Cyber-attaque et raffinerie pétrochimique

The NSA’s General Keith Alexander recently mentioned that 41% of cyber-attacks target the energy industry, and in particular oil and gas companies. Cyber-security and the fight against cyberattacks should be a central concern of these industries, along with production.

Strategic targets for hackers

Global trade is fundamentally dependent on fossil fuels, primarily oil and gas. Presently, there is no alternative to the oil and gas industry for the global economy to procure the energy necessary to transform, produce and transport manufacturing goods. In addition, the industry itself is a major generator of profits ($1.3 trillion USD in 2013 according to Statistica), and is also at the core of numerous geopolitical conflicts. Cyber-pirates are fully aware that hacking into the systems of an oil and gas company gives them the ability to destabilize an entire local, if not global economy.

Non-negligible impacts

The goal of a cyber-attack is to take control of all systems of a company in order to disrupt or even halt its operations. This obviously concerns the IT systems, but also exploitation and production systems.

In the case of the oil and gas industry for example, such actions can have an impact on the entire automation of production (Supervisory control and data acquisition, Digital control systems, etc) such as:

  • Machine malfunction
  • Pollution through the spillage of toxic waste
  • Program wipe-out
  • Tangible asset or economic loss
  • Irreversible loss of strategic data (historical production throughput, etc)

Such attacks have already inflicted significant harm on the oil and gas industry. In April 2012, a large part of Iran’s oil production was affected by a virus, and resulted in the government deciding to cut all internet connections of its oil terminals (source: New York Times). The Norwegian oil industry fell victim to a massive attack in 2014, resulting in the hacking of the drilling, exploration and engineering data of more than 50 companies (source: the Local).

It is easy to understand how catastrophic the consequences of such attacks can be. As such, it is obviously necessary to implement cyber-security solutions that are able to protect the sites of the oil and gas industry. Each and every site must be capable of fending off a cyber-attack, but also be able to prevent them by having an adapted and robust system, covering both cyber-security protection and prevention.