Oil and gas tankers could be “weaponised” by terrorists, industry warned

Oil tanker news
Malibu, the Suezmax crude carrier, carries Kazakh crude oil.

Oil and gas tankers could be “weaponised” by terrorists and used to block global shipping routes or create massive explosions several miles wide, security experts have warned.

And the advent of the autonomous age, where ships would be remotely controlled rather than crewed, could make it easier for “dark forces” to seize control of huge quantities of highly explosive material.

The maritime world has several bottleneck shipping straits, such as the Suez and Panama canals, which if blocked could cause worldwide disruption, an expert panel at the Offshore Europe conference heard.

The audience was told that criminal or terror related organisations, like Al-Qaeda lacked the ability to code the necessary software to hijack ships.

But they could, it was said, hire malicious “black hat” hackers to help carry out the technical work, which would likely just mean the modification of existing malicious software – malware.

Dominic Armstrong, of corporate intelligence firm Herminius, said maritime targets were “incredibly attractive” to potential troublemakers.

“If you think of the world, where we are seeing growing weaponisation of everyday items like lorries, cars and kitchen knives, don’t forget the extraordinary potential for the weaponisation of shipping.

“It’s an area in which we have seen one or two incidents in the maritime world and the nature of the threat comes and goes.

“If you think of the weaponisation of an 8,000 ton LGP tanker. If allowed to vent and given a sufficient period for a cloud to form, it could create a devastating heatblast that can destroy everything in a five or six kilometre radius.”

He added: “That’s at the extreme end. The ecological damage of the taking and sinking of a tanker or the blocking of one of these critical routes could have a very serious effect on the flow of what it is that nearly everyone in this world is involved with.

“If you move to the next phase of that – driverless ships – then suddenly you are handing a whole fresh opportunity to the bad guys. There is very significant risk within that sphere.

Mr Armstrong made the comments during a cybersecurity session on day two of the conference at the Aberdeen Exhibition and Conference Centre.

Also speaking at the event was Professor David Stupples of City of London University.

He highlighted that as the oil and gas industry becomes more reliant and more connected by way of technology and data, the risks and threats of cyber attacks also rise.

And he said the danger could come from outside radicilised groups, such as Al-Qaeda, or from inside sources such as a disgruntled employee.

The professor said: “If you made a LPG tanker, driverless or crewless, and then hijack it through malware you could cause a lot of damage.

“And again this must be in Al-Qaeda’s mind.”

Frank Gardner, BBC security correspondent, was also on the panel.

He warned the oil and gas industry that cyber security was a critical issue – and one the needed addressed urgently.

He said: “Unfortunately people tend to wake up to things once something bad has happened.

“If you are a large company the likelihood of their being a disgruntled employee who might what to do damage is relatively high – say 40%.

“How much damage they can do depend on what access they have. Look at Wikileaks and what Bradley Manning did. As a Private, first class, the lowest rank in the US military, was able to have access to an enormous amount of classified documents.

“At one end of the spectrum is a thermonuclear attack. What is the chance the terrorists can get that? Hopefully not that high. But what are the chances that someone can shove a USB stick in and do a lot of damage – relatively high.”

Deirdre Michie, chief executive of industry body Oil and Gas UK, chaired the session.

She said: “This is very interesting because as an industry we are on this journey efficiency, improving and introducing technology to help us progress and we need to very thoughtful about the progress we are making because of the downside that potentially could come with that.”

BOX – The new breed of ‘pirate’

Professor David Stupples of City of London University is an expert in information warfare and cybersecurity.

He explained that new variation of malware is generated every two to three seconds, with firms only being able to apply a ‘fix’to every one in ten encounters.

On average it takes a firm 140 days to source and create the fix.

He added: “I had a phd student who was a Russian black hat hacker – he once worked for a criminal organisation.

“He could write a hacking programme in about four minutes.

“If it didn’t work, he’d pull it down again, re-do it and three minutes later it worked properly.

“He did that online, with a little keyboard and a tiny netbook.

“That’s the level of skills these people have.