The global energy sector is becoming increasingly vulnerable to cyber attacks and hacking, due to the widespread adoption of internet based or open industrial control systems (ICS) to reduce costs, improve efficiency and streamline operations in next generation infrastructure developments. A new report from Marsh, Advanced Cyber Attacks on Global Energy Facilities, energy firms are being disproportionately targeted by increasingly sophisticated hacker networks that are motivated by commercial and political gain.
Andrew George, Chairman of Marsh’s Global Energy Practice said, ‘open ICS have integrated controls that are linked with other information technology networks, giving hackers the opportunity to gain access through back doors and exploit system weaknesses to their advantage.
‘While the global energy sector has yet to experience a catastrophic physical damage loss as a result of a cyber attack, its resiliency to date is certainly not due to a lack of effort on the part of hackers. Several energy firms have suffered attacks originating from malicious software or viruses, which have disrupted production and destroyed computer hardware.
‘A successful attack on computer control or emergency shutdown systems, even at a small refinery, petrochemicals or gas plant, could result in estimated maximum loss as a result of fire or explosion worth hundreds of million of dollars.’
Where is the threat?
New projects do generally incorporate more sophisticated risk management practices and apply rigorous standards to minimise risk, however, Marsh’s research shows that cyber risk is accentuated at the beginning and end of the project lifecycle, during the design and decommissioning stages. Marsh refers to this as the ‘ICS security risk reliability bath tub curve.’
George continued, ‘while insurance is vital in mitigating the impact of cyber attacks on energy companies’ bottom lines, the nature and changing risk profile of the cyber threat demands a collaborative, risk based approach from businesses and governments around the world. Energy companies should consider the risk of cyber attack as an inevitable one, and focus on preparing scenarios to identify, respond and contain any attacks accordingly.’
Adapted from a press release by Claira Lloyd.
Read the article online at: https://www.oilfieldtechnology.com/exploration/18032014/cyber_attacks_on_energy_industry275/