US Oil and Gas Firms Woefully Exposed to Cyber Threats

The US oil and gas industry is failing to keep pace with the growing threat from cyberspace, with two-thirds (68%) of organizations suffering a major security breach in the past year, according to a new study.

Industrial control systems manufacturer Siemens commissioned the Ponemon Institute to interview over 370 people responsible for securing or overseeing cyber risk in the operational technology (OT) environment of oil and gas companies.

It claimed that the figure for those who have lost sensitive info or suffered operational disruptions because of a cyber issue could be even higher, with nearly half (46%) of attacks thought to go undetected.

Indeed, it is these operational rather than information systems which are exposed to greater risk from cyberspace, according to more than half (59%) of respondents.

Some 61% said their industrial control systems are not sufficiently protected, and nearly two-thirds (65%) claimed the biggest threat is negligent or careless insiders.

That’s compounded by 15% who pointed to malicious insiders.

Given the threats facing these firms, it’s worrying that less than half (41%) say they have continuous monitoring in place.

What’s more, in the next 12 months, only 48% said they plan to use encryption for data in transit, only 39% plan to deploy hardened endpoints and only 20% will adopt user behavior analytics (UBA), despite the vast majority of respondents claiming these measures would be very effective in securing their environments.

Recent state-sponsored attacks on Ukrainian infrastructure, including power stations, have shown the growing threat to CNI organizations from cyberspace. That’s why Enisa organized pan-European exercises in October last year designed to better protect the EU against co-ordinated attack.

Nozomi Networks CEO, Edgard Capdevielle, argued that real-time monitoring and process anomaly detection are vital to spot signs of a breach.

“The combination of rapidly advancing digitally connected industrial components against an escalating threat landscape, with operators facing energy price pressures which in turn can restrain investments, have combined to create a truly testing environment that’s balanced on a knife-edge,” he added.

What’s Hot on Infosecurity Magazine?