Three Out of Four Energy Companies Hit by Cyber-Attacks in the Last Year

Global hacking attempts have become increasingly more prevalent over the past few years. Governments, companies, and individuals alike have been victims of these attacks. Hackers targeting governments and political figures often intend to leak classified information, expose corruption, or even attack a candidate in order to see their side win.

Hackers who target large corporations often seek monetary gain, attempt to wipe out systems, gain access to sensitive data, steal intellectual property, commit fraud, or steal services.

 

 

One country or agency may hack another in order to discover information relating to potential sources of oil so they can get there and begin drilling first.

Exxon, Telvent and others hit by hackers

Whatever the reason for these attacks, many of them have been aimed at a variety of industries, including energy companies. According to a report released by industry consultant Deloitte LLP, three out of four oil and natural gas companies were victims of such attacks. Some of these attacks include the following:

  • Cyber-attack known as Night Dragon stole exploration and bidding data from major oil companies such as Exxon Mobil and BP in 2011.
  • Advanced Trojan viruses and other disk-wiping malware devastated companies throughout the Middle East and Europe in 2012 and 2014.
  • In March 2012, three alerts were issued by the U.S. Department of Homeland Security. These alerts warned of attacks against natural gas pipeline companies in the United States and Canada.
  • In September 2012, Telvent Canada Ltd. experienced an attack that compromised security systems. This threat was especially problematic, considering the company manages 60 percent of all oil and gas pipelines in the Western hemisphere.
  • Hackers targeted power plants, energy grid operators, gas pipeline companies, and industrial equipment manufacturers in the United States, Spain, and across Europe in 2014 cyber-attacks. The malware used in these attacks stole documents, usernames, and passwords.

Gas and power plant company hacks represent a safety risk

These attacks and others have shone a light on the potential risk faced by oil and gas companies as well as others. This is a frightening thought for a number of reasons. Once they are in, they can access information and systems in ways that could cripple the company and even the country. In addition to gaining access to sensitive and classified information, hackers who break into these systems can potentially use their programs and abilities for nefarious purposes. If someone hijacks system controls, they could shut the entire operation down. They could shut down the power grid and disrupt the industry, crippling the economy and causing widespread chaos.

Unfortunately, many attacks go unnoticed and unreported. Hackers have been increasing their ability to obtain access to various systems without being detected. Hackers typically begin by accessing the office environment before working their way through production networks and safety systems.

The vulnerabilities can be fixed

According to Offshore Energy Today, companies typically become vulnerable to cyber threats due to:

  • lack of cyber security awareness and training among employees, vendors, suppliers, and contractors
  • insufficient separation of data networks and physical security of data rooms and cabinets
  • vulnerable software
  • outdated control systems
  • the use of mobile devices and storage devices
  • remote work during operations and maintenance
  • and the use of standard IT products with known vulnerabilities.

Monitoring of information systems and additional security measures are necessary to safeguard against potential cyber-attacks. The fixes are:

  • implement password standard: no shared passwords, change passwords monthly, mix of characters
  • update all software at least monthly
  • implement guidelines on downloadable software employees can run (many viruses come in via downloadable free software)
  • run robust firewall and security, virus protection and monitor
  • minimize access to vulnerable systems via mobile devices. Any mobile devices used for this purposes should be password protected and encrypted
  • train teams on protocols for email attachments and links (another major pathway for viruses and hackers).

Did you miss this?

Other Popular Stories

  • Little support in auto industry for Canada/Korea free trade deal
  • Nuclear emergency response centre for Ontario as countries deal with aging reactors
  • Miners struggling with higher costs, lower prices
  • Mixed news for industrial production capacity, employment
  • Ozone-Destroying Emissions Rising Unexpectedly, Scientists Baffled
  • Ontario exports to lead country in 2016, mainly on demand for cars and parts
  • Successful SpaceX human flight transport launch test of Dragon crew capsule, Elon Musk elated but "emotionally exhausted"
  • Canadian company to provide modular housing for refugees in Sweden
  • Oil train disaster plays to the pro-pipeline position
  • Engineers Canada calls for more women to enter profession
  • Study of Ontario power needs finds nuclear is best option
  • Advanced manufacturing initiatives to drive innovation, growth
  • Slight drop in April manufacturing sales due to petroleum, aerospace
  • Flyboard "hoverboard" becomes real — beyond recreation, this spectacular tech may have practical applications
  • With a 500 km range and 408 horsepower, Volvo's new Polestar EV may rival Tesla
  • General Motors Planning Autonomous Vehicles Sans Controls
  • The three different types of Artificial Intelligence – ANI, AGI and ASI
  • Wood-based battery the next energy storage solution?
  • Audit pans government's climate change progress
  • SNC-Lavalin-China agreement could expand market for CANDUs
Scroll to Top