August 5, 2020 By Asheesh Kumar 3 min read

The oil and gas industry is one of the most powerful financial sectors in the world, critical to global and national economies. Therefore, this industry is a valuable target for adversaries seeking to exploit Industrial Control Systems (ICS) vulnerabilities. As the recent increase in attacks against ICS demonstrates, adversaries with a specific interest in oil and gas companies remain active and are evolving their behaviors. Protection against cyber attacks is essential to the worldwide economy.

What particular challenges does the  industry face and how can security teams prevent them?

The Industry’s Basic Structure

The industry can be broken down into three segments: upstream, midstream and downstream.

Upstream businesses are concerned with resource exploration and production. These companies explore the globe for reservoirs of raw materials and drill to extract them.

Midstream businesses are focused on transportation. They are responsible for transporting the extracted raw materials to refineries to process them. These firms oversee shipping, operating pipelines and storing raw materials.

Downstream businesses refine the raw materials. They remove impurities and convert the raw materials to products for the public, such as gasoline, jet fuel, heating oil and asphalt.

Cybersecurity Challenges for the Oil and Gas Industry

This large industry faces many cybersecurity threats and challenges. More than 370 United States oil and gas security professionals surveyed by the Ponemon Institute identified the following challenges to cyber readiness for the industry:

  • Operational technology (OT) is at higher risk than information technology (IT).
  • Cyber risks, particularly those impacting the supply chain, are difficult to address.
  • Many oil and gas firms are unprepared for cyber attacks and security breaches.
  • Organizational challenges impact cyber readiness.
  • Negligent and malicious insiders pose the most serious threat to critical OT.

According to the survey findings, the industry’s cybersecurity measures are not keeping up with the increasing digitalization of oil and gas operations. Only 35% of those surveyed rated their organization’s OT cyber readiness as high.

Two-thirds of respondents admitted that their operations experienced at least one security compromise that resulted in the loss of confidential information or OT disruption in the previous year.


2020 cyberattacks on ICS and examples of malware

While the industry is seemingly unprepared for cyber attacks, adversaries are investing heavily in the ability to disrupt critical infrastructure. Additionally, the agenda and motives of the attackers have changed. The attackers are aiming at business disruption and distortion, which impacts equipment and could result in loss of life. Other attackers’ motives include infrastructure sabotage, espionage and data theft.

2020 Cyberattacks and Malware

A cyber attack at facility can occur at any point across the three major stages of oil and gas operations: upstream, midstream or downstream. Throughout the oil and gas production, transportation and distribution process, OT environments are near IT networks. As adversaries targeting ICS bolster their capabilities, they can more easily carry out destructive attacks that cause operational disruptions and environmental damage.

Dragos noted that there were several “activity groups” targeting oil and gas industry in 2019, including:

  • XENOTIME, which targeted Triconex controllers to disrupt Saudi Arabian oil and gas facilities in 2017, has expanded its target list to include oil and gas companies in Europe, the U.S., Australia and the Middle East; electric utilities in North America and the Asia-Pacific region; and devices beyond Triconex controllers.
  • HEXANE has begun attacking oil and gas and telecommunications in Africa, the Middle East and Southwest Asia.
  • DYMALLOY is an aggressive and capable group that can achieve long-term and persistent access to IT and OT environments for intelligence collection and possible future disruption attacks.

Defending an Oil and Gas Operation

Threats toward the oil and gas industry are increasing, with targets including both IT and OT environments. This is a critical time to invest in security operations centers (SOCs) by bringing OT into their scope and by assessing existing gaps in SOCs. The threats are evolving, so organizations need to adapt their strategy towards security and their SOCs continuously.
The U.S. federal government has developed the Oil and Natural Gas Subsector Cybersecurity Capability Maturity Model (ONG-C2M2) to help organizations to assess their SOC and improve their cybersecurity. For more on the maturity model, see A_Quick_Guide_to_Using_the_ONGC2M2_Model.

More from Energy & Utility

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

The UK energy sector faces an expanding OT threat landscape

3 min read - Critical infrastructure is under attack in almost every country, but especially in the United Kingdom. The UK was the most attacked country in Europe, which is already the region most impacted by cyber incidents. The energy industry is taking the brunt of those cyberattacks, according to IBM’s X-Force Threat Intelligence Index 2024.The energy sector is a favorite target for threat actors. The complexity of systems and the reliance on legacy OT systems make them easy prey. Because of the critical…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today