Hackers Hit 'Cyber Blind Spot' While US Energy Industry Naps
(Bloomberg) -- How much is cyber security worth to the U.S. energy industry?
Not a whole lot apparently.
Two prominent security consultant firms estimate that energy companies, ranging from drillers to pipeline operators to utilities, invest less than 0.2 percent of their revenue in cyber security. For context, that’s at least a third less than the corresponding figure for banks and other financial institutions, according to the consultants, Precision Analytics LLC and the CAP Group.
What makes the lack of investment even more worrisome is that the number of hacker groups targeting the energy sector is soaring. Symantec Corp. says it’s tracking at least 140 groups today, up from 87 in 2015, some with links to foreign countries. And it’s just one of many security firms working with the industry.
“It’s scary," said Brian Walker, a former head of Marathon Oil Corp.’s global IT and now an independent consultant. Executives making funding decisions “aren’t necessarily millennials who intuitively understand” how cyberthreats reach seemingly disconnected units, he said.
“It’s guys my age that are the problem," according to Walker, who said he’s in his early 50s. “We’ve been 30-years trained in a world that doesn’t work this way anymore.”
These risks were on full display four weeks ago when at least seven pipeline operators from Energy Transfer Partners LP to TransCanada Corp. said their third-party electronic communications systems were shut down. Five of them ultimately confirmed the service disruptions were caused by hacking.
Though the attack didn’t disrupt supply, it served to underscore an ongoing vulnerability to electronic sabotage. It showed how even a minor attack can jump between systems with ripple effects, forcing utilities to warn of billing delays and making it more difficult for analysts and traders to predict a key government report on gas stockpiles.
‘Real Challenge’
This “cyber blindspot is a real challenge,” Walker said. “Our fear is that we will play an ostrich and put our head in the sand until something blows up and people get killed or until the lights go out for a month.”
The threat isn’t new, but it is escalating.
In 2012, Saudi Aramco production was locked down during the disk-wiping Shamoon incursion, and the company was hit again by the same group in November 2016, said Bill Wright, director of government affairs and policy counsel for Symantec in Washington. In 2015 and 2016, Ukraine was hit with blackouts by state sponsored groups, a blow to the economy as well the healthy and safety of its citizens.
Tracking Dragonfly
In the U.S., Symantec has been following another group, nicknamed Dragonfly, that’s been around since at least 2011. Last year, the group became “a lot more aggressive,” with the goal of soliciting information on how energy companies work and figuring out how to maintain stealth access on their systems, according to Wright.
The Federal Bureau of Investigation and the Department of Homeland Security issued a joint technical analysis about a month ago, tying Dragonfly to the Russian government and describing its ability to conduct sabotage, Wright said.
The industry needs to be more involved in defending itself moving forward, according to Michael Hayden, a retired four-star general and now a principal at The Chertoff Group in Washington. The reason: the government is hindered by constitutional issues, as well as “political culture, concern about privacy, speed and agility,” he said.
123
View Full Article
WHAT DO YOU THINK?
Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.
- Japan Failing to Meet Corporate Demand for Clean Power: Amazon
- Russian Navy Enters Warship-Crowded Red Sea Amid Houthi Attacks
- Libya's Surprise Oil Minister Change Throws Spotlight on Output
- Oil Seals Quarterly Gain in Tightening Market
- Oman Sees Increasing Ship-to-Ship Transfers of Russian Oil Bound for India
- Falcon Oil Declares Commercial Flow Test Results for Shenandoah Well
- Macquarie Strategists Expect Brent Oil Price to Grind Higher
- Japan Failing to Meet Corporate Demand for Clean Power: Amazon
- UK Oil Regulator Publishes New Emissions Reduction Plan
- Pennsylvania County Joins List of Local Govts Suing Big Oil over Climate
- PetroChina Posts Higher Annual Profit on Higher Production
- US, SKorea Launch Task Force to Stop Illicit Refined Oil Flows into NKorea
- McDermott Settles Reficar Dispute
- Russian Navy Enters Warship-Crowded Red Sea Amid Houthi Attacks
- USA Commercial Crude Oil Inventories Increase
- New China Climate Chief Says Fossil Fuels Must Keep a Role
- Oil Demand Outpaces Expectations, Testing Calculus on Peak Crude
- House Passes Protecting American Energy Production Act
- TotalEnergies Restarts Production in Denmark's Biggest Gas Field
- USA Oil and Gas Job Figures Jump
- Republican Lawmakers Say IEA Has Abandoned Energy Security Mission
- Blockchain Demands Attention in Oil and Gas
- Houthis Warn Saudi Arabia of Retaliation If It Backs USA Attacks
- Macquarie Sees USA Oil Production Exiting 2024 at 14MM Barrels Per Day
- Summer Pump Prices Set to Hit $4 a Gallon Just as Americans Hit the Road
- Chinese Mega Company Makes Major Oilfield Discovery
- VIDEO: Missile Attack Kills Crew Transiting Gulf of Aden
- Norway Regulator Blasts Proposal to Halt New Oil and Gas Permits
- Chinese Mega Company Makes Another Major Oilfield Discovery
- New China Climate Chief Says Fossil Fuels Must Keep a Role
- What Is the Biggest Risk to Offshore Oil and Gas Personnel in 2024?
- Vessel Sinks in Red Sea After Missile Strike
- Exxon Rights in Stabroek Do Not Apply to Hess Merger with Chevron: Hess
- Analysts Reveal Latest Oil Price Outlook Following OPEC+ Cut Extension
- Equinor Makes Discovery in North Sea