Oil cyber-attacks could cost lives, Shell warns

12 December 2011

The oil industry has been warned that cyber-attacks could “cost lives” and cause “huge damage”.

Ludolf Luehmann, an IT manager for Shell, told the World Petroleum Conference in Doha that the company had suffered an increased number of attacks.

He said the hacks had been motivated by both commercial and criminal intent.

Security researcher David Emm said that such attacks were “not only possible, but they’re now real”.

Mr Luehmann said Shell and others in the industry were experiencing a “new dimension” of attack which could leave physical machinery at serious risk.

He made reference to Stuxnet, a targeted “worm” which was designed to attack industrial systems in the summer of 2010.

Mr Luehmann said Stuxnet showed energy giants that cyber-attacks could have a real-world consequence on business processes.

“If anybody gets into the area where you can control opening and closing of valves, or release valves, you can imagine what happens.

“It will cost lives and it will cost production, it will cost money, cause fires and cause loss of containment, environmental damage – huge, huge damage.”

He added: “We see an increasing number of attacks on our IT systems and information and there are various motivations behind it – criminal and commercial.”

Dramatic change

When contacted by the BBC, Shell said it would not comment further on Mr Luehmann’s statements.

BP, itself a target of high-profile cyber-attacks following the Gulf oil spill, said it did not speak publicly about security issues as a matter of company policy.

Dennis Painchaud, director of international government relations at Canadian energy company Nexen, said targeted attacks such as Stuxnet and the more recent threat Duqu form a “very significant risk to our business”.

“Cybercrime is a huge issue. It’s not restricted to one company or another – it’s really broad and it is ongoing.

“It’s something that we have to stay on top of every day. It is a risk that is only going to grow and is probably one of the pre-eminent risks that we face today and will continue to face for some time.”

Moscow-based security experts Kaspersky, said the past 18 months had seen a dramatic change in how cyber-threats were perceived by large companies.

“The scene used to be dominated by speculative attacks – people being at the wrong place at at the wrong time, but it was nothing personal,” Mr Emm told the BBC.

“But we certainly are in a different world than where we were 18 months ago. What we’re starting to see is an increase in targeted attacks. We know critical systems, like those in oil production, are vulnerable to attack.

“A lot of countries now are pumping money into research – the last 18 months have shown these people are after not just the public’s money, but they’re after larger organisation’s information.

“Organisations like Shell and others are hopefully taking steps to minimise that risk.”

SOURCE ARTICLE