Cyber attack on oil firms ‘could cost billions’

An expert has raised fears over the oil and gas industry's vulnerability to a cyber attack. Picture: Getty

And security experts claim that a computer-based attack by hackers, activists or even hostile nations on North Sea oil and gas production is now just a matter of time.

Cheryl Martin, director for UK cyber security at consultants CGI Group, said firms must be ready to defend themselves - or face the potentially crippling consequences.

Ms Martin said oil and gas platforms had already been targeted but so far no-one had breached tightened security measures.

She said: “These ‘hack-tivists’ and activists would be delighted to take over the production on an oil rig.

“Every industry has failed to catch up with this threat. The hackers and activists are ever developing.

“The are always one or two steps ahead. That’s why it’s not a question of if you are going to get attacked - it’s a question of when.

“It’s then how do you stop that attack or mitigate it.

“These attacks could cost in the billions of pounds.”

The warning comes after a global survey of oil and gas firms by PwC found that information security budgets averaged five million pounds in 2013 to combat the rising threat from computer attacks and security breaches.

And firms were told there had been a 179 per cent rise in the number of reported cyber-attacks on oil and gas companies, which soared above 6,500 cases last year.

Disgruntled former employees were also identified as possible threats to security during a summit in Aberdeen earlier this week where Ms Martin was a key speaker.

She said: “Companies are taking these threats extremely seriously and it is now deemed as being the top board room issue.

“The oil and gas industry has a number of different threats, including the geo-political.

“If you are looking at the drilling and exploration side of things, you are also dealing with opposition from the Greenpeace-type of group.”

Many oil and gas companies have upped their IT security after a cyber-attacker crippled the worlds most valuable company oil giant Saudi Aramco with a virus in August 2012.

More than 30,000 computer hard drives were wiped during the cyber attack - rendering them useless.

Ms Martin said sharing information on cyber threats across the industry was the only solution to combating hacking and security breaches.

She also said that steering the next generation to ethical hacking could prove to be an asset for firms who will need to stay up to date with the latest threats.

She said: “Collaboration is the only way we are really going to understand the motives behind some of the attacks.

“It’s really important that we encourage young people to get away from unethical hacking to ethical hacking.

“They are the next generation, a digital generation.

“We need to harness that and bring it into our industries.”

Business advisory giant KPMG warned last year that Scotland’s booming offshore industry was vulnerable to cyber attacks.

Specialists warned that cost cutting measures have left North Sea installations exposed to hackers.

Due to increased competition across the industry, many firms are merging oil and gas production systems to wider computer networks.

Joining up industrial control systems (ICS) - which monitor and manage production and supply - to general computer networks allows information to be shared more easily across the workforce.

But this means that if the system is compromised then oil and gas production could potentially be shut down.

Industry body Oil & Gas UK previously said it was aware of the threat of cyber attacks and liaising with the UK Government on a solution.