Cyber security attacks against oil and gas organizations increasing

According to a report sponsored by Tripwire and conducted by Dimensional Research in November 2015, 82% of oil and gas industry respondents said their organizations registered an increase in successful cyber attacks over the past 12 months.
By Gregory Hale, ISSSource.com February 23, 2016

There has been a hike in cyber attacks against oil and gas organizations over the past 12 months, according to a report sponsored by Tripwire and conducted by Dimensional Research in November 2015. In the report, 82% of oil and gas industry respondents said their organizations registered an increase in successful cyber attacks over the past 12 months.

On top of that, 53% of respondents said the rate of cyber attacks has increased between 50 and 100% over the past month.

Tripwire’s study showed 21% of the respondents have seen an increase of between 20 and 50% in successful attacks, 13% registered an increase of between 10 and 20%, while 11% saw an increase of less than 10%. Two percent of the respondents pointed at the number of cyber-attacks being more than double in the past month.

The report also found 69% of respondents said they were "not confident" in their organizations’ ability to detect all cyber attacks. Focused on the cyber security challenges faced by organizations in the energy sector, the study received responses from over 150 information technology (IT) professionals in the energy, utilities, and oil and gas industries.

According to the survey, 72% of respondents said one executive is responsible for securing both IT and operational technology (OT) environments.

The energy sector has seen a large number of cyber-attacks over the past years, and the Department of Homeland Security said it is the most attacked industry. Additionally, the sector also felt the sting of state-sponsored cyber espionage campaigns, including Energetic Bear.

However, although cyber threats targeting the electric grid gain attention, the oil and gas industry has not received the same level of scrutiny, Tripwire said.

"There are more than 2.3 million miles of pipeline in the United States, meant to connect to a variety of businesses, including refineries and airports," Tim Erlin, director, security and IT risk strategist at Tripwire, said in a blog post. "Moreover, with a vast industry of supporting organizations around oil and gas production and distribution, the industry deserves as much attention when it comes to cyber security as the electric grid."

The industry should focus on reducing the number of attacks by eliminating threat actors and by reducing the overall attack surface, Erlin said.

"It’s unrealistic to believe that 100% of the threats can be eliminated, so there’s always a need for accurate detection of successful attacks," Erlin said. "There are also ways in which an ICS-centric environment is actually more defensible than corporate IT. Oil and gas companies should look at how they can detect anomalous activity or unauthorized changes in their control environments in order to improve this metric."

Gregory Hale is the editor and founder of Industrial Safety and Security Source (ISSSource.com), a news and information website covering safety and security issues in the manufacturing automation sector. This content originally appeared on ISSSource.com. Edited by Chris Vavra, production editor, CFE Media, 
cvavra@cfemedia.com.

ONLINE extra

See additional stories from ISSSource about cyber security below.

Click here to view the survey.