Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner.

Oil and gas cybersecurity projects went “to the bottom of the pile” in energy slump

Cyber security
Cyber security

Oil companies put cybersecurity initiatives on hold while crude prices languished at multi-year lows in 2015 and 2016, falling behind in hardening their systems while state-sponsored hacking groups only got more proficient at probing U.S. energy networks, security experts say.

As oil companies cut thousands of jobs and pared back drilling operations in the downturn, cybersecurity teams faced funding shortfalls for projects to secure computer networks that run rigs, pipelines and other oil field assets, increasing pressure for a field already challenged by finite resources and competing priorities.

In an oil bust, “projects, capabilities and needs that aren’t exactly on top of mind go to the bottom of the pile,” said Paul Berger Jr., a cybersecurity professional at Houston oil field services firm Baker Hughes, a GE company.

But among federal agencies and security professionals called in to respond to online attacks, there’s no longer any doubt foreign adversaries in Russia, Iran and North Korea have planned and executed attacks to plant themselves in U.S. critical infrastructure, which includes pipelines, refineries and petrochemical plants.

Still, these experts said, there’s little evidence of a political push in Congress to address the problem; there are still no regulations governing cybersecurity standards in the U.S. oil and gas industry, as there are for power, nuclear and chemical sectors.

Homeland Security said has begun gathering information on the recent cyber intrusions that shut down the electronic data systems used by four U.S. natural gas pipeline operators. But the agency doesn’t disclose information that companies share, said Scott McConnell, a DHS spokesman.

 Though federal agencies have said little about the attacks, security experts said the agency’s recent acknowledgement of Russia’s role in attacks on U.S. energy and industrial networks is a sign Washington may put more resources into tackling the lack of defenses protecting vital networks.

“For way too long, the U.S. government did not want to talk about that,” said Galina Antova, co-founder and chief business development officer at cybersecurity firm Claroty.

Still, though, most industrial security teams still lack the technology and personnel to monitor for cyberattacks affecting computer controls that run critical functions at energy and industrial plants, and many of these industrial control devices have been in operation for years or even decades, designed without security features.

“You’ll be lucky if your windows machines are running on something better than Windows XP,” Antova said.

Even companies that spent hundreds of millions of dollars on cybersecurity protections, she added, have become collateral damage of the accidental spillover of attacks on industrial networks, as was the case last summer when Merck & Co. and FedEx Corp. confirmed cyberattacks compromised their computer systems, intrusions that cost them hundreds of millions of dollars.

“We have to do better,” Berger of Baker Hughes said. Hacking groups, he added, “could cause the United States a lot of grief, and a lot of grief in a hurry.”

This article first appeared on the Houston Chronicle – an Energy Voice content partner. For more from the Houston Chronicle click here.

Recommended for you

More from Energy Voice

Latest Posts