Business advisory giant KPMG has warned that cyber terrorists can now shut down North Sea oil and gas platforms – because industry cost-cutting measures have left crucial computer systems at risk.
Specialists fear the decision taken by many firms to merge key production systems with their general IT networks has left them vulnerable to an attack they would be unable to counter.
There are warnings that systems which control the flow of oil and gas through pipelines could be the targets of commercial espionage or even politically-motivated campaigns.
Last night, industry body Oil and Gas UK said it was “very alert” to the threat, and was liaising with the Westminster government.
Top bosses from the sector will meet in Aberdeen next week to discuss the growing concerns. The UK Government estimates oil and gas companies lose close to £400million each year through cyber criminals’ theft of their intellectual property.
But the new threat could have much more serious financial implications.
George Scott, head of information protection and business resilience for KPMG in Scotland, said yesterday that because of the “highly competitive market”, firms were under increasing pressure to reduce costs by integrating their industrial control systems (ICS) – which monitor and manage production and supply – with the rest of their IT systems and wider network.
“While this improves efficiency and allows real-time data from field operations to be shared with management onshore, this also exposes pipelines to cyber-attacks they were never designed to resist,” he said.
“While the issue of industrial espionage and IP theft is not new, developments in pipeline management which have seen traditionally closed systems integrated with wider networks means oil and gas companies must now also address the very real potential of cyber attacks on their supply.
“With an ever more dispersed workforce relying on mobile devices to share information, it’s also important oil and gas businesses are aware of the risks and have a strategy to deal with them, by putting in place procedures to police the way mobile technologies are used.”
Robert Paterson, Oil and Gas UK’s health and safety director, said talks were being held on a national level about the threat.
“The industry is very alert to these issues and employs specialists to monitor and address cyber-security matters,” he said.
“They maintain links with the government.”
Last month Brazilian state oil company Petrobras announced it was spending more than £1billion on its IT infrastructure this year after claims the US had been monitoring the its communications.
It told the Brazilian senate it needed to “protect its strategic information” after being named among firms allegedly monitored by America’s NSA after documents were leaked by ex-contractor Edward Snowden.
Tuesday’s summit in Aberdeen will allow firms to receive expert advice on how they can ensure their systems are resilient against cyber-attack. It will be held at KPMG’s Albyn Place offices from 8am.
Comment, Page 32