Page 46: of Offshore Engineer Magazine (Sep/Oct 2013)

45 47

kits that can be used to steal personal these advances, the threat will only get surrounding environment.” data, credit card information, and pass- greater, especially as digital communi- Oil companies warn that the worst words. Some hacker devices can even cation “extends into the feld.” case scenario would be one in which download via the Internet. valves were accessed, which could set

HSEQ “Cyber attack and terrorism have now offshore rigs on fre, kill personnel and

Open systems moved into the automation and pro- The offshore oil world has been halt production. The average cost of cess safety stage,” Elliott says. Digital severely shaken by the development down time on an offshore rig is $6.3 technologies are being deployed from of internet connectivity and terrorism, million/day, experts say. The fnancial the ground up in the form of smart feld Elliott says. He pointed out these two loss could be huge. Stuxnet, which devices that send plant health diagnos- entities “draw attention to a frighten- crippled Iran’s nuclear centrifuges, tics data into the plant-wide network. ing reality: there are bad people across shows the potential devastation of a

He pointed out because digital com- the water who would love to do great worm created to cause damage. Experts munication technology is at the heart of damage to the upstream asset and its believe this kind of attack could be replicated on oil producing offshore rigs, and many think it has already.

The list of oil company cyber victims is growing all the time. In August 2011, a McAfee white paper exposed “Operation Shady Rat,” a fve-year operation that targeted natural gas dis- tribution, oil platforms, federal, state and county governments, plus defense and construction industries.

Then in October 2011, the US

Department of Homeland Security warned of attacks on gas, oil, waste and sewage systems.

In November 2011, hackers attacked

Norway’s oil, gas, and defense busi- nesses, thanks to targeted emails that appeared to come from legitimate sources. The attackers pilfered draw- ings, contracts, current negotiation documents and others.

In April 2012, DHS said attacks on oil and natural gas facilities had begun fve months earlier, the attackers using tightly focused “spear-phishing” email attacks.

The recent discovery of malware such as Flame (2012) and Stuxnet (2010), that targeted, for the frst time, industrial control systems, have high- lighted the susceptibility of critical infrastructure to cyber threats. In other words, offshore oil rigs and facili- ties, like any major organization or company, require defensive programs that employ strategies like whitelist- ing, effective patch management, and intrusion detection, that can ward off or isolate attacks that could injure the network.

US congressional offcials said any industrial component is liable to be an attack target. While oil companies try to keep it quiet, malware infections have occurred at several offshore rigs and platforms, knocking some offine.

OE | September 2013 oedigital.com 48 044_OE0913_HSEQ_4_AdvPerThreat.indd 48 8/18/13 12:15 PM