The risk to oil and gas infrastructure from attacks on computer control systems is on the rise with the discovery of another group that targets energy and telecommunications assets and with established hackers updating tactics, according to a report.
"Oil and gas remains at risk for a destructive cyberattack due to its political and economic impact and highly volatile processes," industrial cybersecurity firm Dragos said in the Aug. 1 report.
"Dragos assesses with moderate confidence that the first major cyber-related [industrial control systems] event causing major process and equipment destruction or loss of life will occur in the oil and gas sector," the company said.
Dragos warns that attacks on critical infrastructure are becoming easier to carry out as the tools and capabilities are becoming more available and as IT hardware and software become standardized, which allows hackers to apply existing techniques to more targets.
At the same time, the industry's ability to identify this kind of risk is "severely lacking," Dragos said. The assessment reflects a growing consensus that has spurred Washington to engage the industry and consider regulation.
In May, the firm identified a new group targeting the oil and gas industry and telecommunications sector in Africa, the Middle East and Southwest Asia. Dragos said it could not share much information about the group known as Hexane, but revealed that it appears to be associated with Chrysene, an actor that carried out a destructive cyberattack on Saudi Aramco in 2012 and has since been observed in several countries including those in the U.K.
With the new group, Dragos now tracks five groups actively attempting to exploit the systems and networks used by refineries, pipeline systems and drillers. While Hexane activity has not been identified in the U.S., two other groups tracked by Dragos — Xenotime and Magnallium — initially began carrying out attacks in the Persian Gulf region only to spread to Europe and North America.
Cyber activity targeting the U.S. is on the rise, according to Dragos. Amid escalating tension between Washington and Iran, Dragos has seen Magnallium, which has been linked to Iranian interests, attempting to gain access to computers owned by oil and gas companies, government agencies and financial firms.
Downstream oil and gas assets remain most at risk. Several groups have demonstrated the intent and capacity to penetrate industrial control systems in the sector, particularly in the refining space. Hexane and others have focused on these sectors because they are highly centralized operations with extensive control systems and have the potential to cause extensive damage if something goes wrong.
The groups tracked by Dragos do not appear to be targeting the midstream sector at present, but the firm said it is an "emerging attack surface." The firm was confident that hackers will seek to penetrate control systems linked to pipelines in particular.
Hexane's interest in telecommunications is troubling, Dragos said. Access to mobile or satellite networks could allow the group to compromise upstream and midstream operations, particularly remote ones like pipeline compressor stations and offshore wells, which often rely on cellular or satellite networks for communication, monitoring and maintenance.