The United States energy sector which includes gas and oil producers was hit by more targeted malware attacks from the month of April to September 2016 compared to other industries. The US natural gas and oil operations are progressively susceptible to cyber-attacks that can result in costly outages at the pipelines, drilling platforms, and refineries.
Cyber-attacks on the energy companies increase in both sophistication and frequency, making them much harder to defend and detect. Cyber espionage is performed by foreign intelligence and defense firms, freelance hackers, and organized crime. Digital security firms and government officials have confirmed that the surge of attacks on US corporations, specifically energy companies, has been steadily increasing. Complicating the tracking of these attacks is the belief that has been held by most security experts which many cyber hacking incidents aren’t reported because of some security reasons. In February 2013, President Barack Obama signed an executive order intended to improve cyber security for this critical infrastructure.
Cyber Security Readiness in the Gas and Oil Industry
Gas and oil companies are consistently searching for ways to effectively manage their industrialized assets, streamline their operations for reducing the fixed costs as well as to securely provide the energy resources that they give. With the rise of the digital age, these companies adopt an increasing variety of the next generation non-cabled sensors and related manufacturing internet technologies which let them link to their industrial tool real-time. The modernization of technology within the industry comes with a lot of benefits which involve a much more dependable and consistent supply of the energy resources to clients at a better cost for organizations providing it.
Modernization Rises Vulnerabilities
The industry has witnessed a phenomenon in the form of a rising number of cyber security attacks on the energy infrastructure. Security attacks in some other industries can create financial damages and disruption to businesses & individuals, yet if security attacks compromise the gas and oil industry, the outcome could be disastrous or even deadly.
If the cyber hackers compromise the manufacturing control system operating a pipeline, for instance, they can alter pipeline compressors so as to boost pressure till the weak point within the pipeline bursts. All of these could be carried out from unknown and distant locations through the web by an unknown attacker.
Guidelines for Energy Industry
Securing assets like pipelines and other energy infrastructures demand the combination of technology, training, industry standards & enhanced processes. There are baseline suggestions in place to address pipeline cyber security. The US Department of Energy released guidelines designed to assist owners and operators to execute the cybersecurity framework for necessary infrastructure.
While this is a voluntary framework, it is serving as an excellent beginning point, and it shows pipeline owners and operators how to initiate the plan into their cyber security and programs for risk management. The TSA Pipeline Security Guidelines gives cybersecurity suggestions for pipeline operators that involve general safety methods, information security management, and responsibilities, system lifecycle deliberations & system restoration & recovery preparation.
Additionally, industry associations like the American Petroleum Institute, the Interstate Natural Gas Association of America provide cyber security supervision and suggestions. Such industry standards should be considered a beginning point for creating the cyber security position of your company. Pipeline operators and owners must not just look to leverage such sample frameworks as the beginning point for the cyber security position; they must look to create suitable supporting management practices, performance gauging metrics, employee training & business intelligence associated with a cyber-security program to safeguard and protect their industrial infrastructure from cyber threats.