This post is also available in: עברית (Hebrew)
When we think about protecting critical infrastructure, we usually imagine cameras, fences, men with guns, and other physical manifestations of security. But experts are now warning that oil and gas companies should be worried about the threat of hackers targeting their facilities in a bid to steal commodities or cause damage.
With oil prices being extremely low, and with companies facing pressure to cut costs, the danger is particularly high now, warns Alexander Polyakov of ERPScan, a cyber security vendor.
“Oil and gas is a critical industry, with so many different critical processes,” he said. The oil business is convoluted, complex, and due to this very vulnerable. There are many pieces of software for hackers to target on the path from the oil rig to the petrol station. Sensors and digital control systems are now prevalent along the entire supply line, and many of them can be controlled remotely through the internet.
A hacker only needs to target one of these internet-connected control systems to achieve potentially catastrophic and deadly effects, he said.
Polyakov explained a method attackers could use to target a safety feature called Burner Management System (BMS) that is used to fire up and shut down furnaces used in the process of oil production. BMS is “easy to manipulate,” he said, and an attacker could relatively easily cause an explosion.
Energy providers should be “very worried” about these possibilities, he said.
“This is a stunningly active threat facing the critical infrastructure in the US right now, and if it’s not being taken seriously you’re being seriously naive. It’s time to address these issues,” a US government cybersecurity researcher who wished to remain anonymous told the Guardian.