While reports of hacking attacks on sectors like health care and business are relatively frequent these days, one less obvious target of hackers is the energy sector. In 2016, 68% of respondents to a recent survey by the Ponemon Institute, sponsored by Siemens, reported a least one incident where data were compromised. The threat is greater to operational technology that to information technology, according to 59% of respondents.
A total of 67% of those surveyed said that cyber threats to industrial control systems have substantially risen over the past few years. And 68% reported at least one security compromise in the past year resulting in the loss of confidential information or operational disruption. On average, about 46% of all the attacks are believed to go undetected.
Most industry firms are in the early or middle states of rolling out security for the operational systems, implying that security systems have either not been planned or deployed or that they have been planned and defined but not deployed.
According to the study, exploration information is the most vulnerable to cyberattack in the oil and gas value chain:
When asked to identify the top seven areas of greatest risk, 72 percent of respondents say it is exploratory information and 60 percent of respondents say it is production information. Also vulnerable are: potential partners and acquisition targets (56 percent of respondents), financial and organizational reports (53 percent of respondents), operational information (50 percent of respondents), details on drilling sites (47 percent of respondents) and field production information from sensors (46 percent of respondents). Only 18 percent of respondents say their organization conducts comprehensive audits every month (7 percent of respondents) and every six months (11 percent of respondents).
The vulnerabilities are greatest at those points in a company’s operational technology systems that are old or outdated.
The Ponemon Institute surveyed 377 individuals in the United States who are responsible for securing or overseeing cyber risk in the industry’s operational technology environment. The executive study is available at the Siemens website.