasing their ability to obtain access to various systems without being detected. Hackers typically begin by accessing the office environment before working their way through production networks and safety systems.
The vulnerabilities can be fixed
According to Offshore Energy Today, companies typically become vulnerable to cyber threats due to:
- lack of cyber security awareness and training among employees, vendors, suppliers, and contractors
- insufficient separation of data networks and physical security of data rooms and cabinets
- vulnerable software
- outdated control systems
- the use of mobile devices and storage devices
- remote work during operations and maintenance
- and the use of standard IT products with known vulnerabilities.
Monitoring of information systems and additional security measures are necessary to safeguard against potential cyber-attacks. The fixes are:
- implement password standard: no shared passwords, change passwords monthly, mix of characters
- update all software at least monthly
- implement guidelines on downloadable software employees can run (many viruses come in via downloadable free software)
- run robust firewall and security, virus protection and monitor
- minimize access to vulnerable systems via mobile devices. Any mobile devices used for this purposes should be password protected and encrypted
- train teams on protocols for email attachments and links (another major pathway for viruses and hackers).