Cybersecurity Within The Oil And Gas Industry

Cybersecurity threats have become increasingly prominent over recent years. Recent studies have shown, for instance, that 88% of global organisations were targeted by spear phishing cyber-attacks in 2019. Similarly worrying is the fact that in the first half of 2020, data breaches exposed 36 billion records.

The oil and gas industry hasn’t been exempt from such cyber-attacks and in fact has seen a worrying rise in targeting. There’s been an increase in both the number and sophistication of these attacks and the industry is having to be increasingly proactive in order to protect itself. The team here at TriStone Holdings Ltd, a growing UK oil investment company, wanted to explore the topic of cybersecurity in a little more detail.

Oil & Gas Cyber-Crime Trends

Over the past decade, as technology has developed, so too have hacking capabilities. In 2012, for instance, the first Shamoon attack took place. This virus wrought huge economic damage upon the industry, targeting both Saudi Aramco and RasGas with the malware being detected on over 35,000 different employee workstations. Then, five years later in 2017, a second variant of the Shamoon virus was detected in the Shamoon 2 attack.

Around the same time as that second Shamoon attack, Saudi Arabia’s petrochemical plants were exposed to what’s been deemed “the world’s most murderous malware.” The virus was able to disable safety instrumented systems leading to potentially lethal consequences. Last year, a spear-phishing attack caused a natural gas pipeline facility in the US to be shut down for an entire two days. In other words, cyber threats are real and they’re dangerous, particularly in industrial industries like oil and gas.

The Challenges Faced

What, though, are the particular challenges faced within this sector?

New Technologies

The Internet of Things (IoT), drone surveying, third-party modelling companies and big data initiatives are just some of the areas in which O&G companies face increasing threats. The more you integrate – the wider you cast your net in terms of the services you utilise – the greater the chances of a crack in the armour. After all, it only takes one weakness, no matter how small, for cybercriminals to gain access into your business’ systems.


Traditionally, operational tasks such as data readings and pipeline monitoring would be undertaken manually; workers would literally drive out and carry out the necessary work. Now, however, in this increasingly automated landscape, these processes are being streamlined. Said processes are often now involve utilising an IT network in one way or another. As quickly as firms are identifying and patching weaknesses and blindspots, they’re being made aware of new ones and that’s a large part of the problem.

The Defence

According to a white paper by Siemens, a well-rounded strategy is best in protecting against potential cyber-attacks. This includes the following:

  • System hardening. A process of limiting system weaknesses and vulnerabilities. This includes processes like MAC filtering, device permissions and identifying superfluous software services that can be removed.
  • Secure segmentation. Delineating the systems of OT (Operational Technology) and (Information Technology) using monitored firewalls and the creation of a so-called demilitarized zone (DMS) to act as a buffer between the two. This way, any breaches are easier to contain/quarantine. This is an increasingly prevalent cybersecurity strategy.
  • Disaster recovery. Automated backup of critical data so that operators can get back online quickly in the event of an attack.
  • User access management. Simply the process of implementing more complex passwords as well as lifecycles so that protection never ‘stagnates’. Privileges are controlled and dictated according to user need. Third-parties will have more limited access permissions, for instance.
  • Software patch management. Continually updating and keeping on top of any and all software used by a firm.
  • Malware protection. Systems implemented to protect against viruses and kept updated with the latest antivirus definitions and parameters.

Clearly, then, vigilance, updated systems and proactivity are the keys in defending against would-be hackers. So long as the industry continues to innovate, so too will the need for cybersecurity solutions to innovate, accordingly.

Contact Us

So, if you’d like to find out more about our work as an oil investment company, then get in touch! Contact TriStone Holdings today on 0800 055 7079 or by emailing us at [email protected] We’d love to hear from you!


Share on facebook
Share on twitter
Share on linkedin
Share on email

Send Us A Message