UK government warns oil supply chain is ‘espionage target’

BEIS has warned that supply chain firms are an attractive target for hackers
Pipes are loaded onto a vessel in the northern German port of Mukran for transshipment to a storage yard. Nord Stream 2’s logistics concept aims to supply the materials needed in an efficient, timely and cost-effective manner, minimising impacts on the sensitive ecosystem of the Baltic Sea. This includes the transshipment of finished pipe links to storage yards along the route, where they will be just a short distance away from pipelay vessels once construction begins. Nord Stream 2 also conducts various stages of these operations at its other three key logistics hubs: the ports of Hanko and Kotka in Finland, and in Karlshamn, Sweden.

The UK government has warned that oil and gas suppliers are an ‘attractive espionage target’ for hackers.

Oil and Gas UK hosted its first cybersecurity seminar at the AECC today, with Clare Dobson, head of energy cybersecurity at the Department for Business, Energy and Industrial Strategy (BEIS), being keynote speaker.

Delegates were told supply chain firms were particularly at risk from ‘individuals, extremist groups or even hostile states’ as they could be an easy route to acquiring details for various operators they work for.

Ms Dobson used the example of the APT10 espionage group, which in 2016 carried out a global hacking operation of IT firms to acquire information on their customers.

Earlier this year a new EU directive was introduced requiring a baseline security level for oil and gas operators.

However, Ms Dobson said this does not directly cover suppliers, who are an “extremely attractive target”, and BEIS is working to address that wider issue.

She said: “The threat to the energy sector is quite significant and it is not just about looking at the threats to the energy systems themselves that control supply, it’s about looking right through the supply chain and understanding where those vulnerabilities lie.

“I think supply chains, particularly to energy companies, are an extremely attractive target. If you have one supplier that supplies a number of customers, that is extremely attractive to a hacker.

“A hacker only needs to get into one system of companies to get access to the data and credentials of a whole range of companies and we have seen that happen over the last couple of years.”

Ms Dobson added the new legislation should lead to operators setting a higher standard of security for themselves, as well as the suppliers they work with.

“This directive covers a small number of operators but it does put pressure on the rest of the supply chain to act accordingly and I would expect those operators to be asking more prodding questions of their supply chain going forward.

“I think in that context there will be an expectation on some of the large players in the industry but also for the supply chain to up their game a bit.”

Oil and Gas UK said last week that the supply chain is continuing to feel the pressure of the oil downturn.

Alix Thom, the trade body’s skills and employment manager, chaired the event and said Oil and Gas UK is considering setting up a new working group to address the issue of cybersecurity.

She said: “It is something we have been talking about, I have heard from a number of operators have already come together to talk about this.

“As we’ve heard, this is also an issue that’s absolutely pertinent throughout the supply chain and it is a topic that is growing in interest and in importance. It’s certainly a very live topic for us.

“A working group would benefit from the point of view of bringing more people into the discussion, raising awareness of the issue and giving people access to best practice and information.

“Safety is our top priority in the industry so we cannot put a silo around this.”

Breaking