Deloitte: Oil, gas industry faces well-organized cyber security threats

Jan. 13, 2011
Oil and gas companies face cyber security threats, including well-organized efforts by criminal syndicates and terrorist groups. The cybercrime landscape has evolved into highly specialized criminals having sophisticated tools that can routinely evade many security controls, analysts said.Rich Baich of Deloitte& Touche LLP said the changing threat environment means companies need to evaluate their security strategies, concentrating on espionage and critical infrastructure vulnerabilities.“This isn’t an issue that is going to be solved by buying some technology,” Baich said.Speaking during a Dec. 15, 2010, webcast, Baich urged senior executives to build an effective cyber security program. Executives should ask themselves if their company has enough skilled employees or contractors to mitigate advanced, persistent cyber security threats, he said.Oil and gas companies are at high risk from web-based malware encounters and cyber attacks because they possess valuable, proprietary data on reserves and discoveries. High downtime cost and attack frequency rates necessitate strong cyber-security programs, Deloitte spokesmen said. A Ponemon Institute last year released a study on annual costs of cyber crime. The study showed energy firms incurred the second-highest cyber-crime costs of surveyed industries. Ponemon polled 45 US firms. Only the defense industry reported cyber crime costs higher than the energy industry.Both defense and energy reported cyber crime costs of more than $15 billion/year. The energy industry figure includes all types of energy rather than just oil and gas.
Oil and gas companies face cyber security threats, including well-organized efforts by criminal syndicates and terrorist groups. The cybercrime landscape has evolved into highly specialized criminals having sophisticated tools that can routinely evade many security controls, analysts said.Rich Baich of Deloitte& Touche LLP said the changing threat environment means companies need to evaluate their security strategies, concentrating on espionage and critical infrastructure vulnerabilities.“This isn’t an issue that is going to be solved by buying some technology,” Baich said.Speaking during a Dec. 15, 2010, webcast, Baich urged senior executives to build an effective cyber security program. Executives should ask themselves if their company has enough skilled employees or contractors to mitigate advanced, persistent cyber security threats, he said.Oil and gas companies are at high risk from web-based malware encounters and cyber attacks because they possess valuable, proprietary data on reserves and discoveries. High downtime cost and attack frequency rates necessitate strong cyber-security programs, Deloitte spokesmen said. A Ponemon Institute last year released a study on annual costs of cyber crime. The study showed energy firms incurred the second-highest cyber-crime costs of surveyed industries. Ponemon polled 45 US firms. Only the defense industry reported cyber crime costs higher than the energy industry.Both defense and energy reported cyber crime costs of more than $15 billion/year. The energy industry figure includes all types of energy rather than just oil and gas.
About the Author

Paula Dittrick | Senior Staff Writer

Paula Dittrick has covered oil and gas from Houston for more than 20 years. Starting in May 2007, she developed a health, safety, and environment beat for Oil & Gas Journal. Dittrick is familiar with the industry’s financial aspects. She also monitors issues associated with carbon sequestration and renewable energy.

Dittrick joined OGJ in February 2001. Previously, she worked for Dow Jones and United Press International. She began writing about oil and gas as UPI’s West Texas bureau chief during the 1980s. She earned a Bachelor’s of Science degree in journalism from the University of Nebraska in 1974.