Few threats expose the true interdependency of cyber and physical security more than those targeting the oil and natural gas (ONG) sector. After all, oil and natural gas together account for 53 percent of the world’s energy consumption and remain integral determinants of both global trade and the economy. Safeguarding these resources and the systems on which they rely is crucial, especially given the uptick in incidents posing substantial cyber and physical risks to critical infrastructure.
However, addressing and mitigating threats to the ONG sector can be very challenging in part due to one particular factor: threat actors targeting ONG companies tend to be quite complex. Given that many security and intelligence professionals have been conditioned to combat threats posed by financially-motivated fraudsters and cybercriminals, they may not be fully-prepared to defend ONG companies from the myriad of threats posed by other types of malicious cyber and physical actors.
As such, it’s crucial for security and intelligence teams across the ONG sector to become as well-acquainted as possible with the following actor groups:
State-sponsored actors have become widely-recognised as capable of deploying sophisticated and damaging threats across all sectors — especially the ONG sector. Such actors often seek to cause widespread damage, disrupt operations, and gain a competitive political and/or military advantage. Historically, state-sponsored actors have targeted ONG industrial control systems, attacked various regional entities, and sought access to confidential data in support of military initiatives. Following the 2012 attack on Saudi Aramco’s cyber infrastructure, nearly 75 percent of the company’s data was lost and operations disrupted for months. The attack was attributed to Iranian hackers carrying out reprisal attacks on Saudi Arabia as a result of its foreign affairs agenda in the Middle East.
For many terrorist groups, oil is a lifeblood. Funding derived from the theft and illicit sale of oil enables these groups to conduct malicious activities and further their agendas. ISIS in particular has been known to target oil pipelines throughout Syria and Iraq for adversarial and ideological gain. Compromising energy infrastructure enables jihadists to potentially disrupt a target country’s economy, which remains a high-priority for ISIS and its affiliates. Given that many ONG companies maintain operations in regions prone to jihadist activity, they may serve as highly-desirable — and accessible — targets for various terrorist groups.
The ONG sector’s entanglement in complex geopolitical and environmental issues tends to fuel the agendas of activists. These actors’ activities typically revolve around physical protects and demonstrations, online petitions, social media campaigns, and legal filings. Many direct-action protesters have historically been known to attempt to physically block the construction of oil and gas pipelines. While such actors tend to be far less sophisticated than their state-sponsored counterparts, they do pose a threat both to the operational continuity and brand reputations of ONG companies.
Hacktivist groups are similar to activists in that they tend to be less-sophisticated yet disruptive and driven by issue-centric agendas. But unlike activists, whose disruption stems largely from their physical presence, hacktivists primarily leverage the internet and cyber attack methods to target ONG companies.
Many hacktivist groups have been known to launch large-scale DDoS attacks against these companies’ websites and digital systems. Online defacements and malicious social media campaigns have also occurred and caused substantial reputational damages for the afflicted companies. As many hacktivist groups — especially those based in non-Western nations — continue to recruit supporters and advance their capabilities, ONG companies need to recognise that the nature and locations of their operations are often sufficient to fuel hacktivists’ agendas.
Above all else, it’s crucial to recognise what many state-sponsored actors, jihadists, activists, and hacktivists have in common: they seek to disrupt the operational continuity of the ONG sector, and, more importantly, their malicious activities are often planned and discussed within the confines of the Deep & Dark Web. As such, combatting threats to the ONG sector requires substantial subject matter expertise, advanced cultural and linguistic knowledge, and comprehensive visibility in these difficult-to-access regions of the internet.
Written by Josh Lefkowitz, CEO at Flashpoint