Why it Matters
There is reason to have serious concerns if a hacker prevails over a network system within the oil and gas industry. First and foremost, the personal information of millions of clients can be sold, or traded, to land in the hands of others that have nothing but ill intentions. Personal information is obtained using tactics that are more common rather than complex- known as, spear-phishing and waterholing.
Spear-phishing is sending what appears to be a legitimate email to a particular group of people that are usually included on a target list. In the field of energy, the target list would include some of the upper echelon that had control over the transfer of monies and information. The email is prepared strategically according to the information surrounding an individual that a hacker has already collected. The email will typically appeal to the targeted individual creating a higher probability that it will be opened. A malicious link is contained in the email that directs the user to a malicious site that will download software that will infect the computer system being used.
Waterholing involves hacking into websites that the intended targets are sure to visit. Hackers replace site codes with duplicate malicious codes to ensure that a computer system will be infected by a user. Both methods put the user at risk of infecting their own system unknowingly that can lead to hackers taking over the control system within an energy establishment that links to every aspect of an operation. This attack combination can result in dire consequences at every level of an operation.
The oil and gas industry uses control systems to monitor and control processes linked to processing, storage, and movement of product. Typically control systems are believed to be a waste of time for hackers to pursue, and cyber security is not necessary for these systems because they are considered standalone or not connected. This thought process is flawed because control systems are in fact connected somehow to the Internet, typically through a business network.
The ability of a hacker to reach a control system with the above tactics is completely feasible. The takeover of a control system in oil and gas can affect the processing of goods in detrimental ways. The storage and transfer of products could be directed to provide an extreme amount of oil and gas to a location that was not necessarily en-route for delivery, while causing an absence of product in a location or country that is highly dependent on oil and gas.
Stay tuned for our next post on hackers!