Why the oil and gas sector needs to stay alert to cyber security threats

by Andrew Miller Cyber Security Partner

Email +44 (0)7715 484519

The oil and gas (O&G) sector continues to play a key role in meeting today’s energy demands. However, changes to the energy mix are driving the need for new innovation and increasing competition, where the vast economic interests at play make O&G organisations a target for intelligence gathering activities. As an integral part of the energy production chain and the wider critical national infrastructure (CNI) ecosystem, the sector also remains a potential target for those seeking to disrupt the supply chain.

Cyber security threats facing the O&G sector

The shift towards renewable energy sources is influencing the need for both technology innovation and a diversification outside of traditional fossil fuels into ‘integrated energy’. This has created an increasingly competitive environment where knowledge and intellectual property are likely to be highly sought after, from both direct competitors and those looking to replicate successful models in other markets.

Due to the significant investments involved, organisations are also likely to be targeted for intelligence on sensitive business information, particularly pertaining to business strategies. While many espionage threats have an external origin, there is a significant threat from insiders who have access to or are otherwise able to gain access to sensitive material.

The geopolitics surrounding the O&G sector continues to serve as motivation for cyber attacks. Historically, the sector has been one of the most targeted by sabotage-motivated threat actors, where wiper malware in particular has been developed to cause destruction on victim systems.

More recently, wiper malware families known as Zerocleare and Dustman have emerged, where the latter was used to target a state owned oil company in the Middle East in December 2019. There is also a geographic component to these incidents, where destructive attacks have primarily occurred in the Middle East.

How is the threat landscape changing?

Operational technology (OT) environments are common across the sector and have traditionally been air-gapped from corporate systems making them difficult for threat actors to access. However, an increasing convergence between OT and corporate IT environments has widened the potential attack surface and lowered the barrier to entry for threat actors. This has the potential to introduce health and safety implications where critical operational components are affected. There are also a growing number of malware families specifically targeted at industrial environments, and this trend is expected to continue as OT environments become more accessible and threat actors develop their skills and adapt their malware. For example, EKANS ransomware was found to kill specific industrial control system (ICS) processes before activating its encryption routine.

The significant growth in ransomware operations over the past year has also impacted O&G organisations. The perceived wealth of the sector combined with the prevalence of OT environments can make it an attractive target for the deployment of ransomware, where the impact to business operations can make victims more likely to pay the ransom to resume services. Additional techniques such as data extortion have been used to increase pressure on victims.

Activist campaigns concerning the environmental impact of O&G operations periodically target the sector and these can have cyber counterparts which serve to amplify their cause. While these incidents are often low impact in nature, more sophisticated hacktivists could steal and expose sensitive business data to the public domain.

Knowing which cyber threats are relevant to a given sector is an important step toward strategically directing investment in appropriate defences. Analysis of how these threats would navigate your organisation’s infrastructure can help identify the gaps that exist in your security controls, and enable you to tailor your preparation efforts appropriately.

For a copy of our full report on the threats facing the O&G sector, or to discuss them in more detail, please get in touch with our Cyber team.

by Andrew Miller Cyber Security Partner

Email +44 (0)7715 484519