DALLAS—“Energy firms are the most targeted sector of our economy” by computer hackers and the industry must respond accordingly to the threat, according to a University of Oklahoma law professor.
Dr. Joseph Dancy, who serves as executive director of the OU college’s Oil and Gas, Natural Resources and Energy Center, told a recent Petroleum Engineer’s Club of Dallas luncheon that cyber attacks on the energy sector increased 82% in 2017. “The threat is dynamic in nature,” he warned. That creates significant challenges not only for IT staffs but for management.
Compounding that threat for management, there are no set standards from a legal perspective of what constitutes proper safeguards, Dancy said. Cyber attacks change rapidly by sources and methods “so there are no rules, we’re just supposed to have a ‘reasonable standard.’ But what is that?” he added. “Negligence changes over time... you really can’t tell what the risks are.”
In some cases, hackers dwell internally—the threat is not always external, Dancy reminded his audience. “They could be on the IT staff and they could cause a lot of damage before they are found out.”
As a result, management “has to rely on experts to advise on what is a prudent course of action.” But even the experts may not be aware of the latest techniques. It’s imperative that firms “keep updates current, and make sure your IT people are good.”
The threat isn’t isolated to the energy business, of course. He cited several examples of Internet and computer attacks for ransom and sabotage, including a German steel mill where hackers cut off operators’ ability to shut down its blast furnaces. Workers stood by helplessly while the furnaces literally burned up, destroying the plant.
Pipelines may be especially susceptible to computer hacks since much of the U.S. pipeline network is older—built in an era when such security risks did not exist. For example, he said it would be possible for hackers to shut down the gas pipeline network serving Dallas by interfering with just a few interconnections and noted the local utility and gas transmission lines have installed remarkable software to combat such a threat.
Management needs to make data backup a priority, he said, on the assumption that there could be—and likely will be—an interruption of corporate computing and SCADA systems. “You need to think about it because there will be a material breach,” Dancy cautioned.
The threat has led to the emergence of cybersecurity insurance. And as is the case with all insurance, that requires a careful balance by management of expense vs. risk.
“If you have a determined hacker they will break in,” Dancy said. And there are determined hackers out there connected to foreign governments, extremist environmental groups and some who hack for some morbid sense of fun, he added.
Paul Hart can be reached at pdhart@hartenergy.com.
Recommended Reading
Exclusive Occidental, CrownRock Merge Into Team of Overachievers
2024-12-10 - Thaimar Ramirez, president and general manager for Occidental Petroleum’s Midland Basin Business Unit, said 100 days after closing the CrownRock acquisition production guidance keeps going higher.
TotalEnergies Closes $1.4B Acquisition of Malaysia’s SapuraOMV
2024-12-10 - TotalEnergies acquired SapuraOMV’s main assets in blocks SK408 and SK310, both located offshore Sarawak in Malaysia.
BP, Pulling Back from Renewables, Enters $5.8B JV with JERA
2024-12-09 - The 50-50 joint venture with JERA takes shape as BP pulls back from renewables to focus on higher returns and cash flow generation.
BP Seeks Buyers for US NatGas Pipeline System Stake, Sources Say
2024-12-06 - BP is seeking buyers for a stake in its U.S. natural gas pipeline network, sources say.
Chevron’s Texas Haynesville May Fetch $1B from Tokyo Gas—Report
2024-10-08 - Chevron holds more than 70,000 net acres in Panola County, Texas, but had only five Haynesville wells on the acreage at year-end 2023.
Comments
Add new comment
This conversation is moderated according to Hart Energy community rules. Please read the rules before joining the discussion. If you’re experiencing any technical problems, please contact our customer care team.