Latest news: cybersecurity in oil and gas

Cybersecurity company Anomali has teamed up with Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC) to combat cybercrime in the oil and gas sector. 

It will also provide access to resources that reduce risks and improve the resilience of exploration and production, transportation, refining, and delivery systems. 

Under the alliance, the Anomali platform, which leverages cyber intelligence, will be utilised by ONG-ISAC analysts to detect and identify attackers targeting critical infrastructure entities. It claims to offer strategic intelligence on attacker tactics and techniques, as well as high-fidelity signals of attack to detect threats and prioritise response. 

ONG- ISAC executive director Angela Haun said: “Critical infrastructure remains a primary target for today’s threat actors, whose activities can cause substantial and costly disruptions. We look forward to partnering with them to protect our members’ networks, control systems, facilities, assets, and people.” 

Anomali CMO Mark Alba said: “The recent second anniversary of the Colonial Pipeline ransomware attack and the current Russia- Ukraine war has put a renewed spotlight on ongoing nation-state cyberattacks against energy critical infrastructure targets.” 

It is a classic catch-22. Internet-enabled devices are playing a key role in the clean energy transition. Think of the millions of smart thermostats and battery energy storage systems already installed in homes and businesses around the globe. However, each such device connected to the internet is another node in a rapidly expanding ‘attack surface’ susceptible to disruption. Energy cybersecurity should be a growing priority. 

Not long ago, an “air gap” existed between operational technologies that control equipment and energy companies’ IT networks. No longer. “The increasingly interconnected nature of today’s industry provides greater scope for attack, especially to critical OT that was previously protected by the air gap separating OT from IT systems,” the consultancy DNV said in a report published in May 2022. 

“The digitalization wave in the oil and gas industry is creating new access points in industrial networks for hackers to exploit,” analysts from GlobalData, Energy Monitor’s parent company, warn in a recent report. “As technology develops, from mobile to the cloud to IoT [internet of things], the level of complexity needed for organizations to maintain a cyber-aware stance also increases.” 

Experts caution that energy companies and governments are failing to put in place systems and standards commensurate with the growing threat. Energy cybersecurity is not yet enough of a priority. 

When the US East Coast stopped receiving its oil in May 2021, events moved very quickly. Consumers began stockpiling fuel, causing a rush on the pumps. The federal government quickly became involved, and in the middle of this, engineers had to work out what went wrong. 

While all well-informed oil and gas businesses know of the threat of cyberattack, few would have expected an intrusion as audacious, and even as obvious, as shutting down one of the country’s main arteries for fuel. One year on from the hack of the Colonial Pipeline company, and their oil transport mechanism of the same name, and expectations have changed.

The Colonial pipeline moves fuel oil from Texan refineries to cities on the US’ East Coast, ending at Washington DC. Approximately 380 million litres of oil would flow through it on an average day, but on 7 May 2021, this stopped. 

Within a week, US President Joe Biden signed an executive order to strengthen national cybersecurity. This would create a “standard playbook” of responses to wide-scale intrusions such as Colonial, and cause government agencies to increase security around their cloud services. It also set up a Cybersecurity Safety Review Board, which would effectively conduct inquiries after cyberattacks and give recommendations to prevent future incidents.