As a highly critical sector, the oil and gas infrastructure should be one of the most secure, both physically and digitally. This is not the case.
A multi-billion dollar industry, trading one of the most valuable commodities on the market, is connecting its industrial control systems full of unpatched vulnerabilities to the Internet, where cybercriminals roam in all impunity.
These systems are poorly protected against cyber threats – at best, they are secured with IT solutions which are ill-adapted to legacy control systems such as SCADA.
“The lack of appropriate security has already allowed a number of destructive cyber-attacks to lay waste to some of the most high-profile companies in the industry,” says senior cybersecurity analyst Michela Menting. “From Night Dragon to Shamoon, oil and gas companies have been the victims of sophisticated cyber threats since 2009. Many of these attacks have caused significant financial damages – and yet the industry is painstakingly slow in deploying proper cybersecurity measures adapted to the infrastructure.”
This lax approach is not only careless, it can be dangerous. Illegal interception and modification of commands to pipelines could cause massive environmental disasters or even life-threatening situations. The terrorist threat is just as real online as it is in the physical world.
Inevitably, as the number of cyber-attacks increase in the coming year, realization of the financial implications of persistent cyber threats will boost cybersecurity spending in this field during the forecasted period.
Spending is set to pick up considerably from 2014 onwards. ABI Research calculates that cybersecurity spending on the oil & gas critical infrastructure will reach $1.87 billion by 2018. This includes spending on IT networks, industrial control systems and data security; counter measures; and policies and procedures.