Monday , 15 October 2018
Home » NEWS » THIS WEEK’S GURUS » Defending the oil and gas sector from cyber-attacks
Josh Lefkowitz, CEO, Flashpoint
Defending the oil and gas sector from cyber-attacks

Defending the oil and gas sector from cyber-attacks

Despite the rise of alternative energy sources, the oil and gas (ONG) sector remains integral to the global economy. The success of the ONG sector is intertwined with the success and viability of other sectors — particularly those that are dependent upon natural resources, from shipping to plastic production. This correlation seems set to continue for the foreseeable future.

However, the ONG sector’s success is also influenced by a critical yet lesser-known variable: cyber threats. Following attacks such as Mirai, WannaCry, NotPetya, and others that have yielded substantial damages across many sectors in recent years, safeguarding the ONG sector from cyber attacks is vitally important.

Since adversaries targeting ONG companies tend to be quite complex, addressing and mitigating these threats can be very challenging . These adversaries include state-sponsored actors, jihadists, activists, and hacktivists. While each group has different levels of sophistication and potential alongside diverse motives and goals, they all seek to disrupt the operations of or obtain invaluable information from ONG companies.

State-sponsored actors in particular have a history of targeting the ONG sector for political purposes, and often have the ample resources needed to achieve their objectives. In contrast, jihadist actors typically seek to disrupt economies and carry out attacks for adversarial and ideological gain. When compared to other groups of adversaries, jihadists tend to possess fewer skills and resources for carrying out disruptive cyber attacks on well-defended ONG companies.

To that end, here I’ll look in more detail at the various adversaries posing a significant risk to the ONG sector:

State-Sponsored Actors

State-sponsored actors have become widely-recognised as capable of deploying sophisticated and destructive threats across all sectors—including ONG. Such actors often seek to cause widespread damage, disrupt operations, and gain a competitive political or military advantage. Indeed, Flashpoint’s 2017 threat matrix identifies ONG alongside the telecommunications, financial services, and military/government sectors as key targets for nation-state actors such as China, Iran, North Korea, Russia, and the Five Eyes.

Flashpoint’s threat matrix also shows that state-sponsored actors consider ONG to be a valuable and legitimate target. These actors will likely prioritise carrying out cyber attacks on operators in this sector over other targets such as retail, legal, healthcare, and the public sector.

Historically, state-sponsored actors have targeted oil and gas companies’ industrial control systems, attacked various regional entities, and sought access to confidential data in support of military initiatives. Following the 2012 attack on Saudi Aramco’s cyber infrastructure, nearly 75 percent of the company’s data was lost and operations were disrupted for months. The attack was attributed to Iranian hackers carrying out reprisal attacks on Saudi Arabia as a result of its foreign affairs agenda in the Middle East.


For many terrorist groups, oil is a lifeblood. Profits from the theft and illicit sale of oil enables these groups to fund  activities to further their agendas. ISIS in particular has been known to target oil pipelines throughout Syria and Iraq.

By compromising energy infrastructure, jihadists could potentially disrupt a target country’s economy, which remains a high priority for ISIS and its affiliates. Given that many oil and gas companies maintain operations in regions prone to jihadist activity, they may serve as highly desirable and accessible targets for various terrorist groups.

While typically considered of lower skill and sophistication than state-sponsored actors, jihadists seem increasingly keen on building their cyber capabilities, enabling them to fight both online and offline. As such, threats from jihadist groups are worth monitoring and acknowledging as significant, given the physical attacks such groups already carry out targeting the oil and gas industry.


The ONG sector’s entanglement in complex geopolitical and environmental issues tends to fuel activist agendas. These actors’ activities typically revolve around physical protests and demonstrations, online petitions, social media campaigns, and legal filings. Many direct-action protesters have historically been known to attempt to physically block the construction of oil and gas pipelines. While such actors tend to be far less sophisticated than their state-sponsored counterparts, they do pose a threat both to the operational continuity and brand reputations of oil and gas companies.


Hacktivist groups are similar to activists in that they tend to be less sophisticated, yet still disruptive and usually driven by issue-centric agendas. Unlike activists, whose disruption stems largely from their physical presence, hacktivists leverage the internet and cyber attack vectors to target oil and gas companies.

Many hacktivist groups have been known to launch large-scale DDoS attacks against these companies’ websites and digital systems. Online defacements and malicious social media campaigns have also occurred and caused substantial reputational damages for the afflicted companies. As many hacktivist groups, especially those based in non-Western nations, continue to recruit supporters and advance their capabilities, ONG companies need to recognise that the nature and locations of their operations are often sufficient to fuel hacktivists’ agendas.

How can the oil and gas industry defend itself from cyber attacks?

Above all, it’s crucial to recognise what many state-sponsored actors, jihadists, activists, and hacktivists have in common: in seeking to disrupt the operational continuity of the ONG sector, their activities are often planned and discussed within the confines of the Deep & Dark Web. As such, combatting such threats requires substantial subject matter expertise, advanced cultural and linguistic knowledge, and comprehensive visibility of these difficult-to-access regions of the Internet.

Understanding adversaries is crucial to fighting off their attacks. When it comes to cybersecurity, understandably, resources are often focused on the most consistent forms of attack. Given the sheer volume of attacks, defence is often reactive rather than proactive. Regardless of an organisation’s sector, effective defence requires proactive visibility into the threat landscape. Gleaning intelligence from high-value sources within the Deep & Dark Web where adversaries congregate and threats are developed is key.

Although adversaries may use technology to automate and increase the efficacy of their schemes, at the end of the day it is humans that plan and initiate cyber attacks. As I’ve shown, motivations vary from revenge on a country’s political regime to a direct dislike of the ONG sector. There are many other drivers at play as well, all of which underpin the tangible and often complex threat landscape in which ONG companies operate.

With oil and gas accounting for over 50 percent of the world’s energy consumption, the stakes of risk mitigation efforts are high. Attacks on the sector can be extremely lucrative for the attackers. And as many ONG companies are multinational and maintain vast global footprints, large-scale cyber attacks can yield substantial and potentially devastating damages. Above all else, it’s crucial for ONG companies to recognize these risks and work to gain proactive visibility into relevant threats and adversaries. Indeed, Business Risk Intelligence is essential.

About Dean Alvarez

Dean is Features Editor at IT Security Guru. Aside from cyber security and all things tech, Dean's interests include wine tasting, roller blading and playing the oboe in his Christian rock band, Noughts & Crosses.

You can reach Dean via email -