An recent article in Alberta Venture discusses the increasing risk of cyber attacks on oil and gas companies.
According to the article, it is well understood that as more pieces of key oil and gas infrastructure are connected to the Internet of Things, risks to these companies are real and growing. For example, the industrial control systems (ICS) that control, monitor and manage infrastructure in industries like oil and gas are now more commonly connected to the internet to facilitate remote accessibility and monitoring, leaving them more susceptible to attack.
The geopolitical significance of the energy sector makes it a prime target for these attacks, according to Michael Argast of Telus. “The risks are higher in the energy sector than they are in other business sectors based on the kind of adversary they’re up against.” He continues that the cost to deploy a targeted attack has dropped in the last few years, and the once common “spray and pray” attacks are being replaced by more sophisticated, never-before-seen, targeted mal-ware.
As a result, Justin Fong of Deloitte says that defence tactics have changed, as it is no longer a case of if a company will be attacked, but when. “It’s like the human body,” says Fong. “We get attacked by bacteria and inevitably we are going to [contract] some sort of sickness. The key is to minimize and mitigate any attacks, to be vigilant in detecting anomalous behaviours and to be able to manage the attack itself.”
While the government of Canada is working to impose stricter standards for security breach notifications, Argast warns that oil and gas companies should be conducting their own risk assessments for cyber attacks.