Page 24: of Offshore Engineer Magazine (Jan/Feb 2013)

23 25

Lewis says ‘thousands of at Shell, Europe’s largest in Iran’s Natanz facility, version was launched. places around the world oil company, says: ‘We see shows the potential The second version had a were infected but only one an increasing number of devastation of a worm different trigger.

was damaged’, the Iranian attacks on our IT systems created to cause damage. Chevron was one of facility at Natanz. and information, and Experts say this kind of the ? rst oil companies to ‘Stuxnet is an there are various attack could occur on oil fall victim to the Stuxnet

Perspectives interesting weapons motivations behind it: producing offshore rigs. virus. design. You need to criminal and commercial,’ Riemer Brower, head of Blair Nicholas, of the law introduce the virus and perhaps focusing on IT security at Abu Dhabi ? rm Bernstein Litowitz then you need to trigger research and development Company for Onshore Oil Berger & Grossman, based it. It only works against to gain a competitive Operations, says the oil in San Diego, says: ‘To the a speci? c con? guration,’ advantage. industry has avoided any extent that there aren’t explains Lewis. The damaging incidents so adequate procedures

Sophisticated hackers in place to protect the

Cyber war experts like

James Lewis, of the

Center for International & Strategic Studies (CSIS), are aware that most industries operate on computers vulnerable to attack.

Hackers are increasing in number, becoming more knowledgeable and skilled, and making more daring attacks on systems. ‘The Chinese have been very successful,’ Lewis says.

Oil companies are warning that the worst-case scenario would companies’ crown jewels be one in which valves ? rst stage of the virus and somebody gets the key were accessed, which far, but he warns ‘the oil used a ‘beacon’ that to the jewelry box, there could set offshore rigs on companies in charge are no performed surveillance is certainly potential for ? re, kill personnel and longer really in control’. of the target, mapping shareholder derivative halt production. The cost an electrical blueprint of liability.’ of downtime on a typical Chevron victimized Iran’s centrifuges. The Besides Chevron, no offshore rig is California-based oil giant second stage, a trigger, other corporate victims $6.3 million/day, say Chevron has con? rmed its took advantage of a series have disclosed attacks in experts. The ? nancial loss computer systems were of ‘zero-day exploits’ that ? lings with regulators.

could be huge. could be huge. infected with Stuxnet. ended up causing physical Some companies have Stuxnet, which crippled Stuxnet, which crippled Chevron spokesman damage. The virus was already been victims of the nuclear centrifuges the nuclear centrifuges Morgan Crinklaw says the only con? gured for Chinese-backed industrial company was protected Iranian nuclear facilities. espionage assaults like from major damage to Apparently, it wasn’t Night Dragon that have its network, adding the designed to spread. cost them billions of

Expert AccessExpert AccessExpert Access company makes ‘every But it did. dollars in plans and

Join Gregory Hale and Join Gregory Hale and effort to protect our data Researchers at Symantec intellectual property,

Eric Byres on 29 January at 11.00AM CST for a Live systems from those types and Kaspersky Labs stated sources say, and some

Presentation and Q&A session of threats’. Stuxnet had two versions. of the attacks remained on how compaies should be According to US The ? rst, launched in undetected for years. reassessing their security of? cials, any industrial 2010, had a 21-day period In the Night Dragon concerns to protect their data component is liable after which the virus attack, Exxon Mobil, Royal assets. See page 78 for more to be targeted by such would be null and void. Dutch Shell, BP, Marathon information.

sophisticated attacks. Shortly thereafter, a second Oil, ConocoPhillips

OE | January 2013 26 oedigital.com oe_analysis.indd 26 03/01/2013 13:25