Critical infrastructure Shell fears cyberattack on oil infrastructure

Published 12 December 2011

Oil executives fear that a cyberattack on critical infrastructure could wreak havoc by destroying facilities or disrupting production

Oil executives fear that a cyberattack on critical infrastructure could wreak havoc by destroyingfacilities or disrupting production.

At the World Petroleum Conference in Doha, Ludolf Luehmann, an IT manager for oil and gas giant Shell, said the company has been subject to an increasing number of cyberatacks and he worries that a Stuxnet-like attack could create serious problems.

If anybody gets into the area where you can control opening and closing of valves, or release valves, you can imagine what happens,”Luehmann said. “It will cost lives and it will cost production, it will cost money, cause fires and cause loss of containment, environmental damage - huge, huge damage.”

According to David Emm, a senior security researcher at Russian cybersecurity firm Kaspersky, cyberattacks that cause physical damage are “not only possible, but they’re now real.”

Dennis Painchaud, the director of international government relations at Nexen, a Canadian energy company, echoed Emm’s sentiments stating that complex attacks like Stuxnet that target industrial control systems now pose a “very significant risk to our business.”

Cybercrime is a huge issue. It’s not restricted to one company or another - it’s really broad and it is ongoing,” Painchaud said. “It’s something that we have to stay on top of every day. It is a risk that is only going to grow and is probably one of the pre-eminent risks that we face today and will continue to face for some time.”

Emm said that in the past eighteen months since Stuxnet first demonstrated that a cyberattack could cause physical damage, large companies have dramatically changed their view on cyberthreats.

The scene used to be dominated by speculative attacks - people being at the wrong place at the wrong time, but it was nothing personal,” he said. “But we certainly are in a different world than where we were eighteen months ago. What we’re starting to see is an increase in targeted attacks. We know critical systems, like those in oil production, are vulnerable to attack.

A lot of countries now are pumping money into research - the last eighteen months have shown these people are after not just the public’s money, but they’re after larger organization’s information,” Emm added.

Organizations like Shell and others are hopefully taking steps to minimize that risk.”