December 13, 2011
World’s Oil Supply Threatened By Cyber Attacks
Shell Oil IT manager Ludolf Luehmann recently expressed fears of increasing numbers and sophistication of cyber attacks on the oil industry at the World Petroleum Conference in Doha, Qatar. He said the hacks were motivated by both commercial and criminal intent and that a “new dimension” of attack which could leave physical machinery at serious risk, Daniel Fineren of Reuters is reporting.
“It will cost lives and it will cost production, it will cost money, cause fires and cause loss of containment, environmental damage - huge, huge damage,” he told the members of the conference.
He made reference to the Stuxnet “worm”, a computer virus discovered during the summer of last year that was designed to attack industrial systems and that such cyber-attacks could have a real-world consequence on business processes.
“If anybody gets into the area where you can control opening and closing of valves, or release valves, you can imagine what happens,” Luehmann continued.
Shell Oil declined further comment on Luehmann´s statements when contacted by the BBC, and British Petroleum (BP), itself a target of high-profile cyber-attacks said it did not speak publicly about security issues as a matter of company policy.
Director of international government relations at Canadian energy company Nexen, Dennis Painchaud, said targeted attacks, such as Stuxnet and more recent threats, form a “very significant risk to our business”. “Cybercrime is a huge issue. It´s not restricted to one company or another - it´s really broad and it is ongoing, UPI.com reports.
“It´s something that we have to stay on top of every day. It is a risk that is only going to grow and is probably one of the pre-eminent risks that we face today and will continue to face for some time.”
As recently as this past October, security software maker Symantec said it had found a computer virus that contained code similar to Stuxnet, called Duqu, which appears to gather data making it easier hackers to gain entry into computer systems.
While most other businesses can shut down their IT systems and install software patches and update vulnerable operating systems, energy companies cannot keep taking down refineries and pipelines to patch up security holes. “Oil needs to keep on flowing,” said Riemer Brouwer, head of IT security at Abu Dhabi Company for Onshore Oil Operations (ADCO).
“We have a very strategic position in the global oil and gas market,” he added. “If they could bring down one of the big players in the oil and gas market you can imagine what this will do for the oil price - it would blow the market.”
Hackers finance their operations by using options markets to bet on the price movements caused by disruptions, Brouwer said. “So far we haven´t had any major incidents,” he said. “But are we really in control? The answer has to be ℠no´.”
On the Net: