O&G operators must proactively secure industrial systems and controls against advancing security threats
As the oil and gas industry continues to digitize and transition away from centralized systems and towards more distributed management strategies, cyber attacks targeting energy infrastructure have been increasing. Energy companies now recognize their assets are the target of a growing number of increasingly sophisticated attacks perpetrated by a variety of attackers including nation-states and organized international criminals.
Cyber risks for energy companies originate not only in digital applications, but also in operational technology (OT) and information technology (IT) infrastructure. Protecting both digital and physical operation technology is part of a layered cyber security defense approach based on overlapping security controls. Additionally, energy companies must be vigilant when working with third-party vendors and contractors who might introduce vulnerability into the network. Energy infrastructure is among the primary critical targets of nation-state actors and adversaries.
How weak cyber security costs oil & gas companies
The 2021 attack on the Colonial Pipeline, the largest fuel pipeline in the USA, underscores how a successful cyber attack can damage a single supplier and the supply chain in aggregate. An attacker gained remote access to Colonial’s network via an employee’s virtual private network (VPN) via a stolen, likely re-used, password, then gained further access to the company’s network.
Colonial paid the attacker gang USD$4.4 million in cryptocurrency ransom for the software decryption key required to decrypt their network, and was forced to temporarily halt the system running their 8,800 km long pipeline. In addition to financial losses, malicious attacks like these can compromise the integrity, availability, and confidentiality of energy companies and possibly endanger lives.
Layered cyber security for energy companies
The changing digital architecture of oil and gas companies requires advancing beyond traditional IT network security designs. As OT and IT systems merge and IoT devices become more integrated, a layered security approach is essential to ensure defense against evolving threats.
Operational technology (OT) risks
Cyber criminals have been increasingly targeting OT networks with sophisticated attacks. Applying IT-oriented security tools in OT-networks does not protect against OT-specific attack vectors and may provide a false sense of security.
Information technology (IT) risks
Innovations in IT have companies seeking digital solutions for all of their assets, but many oil and gas systems weren't designed with this kind of network connectivity in mind.
Internet of Things (IoT) risks
Connected IoT devices have degraded the security of existing systems and introduced new challenges to the security landscape.
Protecting critical process data
Every link in the energy supply chain is vulnerable. O&G owners and operators face a huge challenge in designing cyber security for existing systems, including mapping out the entire supply chain and identifying weak points in existing endpoint communication systems, including:
- pipelines
- exploration and production equipment
- tank farms
- utilities/off-site
- confidential customer data systems
- buildings
- refineries
- telecom
- field sensors
Soteryan’s cyber security experts are experienced in helping oil and gas companies secure their critical infrastructure during digital transformation.
Soteryan Solution
Get the most sophisticated threat intelligence for the oil and gas industry
As threats evolve, your risks grow. Energy companies must take a proactive view of threats across their region and industry. Discover how to stay ahead of novel threats to the energy industry with Soteryan's threat intelligence and risk analytics.
Learn more about our Threat Intelligence service
