Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security //

Risk Management

08:05 AM
Larry Loeb
Larry Loeb
Larry Loeb

Oil & Gas Industry Face Significant Cybersecurity Threat Study

A Ponemon survey finds a growing concern among cybersecurity professionals who work in the world's oil and gas industries.\r\n\r\n

A significant majority of oil and gas companies have reported a serious security breach or incident in the past year, according to a new report. This comes at a time when the safety of critical infrastructure facilities is under renewed scrutiny following a series of attacks and government warnings.

The Ponemon Institute conducted the survey of security in the oil and gas industry, which is based on the results of 176 people responsible for cybersecurity within companies based in the Middle East. Siemens, which sells products and technology into that market, funded the study.

The results come less than a week after the US Computer Emergency Readiness Team (US-CERT), along with the FBI and the Department of Homeland security, issued a warning that charged several Russia-based group with hacking into several critical facilities, including oil, gas and other energy firms. (See FBI & DHS Accuse Russia of Hacking Critical Infrastructure.)

(Source: Pixabay)
(Source: Pixabay)

The Ponemon study found that there were a significant number of security incidents in the oil and gas industry, which researchers defined as disruption to operations in the operational technology (OT) environment or the loss of confidential information.

Of those surveyed, 11% reported that they had experienced more than 10 OT network intrusions, which is three times the global average. Not only that, nearly half of the respondents believe that they may not be aware of all breaches that have occurred.

The specifics of the OT environment weighed heavily on the participants in the study. Two-thirds of those interviewed believe that the risk of attack has grown on OT over the last several years. In addition, 60% report that the risk to OT is greater than the danger posed to traditional IT systems.

The respondents report that there are certain items that are most at risk from these incidents, including exploratory information, production information, potential partners, financial and organizational reports, operational data, information on drilling sites, and field production data that is collected by sensors.

The top cybersecurity threat for 68% of those surveyed was a careless or negligent insider, as opposed to 21% believing it was a criminal or malicious insider.

Respondents also attribute the cyber risk their organizations face to uncertainty about the cybersecurity practices of third parties in the supply chain and the difficulty in mitigating risks across the entire oil and gas value chain.

Additionally, respondents report that the primary reason that their organizations are at risk is a lack of cybersecurity awareness and training among employees. Other important factors that they perceive are a limited cybersecurity culture among their vendors, suppliers and contractors, as well as the use of standard IT products that have known vulnerabilities in the production environment.

The fundamentals of network security are being redefined -- don't get left in the dark by a DDoS attack! Join us in Austin from May 14-16 at the fifth-annual Big Communications Event. There's still time to register and communications service providers get in free!

The OT companies seem to realize they are at risk.

However, only 27% of respondents expressed confidence in their ability to assess cybersecurity risks and allocate the resources necessary to address those concerns. Overall, a third of their cybersecurity budget is directed at protecting OT environments.

Only 39% of respondents plan on hardening the endpoints of their systems, and 20% report that they plan on adopting analytics solutions over the next year.

Organizations that adopt a risk-based and compliance-based approach to their OT security programs have the best chance of keeping their OT operations both secure and running without problems, the study found.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-10-22
Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.
PUBLISHED: 2021-10-22
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blo...
PUBLISHED: 2021-10-22
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X...
PUBLISHED: 2021-10-22
eLabFTW is an open source electronic lab notebook manager for research teams. In versions of eLabFTW before 4.1.0, it allows attackers to bypass a brute-force protection mechanism by using many different forged PHPSESSID values in HTTP Cookie header. This issue has been addressed by implementing bru...
PUBLISHED: 2021-10-22
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.