An increase in the use of technology is making the world more accessible to hackers — In their latest attempt hackers might be targeting oil and gas companies.
A security expert has warned against the vulnerability of critical infrastructure in the oil and gas companies as he sees a possible threat by hackers who might attempt to steal commodities or even worse, cause explosions.
Speaking at a security conference in San Francisco, Mr Alexander Polyakov of software company ERPScan said, “Oil and gas is a critical industry, with so many different critical processes.”
From the oil rig to the petrol station, there are many pieces of software within the oil business that can be targeted. Every point in this supply chain is increasingly reliant on sensors that monitor and measure pressure, fuel levels, pipeline flows, quantities of oil, temperature and whether equipment is working properly.
All this information is managed by business applications created by companies such as SAP and Oracle.” He, however, said that the problem was probably acute now because of the low oil prices, but it put the industry under pressure to cut costs.
All of these types of equipment are directly or indirectly connected to the internet so manipulating them would be easy for any hacker and make it possible for them to carry out any attacks. He gave an example of how he and his team of researchers had managed to create a proof-of-concept attack to empty an oil tank without detection using the oil company’s monitoring software, a system which had been specifically created by SAP for the research.
Hackers are actually targeting Internet-connected networks to steal oil
Polyakov warned that as easy as it was for him and his team to empty the tank so would it be for hackers, particularly terrorist organizations who might look to fund their activities through the oil they could steal from such operations. The reverse process of filling a tank up also with oil was possible thus making it even worse because it would allow perpetrators to go unnoticed if maybe they filled tanks they have stolen from with replacement fluid.
Another safety feature that he targeted to check for vulnerabilities was the Burner Management System (BMS) used to start safely up and shut down furnaces used at various stages of gas-oil separation. This system if manipulated and making malfunctions would easily lead to explosions. Polyakov did the research with three other guys who he said knew much more and thus held much more power, he said.
According to a Symantec study 43% of global mining, oil and gas companies were hacked in 2014. Other separate studies show that 47% energy companies reported attacks of their own a figure which was higher than for any other sector only exceeded by the governments.
