Offshore industry chiefs have been warned they are facing a cyber-attack which could cost them billions of pounds in lost revenue
They have been told it is a question of “when not if” their North Sea operations are targeted by hackers, environmental activists or even hostile states.
Disgruntled former employees were also identified as a key threat to firms’ security during a summit in Aberdeen yesterday.
Firms were told there had been a 179% rise in the number of reported cyber-attacks on oil and gas companies, which soared above 6,500 cases last year.
One expert revealed North Sea platforms had already been targeted, but security measures had so far prevented any disruption to production.
Cheryl Martin, global head of CGI’s Shell Security team and UK Commercial Cyber Security practice lead, said the sector had to be ready to defend itself.
She said: “It is not a case of ‘if’ but ‘when’ – and ‘how big’.”
Delegates at yesterday’s event at Robert Gordon University heard companies in the north-east had beefed-up their IT security after a cyber-attacker brought Saudi Aramco – the world’s most valuable company – to a standstill.
The firm’s operations are understood to have been disabled by a contaminated USB memory stick distributed at a corporate event – resulting in at least £2billion of recorded losses.
Ms Martin said the issue of cyber-security had become a critical concern, with business analysts PwC reporting 6,511 threats recorded by oil and gas companies in 2013.
She said: “Companies are taking these threats extremely seriously and it is now deemed as being the top boardroom issue.
“The oil and gas industry has a number of different threats, including the geo-political.
“If you are looking at the drilling and exploration side of things, you are also dealing with opposition from the Greenpeace-type of group.”
She said attempted cyber-attacks had been reported on North Sea platforms, but security systems had prevented any loss of production.
Professor Ian Allison, head of the school of computing science at Robert Gordon University, said: “We see the adversaries continue to change the way they are attacking.
“The threats are evolving all the time and the threats and risks are numerous.”
Oil and gas firms were urged yesterday to share any threats they have encountered in order to maximise the industry’s defence.
However, delegates were also told companies were reluctant to make security breaches public because they feared the leaking of sensitive data or reputational damage.
As a result, the Oil and Gas Information Security Forum, which has several members from north-east firms, uses so-called Chatham House Rules to ensure confidentiality over threats encountered by companies.