Cyber ‘Pearl Harbor’ Fears Put Oil Industry on Alert
Described as the most destructive cyber strike conducted against a single business, the 2012 attack against oil giant Saudi Aramco forced an industry-wide rethink of the defenses surrounding the world's critical energy architecture.
Companies and intelligence experts say important lessons have been learnt and firewalls strengthened. The Aramco incident was "a very useful heads up" for the industry, said David Hewitt, co-head of global oil & gas research at Credit Suisse. "This is an industry with deep pockets and they will focus on it. The walls would have moved up if they have not already done so."
General Michael Hayden, former director of the U.S. National Security Agency and Central Intelligence Agency said the energy and financial services industries were at the frontline of the cyber wars. They are at the "point of highest danger…on the 'X', as we used to say it in my last profession," General Hayden told CNBC on Wednesday. "They are becoming quite serious about defending themselves."
(Read More: Snowden to Damage US-China Ties: Former CIA Chief)
Saudi Arabia's national oil company, Aramco, said last December that the mid-August cyber-attack that damaged some 30,000 computers though failed to halt production was aimed at stopping oil and gas flows from Saudi Arabia, the biggest exporter in the Organization of the Petroleum Exporting Countries, Reuters reported at the time.
Meanwhile, Carlos Cabrera, executive chairman of Toronto-listed Ivanhoe Energy said this month "very robust efforts" are underway to strengthen cyber security in critical energy infrastructure.
But security firms say undeterred would-be assailants continue to search for chinks in the armor, even as surveillance is tightened. "Almost every utility is facing hundreds of cyber attacks every day," said Gal Luft, a senior adviser to the United States Energy Security Council (USESC). "The risk of a major disruption is on everyone's mind and I think there is good awareness to the threat."
(Read More: Bank Website Attacks Reach New Highs)
Cyber attackers can strike "at will and with impunity," says Ashar Aziz, founder and chief technical officer of FireEye, a California-based digital security company, and are probing critical infrastructure "as we speak."
And increasingly automated and computerized operations mean the oil, gas and power chains are highly susceptible to hack-attacks, said Mark Lewis vice chairman at FACTS Global Energy. "Becoming more dependent on tech, their susceptibility to cyber attacks is going to increase, Lewis said. "Oil and gas installations are an obvious target for terrorists. We know this physically and certainly from a cyber point of view. But I would assume that it's an identified risk and it can be counteracted and is being done so."
Some even warn of a future attack with the destructive force to knock out the operational systems that control the flow of energy to factories, businesses and cities, an event that would shock the economy.
"There is a 'Pearl Harbor' moment building," FireEye's Aziz said. Arthur Coviello, Executive Chairman of security device maker RSA says a "destructive" cyber-security attack is five to 10 years' away.
Though such a worse-case scenario may be averted, the cumulative cost of multiple small-scale cyber-attacks on energy networks is not insignificant. "Small daily disruptions add up to huge amounts of money in terms of damages to business continuity - according to some estimates, $150 billion a year in insurance claims related to power disruptions alone," USESC's Luft said.
Inter-linked trans-boundary distribution networks of Europe and North America are most at risk from a major cyber strike, said Thomas McMahon, director and CEO of Pan Asia Clearing Enterprise. "The deregulated environment of the West with openly competitive wheeling hubs on power and interconnected pipeline and storage facilities…are much more vulnerable to interruption," said McMahon, the former CEO of the Singapore Mercantile Exchange.
In contrast, McMahon said the more fragmented nature of fuel pipeline infrastructure and the power grid here in Asia makes this region less susceptible: "Cyber security is on everyone's mind but I think the concerns are not quite being addressed in this region of the world as in the West. You still have an over-arching influence of national utility entities operating in isolation and with very little inter connectivity."