Home / Blogs

Oil and Gas Cyber Security Forum

A reader recently brought to my attention an upcoming conference in London in the UK—The Oil and Gas Cyber Security Forum. Here’s a little blurb:

Despite investments into state of the art technology, a majority of the oil and gas industry remain blissfully unaware of the vulnerabilities, threats and capability of a malicious cyber attack on control systems.

The consequences of a cyber attack on the oil and gas industry’s critical infrastructure would be disastrous, causing major disruption to the supply chain which emphasizes the need for the implementation of effective security measures mitigate the risk.

SMi Group’s inaugural Oil and Gas Cyber Security Forum, taking place on 21-22 November 2011 in London, will bring together information security professionals from across the world to investigate the unique security challenges that the energy sector faces and methods of constructing effective security strategies.

The conference will include presentations from leading global oil and gas companies, hackers, consultants and other experts and will arm delegates with the knowledge to combat cyber threats global and national energy infrastructures.

I bring this up because it is relevant to the trends in cyber security that we see this year—that of the Advanced Persistent Threat. It is also relevant to my Son of Stuxnet post that I wrote yesterday.

The biggest fear from the APT is industrial sabotage. That’s what happened with Stuxnet. But my own analysis reveals that APTs also are about cyber espionage—sitting in a computer network and stealing information, sending it back to the writer of the malware in order to give them a competitive advantage. Indeed, we have seen multiple types of cyber attacks in the past 12 months:

  1. Stuxnet showed us that some malware threats are designed to disrupt an industrial service.
  2. Companies like Lockheed Martin, RSA, other government military contractors and Google were victims where the goal was to steal information.
  3. Other APTs are designed to sit and remain idle awaiting instructions to launch distributed DOS attacks (particularly Chinese malware).
  4. Still other threats (that are not APTs) are around simply to cause service disruptions such as the attacks against Sony and the US federal government by hacking groups.

The fear in large industrial control systems is that what might be a case (2) could turn out to be case (1). If something is lurking in your network somewhere (like a Cylon) and at first is “merely” stealing information, what happens if it turns hostile and starts sabotaging its hosts?

The oil and gas industry is one of the cornerstones of our economy today. We depend on energy and if a foreign state ever attacked energy infrastructure, it would cause serious pain to the developed world. On the other hand, you would think that attacking the energy infrastructure would hurt the attacker as well unless they were looking to drive competitors offline and increase their own profitability and importance (wasn’t that the plot of 24, season 2? Or maybe season 5? Where’s Jack Bauer when you need him!).

Anyhow, the conference looks interesting. Notice that it is the first Oil and Gas Security Summit. I’d bet that the scope will increase in the coming years.

By Terry Zink, Program Manager

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC


Sponsored byDNIB.com

Domain Names

Sponsored byVerisign