Return to blog

Improved Oilfield Software Security Hackers Target Oil and Gas.jpg

The oil and gas (O&G) industry is slowly adopting new software and cloud technologies for oilfield instrumentation and in the back office to help streamline and automate processes. Throughout the well life cycle (WLC), during crude oil transportation, and up to the gas pump, energy companies are utilizing technology to improve efficiency, track inventory and to store historical data among other things. Unfortunately, the energy industry is a major target for hackers, especially businesses with outdated infrastructure. Here’s why new oilfield software technology is the key to securing business information and ensuring oil is not stolen during transportation.

According to a Houston Chronicle article, U.S. Department of Homeland Security “received reports of more than 350 (cyber-attack) incidents at energy companies between 2011 and 2015.” The software that many O&G businesses use is outdated, making data stored in these systems susceptible to hacker attacks. As an example many O&G businesses still use Windows XP as an operating system, which Microsoft no longer supports. Collin Eaton from the Houston Chronicle states that “much of this (oilfield) equipment was designed decades ago without security features. In recent years, companies have linked devices that monitor pressure, control valves and initiate safety procedures to computer networks and - sometimes inadvertently - the internet.” This introduces a large amount of security risk. In 2012 the largest Saudi Arabian oil company, Aramco, was attacked by a virus on unsecured back office computers. Hackers attempted to retrieve administration structure and stock exchange information as a warning to Saudi leaders. It is an absolute necessity for any business to maintain a secure network, especially companies that deal in a +$1 trillion annual commodity.

Internet-connected systems may be the most vulnerable to attacks if the software is not routinely updated. Last year, ERPScan created a proof-of-concept attack on an oil tanker to show that a company can be hacked and be made to unload crude oil without detection, instigating possible disastrous failures. These types of cyber-attacks are becoming a common occurrence. “Some 43% of global mining, oil and gas companies were hacked in 2014,” according to a Symantec study.

Fortunately, there are several ways for O&G businesses to protect themselves from cyber-attacks. Prevention is the key. Making sure all operating systems on every computer are up to date will prevent most cyber-attacks. That means upgrading the old Windows XP computer to Windows 8.1 or Windows 10. Business process management software that is designed for O&G, like Hitachi’s WorksBase, helps by securing precious historical WLC data and allows file access only to those with specified clearance. Setting up a monitoring system that connects to existing infrastructure will help alert workers when an attack is happening. It is imperative that energy companies heed these hacker threats and improve oilfield security with newer technology to prevent loss of data, or worse, catastrophic oil rig or transportation failures.

Click to Learn About Hitachi’s Secure O&G Business Process Management Software