Cyber Threats in the Oil and Gas Sector

Josh Lefkowitz

Josh Lefkowitz

Few threats expose the true interdependency of cyber and physical security more than those targeting the oil and natural gas (ONG) sector, writes Josh Lefkowitz. After all, oil and natural gas together account for 53% of the world’s energy consumption and remain integral determinants of both global trade and the economy. Safeguarding these resources and the systems upon which they rely is crucial, especially given the uptick in incidents posing substantial cyber and physical risks to critical infrastructure.

However, addressing and mitigating threats to the ONG sector can be very challenging, at least in part due to one particular factor: threat actors targeting ONG companies tend to be quite complex. Given that many security and intelligence professionals have been conditioned to combat threats posed by financially-motivated fraudsters and cyber criminals, they may not be fully-prepared to defend ONG companies from the myriad threats posed by other types of malicious cyber and physical actors.

As such, it’s crucial for security and intelligence teams across the ONG sector to become as well-acquainted as possible with the following actor groups:

State-Sponsored Actors
State-sponsored actors have become widely-recognised as capable of deploying sophisticated and damaging threats across all sectors — especially the ONG sector. Such actors often seek to cause widespread damage, disrupt operations and gain a competitive political and/or military advantage.

Historically, state-sponsored actors have targeted ONG industrial control systems, attacked various regional entities, and sought access to confidential data in support of military initiatives.

Following the 2012 attack on Saudi Aramco’s cyber infrastructure, nearly 75% of the company’s data was lost and operations disrupted for months. The attack was attributed to Iranian hackers carrying out reprisal attacks on Saudi Arabia as a result of its foreign affairs agenda in the Middle East.

For many terrorist groups, oil is a lifeblood. Funding derived from the theft and illicit sale of oil enables these groups to conduct malicious activities and further their agendas. ISIS in particular has been known to target oil pipelines throughout Syria and Iraq for adversarial and ideological gain.

Compromising energy infrastructure enables jihadists to potentially disrupt a target country’s economy, which remains a high-priority for ISIS and its affiliates.

Given that many ONG companies maintain operations in regions prone to jihadist activity, they may serve as highly-desirable — and accessible — targets for various terrorist groups.

The ONG sector’s entanglement in complex geopolitical and environmental issues tends to fuel the agendas of activists. These actors’ activities typically revolve around physical protects and demonstrations, online petitions, social media campaigns and legal filings.

Many ‘direct action’ protesters have historically been known to attempt to physically block the construction of oil and gas pipelines. While such actors tend to be far less sophisticated than their state-sponsored counterparts, they do pose a threat both to the operational continuity and brand reputations of ONG companies.

Hacktivist groups are similar to activists in that they tend to be less-sophisticated, yet they’re also disruptive and driven by issue-centric agendas. Unlike activists, whose disruption stems largely from their physical presence, hacktivists primarily leverage the Internet and cyber attack methods to target ONG companies.

Many hacktivist groups have been known to launch large-scale DDoS attacks against these companies’ websites and digital systems. Online defacements and malicious social media campaigns have also occurred and caused substantial reputational damages for the afflicted companies.

As many hacktivist groups — especially those based in non-Western nations — continue to recruit supporters and advance their capabilities, ONG companies need to recognise that the nature and locations of their operations are often sufficient to fuel hacktivists’ agendas.

Above all else, it’s crucial to recognise what many state-sponsored actors, jihadists, activists and hacktivists have in common: they seek to disrupt the operational continuity of the ONG sector and, more importantly, their malicious activities are often planned and discussed within the confines of The Dark Web.

As such, combating threats to the ONG sector requires substantial subject matter expertise, advanced cultural and linguistic knowledge and comprehensive visibility in these difficult-to-access regions of the Internet.

Josh Lefkowitz is CEO at Flashpoint

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts