Current trends and challenges of cyber security in oil and gas sectors

Professor Chris Hankin

Interview with Chris Hankin, Professor, Imperial College London

In preparation for upcoming 6th annual Oil and Gas Cyber Security event (27 – 28 June 2016, Amsterdam, Netherlands), SMi Group was delighted to catch up with a conference chairman Chris Hankin.

SMi: How would you describe the current trends and challenges of cyber security in the oil and gas sectors?

C. H.: Looking at the statistics that are available, what we are seeing is that the energy sector generally has been the largest single target for cyber-attacks for the last two or three years. Whilst those incidents haven’t led to any physical damage to industrial plants it is clear that many of those attacks have been about collecting information about configuration of industrial control systems and process control data. Therefore if you look at this in the long term, you could imagine that what we might see as a trend going forward is that there will be more and more attacks that lead to actual sabotage to the underlying industrial plant. There are very few examples of this which are out there in the public but there is beginning to be some analysis of the Ukrainian power outage last December. This follows the pattern that people know quite a lot about the configuration of the power system. Part of this attack is about physically disconnecting parts of the power network but there is also quite a sophisticated cyber-attack behind the whole incident. One of the trends we might see in the future is, rather than people just stealing the data, they might use that data to physically harm the underlying physical infrastructure that is being used.

The second trend is that the industrial control systems are no longer quite as isolated and air-gapped from the world as they used to be because we are using internet enabled devices in our control systems. Therefore there are some implications from that connectivity that could result in one part of the system cascading over to another part. This might be something we see more of in the future.
SMi: What has been the biggest change/milestone in the last 12 months?

C.H.: I am only aware of incidents that have been publically reported and it would seem that in the last 12 months there have been two fairly major events which are being discussed in the open source literature. One of which there are not many details about but it is to do with the German Steel Mill attack which happened a the beginning of 2014 but the information about it only started coming out about 12 months ago. There seems to be millions worth of damage done to a blast furnace in Germany. Fast forwarding to the end of last year, where we have more details is what happened with the Ukranian power distribution network. If you attended ICS cyber security conferences two years ago people would tend to still cite examples such as Stuxnet as a primary example of an attack on an ICS or it might be about the cyber-attacks on Saudi Aramco’s systems. There are now a number of other examples where people are beginning to talk about more openly which suggest there are more issues to be addressed. There are more things out there to raise alarm but also to learn from.


SMi: Can you tell us a bit about the current focus/ technology developments of cyber security in the oil and gas sectors?

C.H.: One thing that has certainly happened is that some EU governments and indeed international governments have begun to take a more active interest in threat to industrial control systems and critical national infrastructure. We have seen in the last twelve months, emergence of fairly large research programmes trying to look at the future evolution of cyber security in the oil and gas sectors. There has also been a growth in consideration of standards and certification in this area. The ERNCIP network reflects activity in the European governments on which standards need to be in place to protect critical infrastructure operators in Europe from cyber-attack. These are indicative of growing awareness that there are other things besides data that are worth attacking in these sectors. In particular, the physical infrastructure that some of these companies operate.


SMi: How has the plummet of oil px affected cyber security in the oil and gas sector?
C.H.: I don’t think the plummet of oil price has affected cyber security in the oil and gas sectors. These companies are still very wealthy and damaging their pipelines is not only a way of attacking the companies themselves but it is also a way of damaging the national economy. Therefore, the oil price is almost a secondary thing. Oil and gas is not only part of our energy supply but it also supports a number of other industries and so disruption of oil and gas industries has secondary effects on many other areas.
SMi: What’d you like to gain from this meeting?
C.H.: They are extremely good networking opportunities and moreover SMi conferences bring academics together with industry and government. This is important as we need to have conversations together. The SMI conferences in particular bring together a good mix of industry people. Not only people from the oil and gas sector but also from a wide range of suppliers. One would hope that the work that us academics are doing will help the work of the suppliers and the work the suppliers are doing will help the oil and gas sectors. Therefore it is important that we talk to all of them. The only way we get to meet these people are in the context of these types of conferences.