Security
Bloomberg | 10 August 2017

Libya’s Largest Oil Field Back to Normal After Disruption

Libya’s biggest oil field, Sharara, is “back to normal” after a disruption caused by protests in the politically fragmented country, the state National Oil Corp. (NOC) said.

Pumping was interrupted for hours after armed protesters shut some facilities, the NOC said in a statement. The company didn’t give an updated figure for production at the field, nor did it explain what caused the disturbances or say who the protesters represent. Sharara, in western Libya, was producing 275,000 B/D as of 12 July, a person with knowledge of the situation said at the time.

The field, operated by a joint venture between Libya’s state producer and Repsol, Total, OMV, and Statoil, has experienced several brief shutdowns caused by different groups. It was closed for 2 days in June because of a protest by workers there.

“Grievances and personal demands cannot be settled through causing harm to the entire population,” NOC Chairman Mustafa Sanalla said on 7 August. The tactic of shutting down facilities “is an unacceptable negotiation technique,” said Sanalla, who has campaigned to end a rash of blockades at Libya’s ports and fields since he assumed leadership of the company in May 2014.

Libya’s crude output and exports reached a fresh 3-year high last month as fighting among armed militias abated and leaders of the country’s rival administrations agreed in principle on steps to unite the nation. The recovery in the country with Africa’s largest crude reserves makes it harder for OPEC and allied oil-producing nations to curb a global supply surplus that is depressing prices for the commodity.

Read the full story here.

Bloomberg | 24 July 2017

Nigeria Oil Thieves Keep a Lid on Output Even as Bombs Abate

The Agbada 2 flow station should have been buzzing with activity, pumping crude to one of Nigeria’s largest export terminals. Instead it was idle in the muggy, midmorning heat as Wilcox Emmanuel, the facility’s manager, shrugged in resignation about the thieves who’d shut him down.

The Agbada oil flow station, operated by Shell in Port Harcourt, Nigeria. Credit: George Osodi/Bloomberg.

As much as 30% of the oil sent by pipelines through the swampy Niger River delta is stolen, consultant Wood Mackenzie estimates. That’s depriving the country of income amid a crippling recession and compounding the pain of a global price slump for Africa’s largest producer.

At Agbada, the wells dotting the surrounding forests had been closed for three weeks following a pipeline leak that was probably deliberate. “Who knows when we’ll be back up?” Emmanuel said.

The 60,000-BOPD flow station, owned by Royal Dutch Shell’s Nigerian unit and idle for most of June, illustrates the nation’s struggle to restore deliveries of its most vital resource. Even after the government quelled a militant uprising that sent production to a 30-year low last August, smaller-scale sabotage caused by people trying to steal oil remains rife.

Companies are using surveillance helicopters equipped with infrared cameras every day. They’re also experimenting with drones and cages on wellheads rigged with alarms. But nothing seems to fix the problem.

“We’re trying all sorts of things, you wouldn’t believe it,” Igo Weli, a manager at Shell, said in Port Harcourt, Nigeria’s oil capital. “But how do you protect thousands of kilometers of pipelines against people who are out to sabotage them?”

Read the full story here.

Reuters | 14 July 2017

US Warns Businesses of Hacking Campaign Against Nuclear, Energy Firms

The US government warned industrial firms about a hacking campaign targeting the nuclear and energy sectors, the latest event to highlight the power industry’s vulnerability to cyberattacks.

A projection of cybercode on a hooded man is pictured in this illustration picture taken on 13 May 2017. Credit: Kacper Pempel/Reuters.

Since at least May, hackers used tainted phishing emails to harvest credentials so they could gain access to networks of their targets, according to a joint report from the US Department of Homeland Security and Federal Bureau of Investigation.

The report provided to the industrial firms was reviewed by Reuters on 31 June. While disclosing attacks, and warning that in some cases hackers succeeded in compromising the networks of their targets, it did not identify any specific victims.

“Historically, cyberactors have strategically targeted the energy sector with various goals ranging from cyberespionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.

Homeland Security and FBI officials could not be reached for comment on the report, which was dated 28 June.

The report was released during a week of heavy hacking activity.

A virus dubbed NotPetya attacked on 27 June, spreading from initial infections in Ukraine to businesses around the globe. It encrypted data on infected machines, rendering them inoperable and disrupting activity at ports, law firms and factories.

Read the full story here.

Kaspersky Lab Daily | 14 July 2017

Column: The Human Factor—Can Employees Learn Not To Make Mistakes?

We have long maintained that technical means are not enough to protect a business from cyberthreats. It is entirely possible for a single person to negate the effect of an entire information security team. In many cases, it may be unintentional, the result of lacking basic cybersecurity knowledge, being unaware of threats, or diverted attention. That is why many companies (according to our data, approximately 65%) already invest in employee cybersecurity training.

There, however, complications may arise. The person who decides staff awareness needs to be raised is not necessarily the person responsible for arranging the training. And, although the first person sees an obvious problem, the latter may not solidly understand what cybersecurity training is, how to train staff, or even why the training is needed.

Deloitte University | 30 June 2017

Protecting the Connected Barrels: Cybersecurity for Upstream Oil and Gas

Oil and gas might not seem like an industry that hackers would target. But they do—and the cybersecurity risks rise with every new data-based link between rigs, refineries, and headquarters. In an increasingly connected world, how can upstream oil and gas companies protect themselves?

Risks—and Stakes—Keep Rising
For years, cyberattackers have targeted crude oil and natural gas companies, with attacks growing in frequency, sophistication, and impact as the industry uses ever-more-connected technology. But, the industry’s cyber maturity is relatively low, and oil and gas boards show generally limited strategic appreciation of cyber issues.

Why is this so? Perhaps because the industry—engaged in exploration, development, and production of crude oil and natural gas—may simply feel like an unlikely target for cyberattacks. The business is about barrels, not bytes. In addition, the industry’s remote operations and complex data structure provide a natural defense. But, with motives of hackers fast evolving—cyberterrorism, industry espionage, disrupting operations to stealing field data—and companies increasingly basing daily operations on connected technology, risks are rising fast, along with the stakes.

Different areas of the oil and gas business, naturally, carry different levels of risk and demand different strategies.

Among upstream operations, development drilling and production have the highest cyber risk profiles; while seismic imaging has a relatively lower risk profile, the growing business need to digitize, electronically store, and feed seismic data into other disciplines could raise its risk profile in the future. A holistic risk-management program that is secure, vigilant, and resilient could not only mitigate cyber risks for the most vulnerable operations but also enable all three of an upstream company’s operational imperatives: safety of people, reliability of operations, and creation of new value.

Read the full story here.

Reuters | 28 June 2017

Cyberattack Hits Oil Giant and Banks in Russia and Ukraine

Russia’s top oil producer Rosneft said a large-scale cyberattack hit its servers on 27 June, and computer systems at some banks and the main airport in neighboring Ukraine were also disrupted.

A Moscow-based cybersecurity firm, Group-IB, said it appeared to be a coordinated attack simultaneously targeting victims in Russia and Ukraine.

In Copenhagen, global shipping firm A.P. Moller-Maersk said it had suffered a computer system outage caused by a cyberattack, though it was not immediately clear if it was connected.

One of the firms Group-IB said had been hit in Russia, Damco, is Maersk’s logistics company.

The latest disruptions follow a spate of hacking attempts on state websites in Ukraine in late 2016 and repeated attacks on its power grid that prompted security chiefs to call for improved cyberdefenses.

Rosneft, one of the world’s biggest producers of crude oil by volume, said its oil production had not been affected.

“The company’s servers underwent a powerful hacking attack,” the company said on Twitter.

“The hacking attack could lead to serious consequences, but the company has moved to a reserve production processing system, and neither oil output nor refining have been stopped.”

Read the full story here.

Honeywell | 19 June 2017

Honeywell Invests in Cybersecurity Innovation Center in Asia Pacific

Honeywell Process Solutions, with the support of the Singapore Economic Development Board, will establish a new industrial cybersecurity center of excellence (COE) for Asia Pacific in Singapore.The COE will feature a state-of-the-art cybersecurity research and development laboratory, an advanced training facility, and a security operations center that provides managed security services.

The Singapore cybersecurity center of excellence will be similar to Honeywell’s cybersecurity laboratory in Atlanta, Georgia, USA. Credit: Honeywell.

“Honeywell’s major investments in new industrial cybersecurity technologies, services, and advanced research—including this new center of excellence in Singapore—will further strengthen our ability to secure and protect industrial assets, operations, and people,” said Jeff Zindel, vice president and general manager, Honeywell Industrial Cyber Security. “The COE will provide a world-class innovation platform for smart industry, critical infrastructure protection, and securing the Industrial Internet of Things in the Asia Pacific region.”

The new facility in Singapore, which is the first for Asia Pacific, is a further expansion of Honeywell’s global network of innovation centers. The laboratory will be used for proprietary research and development of new cybersecurity technologies and products, hands-on training and certifications, and testing and validation of industrial cybersecurity solutions. It will enable rapid development and introduction of innovative cybersecurity solutions to the regional and global markets.

The facility will also deliver managed industrial cybersecurity services to help users reduce the risk of security breaches and proactively improve their security posture. Managed services include continuous security and performance monitoring and alerting, security asset management, and incident response with 24 hour expert support 365 days a year.

Read the full story here.

Honeywell | 19 June 2017

Honeywell To Acquire Industrial Cybersecurity Software Leader Nextnine

Honeywell announced that it has signed a definitive agreement to purchase Nextnine, a privately held provider of security management technologies for industrial cybersecurity. The addition of Nextnine’s industry-leading security solutions and secure remote service capabilities will enhance the company’s existing range of cybersecurity technologies and significantly increase Honeywell’s Connected Plant cybersecurity customer base.

Nextnine’s flagship technology, ICS Shield, protects industrial sites from cybersecurity attacks and enables remote monitoring of assets. It complements Honeywell’s cybersecurity portfolio with a solution that is used at more than 6,200 sites globally across the oil and gas, utility, chemical, mining, and manufacturing sectors. Previously, ICS Shield had to be deployed separately for each control system vendor, resulting in multiple and separate installations at a single customer site. With this acquisition, customers will be able to deploy and operate a single system, thereby simplifying and better securing their entire site.

Read the full story here.

Bloomberg | 14 June 2017

Worker’s Death Leads Libya’s Oil Production To Drop by a Quarter

Libya’s oil production has plunged by almost a quarter after workers shut the OPEC country’s biggest field to protest lack of medical care following the death of a colleague, a person familiar with the matter said.

Output has fallen to 618,000 B/D after workers halted production at Sharara field, protesting the death of a colleague and demanding better working conditions, the person said, asking not to be identified because they aren’t authorized to speak to the media. The country was producing 807,000 B/D on 5 June, Jadalla Alaokali, board member at National Oil Corp., said at the time.

Libya has sought to boost crude exports but fighting and labor unrest at ports and fields have crippled these efforts. In the country where much of the foreign staff of international companies left following a 2011 uprising, local employees run risks as they continue to produce and export crude. Libya was exempt from production cuts agreed by the Organization of the Petroleum Exporting Countries and allied suppliers on 25 May to battle a global glut.

Read the full story here.

E&E News | 25 May 2017

Cyber Raises Threat Against America’s Energy Backbone

Five years ago, an attack on nearly two dozen US natural gas utilities set off alarm bells in the US intelligence community. A hacker using the nickname UglyGorilla stole troves of sensitive data from gas pipeline companies, breaching the nation’s 300,000-mile web of steel that is a critical backbone for the nation’s economy.

In this May 2014 photo, rain clouds blanket a natural gas well pad operated by Cabot Oil and Gas in northern Pennsylvania. Advances in hydraulic fracturing technology have made natural gas a cheap source for power generation, but experts say the interdependence between the electric and gas sectors could open doors for hackers. Credit: Blake Sobczak.

News of the hacks trickled out in May 2012. Homeland security officials scrambled to schedule classified briefings with U.S. pipeline operators, and the wheels of law enforcement started building the case.

Two years later, the Justice Department unveiled charges against five members of an elite cyber division of China’s military, outing People’s Liberation Army officer Wang Dong as UglyGorilla and throwing light on a wide-ranging “sophisticated” campaign of cybertheft dating back to 2006.

Wang’s pipeline hacking spree peaked between December 2011 and June 2012, according to multiple sources. Since then, increased reliance on natural gas for power generation has made the gas transmission system one of the most consequential hacking targets in the country. Today, Wang and his team likely hold some of the blueprints needed to launch a cyberattack that could plunge parts of the nation into darkness for days, if not a lot longer, experts say.

Many gas companies say they have shored up security since then. But the sector’s overall cyber readiness is a black box even to those charged with overseeing it, an Energywire investigation found. The Transportation Security Administration, better known and better funded for its role in aviation security, is tasked with ensuring the nation’s biggest gas transmission companies stay at least a step ahead of hackers. Yet TSA’s pipeline security office remains critically understaffed to tackle cybersecurity.

Meanwhile, the number of “advanced, persistent threats” going after US energy systems has only grown since Wang’s alleged series of intrusions. “There appears to be an increasing level of activity, sophistication, and maturity of threat actors, in particular nation-state actors, that wish to disrupt the US bulk power system and the US gas transmission or distribution system,” gas and electric utility holding company Dominion Energy noted in a recent filing with the Securities and Exchange Commission, echoing similar disclosures from many of its publicly traded peers in the industry.

The Department of Homeland Security considers the threat of disruption to be low. But the impact could be enormous. William Evanina, director of the National Counterintelligence and Security Center in the Office of the Director of National Intelligence, said in March that a briefing from energy officials on the pipeline threat “really scared me.”

He noted that “if we have a cyberattack from one of our adversaries, and they hit the power grid in the East Coast,” federal authorities have a good handle on the amount of time it would take to recover. “If the natural gas is shut off … [there’s] not even an estimate,” he said.

Read the full story here.

FuelFix | 15 May 2017

As Prices Rise, Oil Companies Drill Down on Industrial Cybersecurity

In recent months, more US oil company boards have demanded information technology managers prove refineries and drilling rigs are protected against cyberattacks, the chief of a security firm says.

A refinery along Highway 225 on 25 January 2017, in Dear Park, Texas. Credit: James Nielsen/Houston Chronicle.

Rising oil prices and increased awareness of industrial cyberthreats seem to have spurred new corporate-level maneuvers this year to secure computer controls that run energy facilities, said Barak Perelman, chief executive of Israeli cyber security firm Indegy. At some oil companies, he said, chief information security officers now spend a quarter of their monthly security committee meetings discussing so-called industrial control systems, the devices that control oil and gas equipment.

“They’re being given budgets for industrial cybersecurity,” Perelman said on 12 May. “In all my conversations, nobody has said ‘yes, but oil prices.’ I heard that a lot last year.”

Read the full story here.

Reuters | 27 April 2017

Saudi Arabia Says it Foiled Bombing Attempt on Aramco Fuel Distribution Terminal

Saudi forces have foiled an attempt to blow up an Aramco fuel terminal in southern Saudi Arabia using a high-speed boat laden with explosives, the interior ministry said on 26 April. The ministry accused Yemen’s Houthi group of being behind the attempt.

The ministry said in a statement that navy forces opened fire on the remote-controlled boat on 25 April after it was intercepted inside Saudi territorial waters some 1.5 nautical miles from its target.

There were no immediate reports of any injuries in the incident, which the statement said targeted an Aramco fuel terminal and distribution station in Jazan.

The statement accused the Iran-aligned Houthis of being behind the attempted attack, saying the group, which controls much of northern Yemen, was “threatening waterways and naval facilities using booby-trapped boats and naval mines.”

Read the full story here.