The decision to merge production systems and IT networks has left them vulnerable to a cyber attack that could threaten to shut down production, the business advisory giant KPMG said.
The UK government has already estimated that oil and gas firms lose almost £400 million each year through cyber crime and theft of their intellectual property.
George Scott, head of information protection and business resilience for KPMG in Scotland, said that because of the “highly competitive market”, oil firms were under increasing pressure to reduce costs by integrating their industrial control systems – which monitor and manage production and supply – with the rest of their IT systems and wider networks.
He said: “While this improves efficiency and allows real-time data from field operations to be shared with management onshore, this exposes pipelines to cyber attacks they were never designed to resist.
“While the issue of industrial espionage is not new, developments in pipeline management which have seen traditionally closed systems integrated with wider networks mean oil and gas companies must also address the potential of cyber attacks on their supply.”
Mr Scott added: “With an ever more dispersed workforce relying on mobile devices to share information, it’s important oil and gas businesses are aware of the risks and have a strategy to deal with them, by putting in place procedures to police the way mobile technologies are used.”
Experts from KPMG are planning a summit in Aberdeen next week for oil and gas industry leaders to highlight the dangers posed by “emerging cyber security risks”.
Mark Mair, a leading expert, backed the call for increased vigilance, saying: “We have already seen campaign groups target oil majors by hacking their data and posting it online.
“I believe that is just the tip of the iceberg. Many cyber terrorists live for the buzz of infiltrating what is claimed to be an impenetrable ring of security and could attempt to shut down oil production on a North Sea platform simply to show that they can.”
He said companies in the energy sector had become “prime targets” due to the high-value nature of their operations and intellectual property.
“Aberdeen is a region synonymous with the oil and gas industry and therefore the IT networks of businesses in the area are a lucrative proposition to cyber criminals,” Mr Mair, of Skibo Technologies, said.
“We recently investigated one case where a cyber criminal stole £1.2m from the bank account of an oil company by sending a few carefully crafted e-mails to a new member of staff in the finance department.”
Robert Paterson, Oil and Gas UK’s health and safety director, said talks were already being held on a national level about the cyber threat.
“The industry is very alert to these issues and employs specialists to monitor and address cyber-security matters,” he said. “These specialists maintain close links with the UK government.”