Cyberattacks are rising and O&G is the biggest target

Cyberattacks have been on the rise in the last two decades and its no big news for anyone associated with security.

However, the alarming aspect of these attacks is the increased focus of attackers on the Industrial Control Systems (ICS). ICS networks are targeted more because of the high impact attacks on them can have both in terms of affecting a company as well as creating ripples in world news. While ICS attacks have been rising overall, the oil and gas industry has been impacted the most with attacks like the Stuxnet incident or the attacks on the Norwegian O&G Industry back in 2014.

Why Oil and Gas

Oil and Gas Industry remains the favorite hunting ground for modern day attackers primarily due to two reasons

1. The potential impact will more likely be an explosion with human casualties. This happens since the industrial processes have inflammable hydrocarbons in the production or processing facilities. Human casualties are noticed by the wider community and are likely to fetch the highest returns for an attacker whether he is looking for financial gains or is looking to create high impact with this act.
2. Today's political set up is full of conflicts and various countries look at the Oil and Gas Industry as a great place to harm their so-called enemy nations. In many cases, attackers are sponsored by a country to cause an impact in their rival nation's economy.

Why does it need immediate attention

Cyber attacks in the modern world are no longer the result of an Internet savvy individual who was playing around on the internet. It has grown into an organized crime where a gang of individuals teams and works over a given period of time to penetrate the operating environments (OT) of target companies. In many cases, these gangs are state sponsored or at the very least funded by the underworld community. This makes these gangs extremely well supported and provides them with the time, money and technical help they need to cause large scale attacks on organizations.

Secondly, Cyberattackers all over the world have been doing their own research and have now built unique capabilities to penetrate the ICS environments of companies. Some of these attacks are automated and even more sophisticated making it harder to react appropriately and within time. The BoTs used are capable of both manipulating the users as well as moving into the network very quickly to cause maximum impact.

In some cases, its not even a human but an algorithm which has cognitive abilities attacking the ICS network and causing not only a huge initial impact but also moving it through the network at a much accelerated pace.

What is to be done

Oil and Gas companies need to acknowledge the looming threat and also accept that at some point in time they will be attacked. Therefore, it is not only important to prevent an attack through proactive network monitoring but also be ready with an appropriate incident management plan.

There are additional items of attention like a well-defined governance model, appropriate zoning for easier isolation when attacked and required training to engineers in the operating environment for early detection and reaction.

It will also be important to have a robust disaster recovery plan which is again safeguarded by a security solution to prevent damages to data or even a lockout. In other words, companies need to defend while reacting as well so they can minimize the impact of the attack.

An oil and gas company usually maintains various types of databases and associated networks and need to work much harder than their counterparts to not only prevent such attacks but also minimize impact when attacked.