Oil and Gas Industry

Achieve TSA Compliance in Days,
Not Years — Without Downtime!

Learn More

The US has over potentially millions of oil and gas wells and at least 144 refineries operating daily. That number is in the tens of millions of wells and hundreds of refineries worldwide. All of the output of the wells and refineries is then distributed and used by businesses and consumers. 

The oil and gas industry relies heavily on operational technology to manage a vast global energy assets and operations network. However, this reliance on technology makes the industry vulnerable to cybersecurity risks. The US Government Accountability Office has detailed significant cybersecurity risks to offshore oil and gas infrastructure, including those posed by threat actors, vulnerabilities, and potential impacts. The operational technology (OT) used to monitor and control physical equipment on sites also has multiple known security flaws (CVEs). These flaws could allow attackers to remotely control critical safety functions, posing a severe threat to operational resilience. Outdated infrastructure, including old surveillance systems, may exacerbate these risks with fewer robust cybersecurity measures.

Oil and Gas Illustration

Cyberattacks Security Protection for Oil & Gas Industry

Oil & Gas Industry Attacks Graph in OT Security

Cyberattacks on the Energy Industry in the US

The energy sector faces five major cyber threats.

Supply Chain Attacks

In supply chain attacks, threat actors access an organization's network through a third-party vendor or supplier, potentially compromising sensitive information. The Colonial Pipeline attack was a significant supply chain attack caused by a compromised VPN account, and the attackers stole data and demanded ransom.

A ransomware attack disabled Baltimore City computers in May 2019, causing millions of dollars in damages and disrupting daily life for weeks. The attackers targeted not just IT networks but also critical infrastructure. These incidents demonstrate that cybercriminals are willing to target any vulnerable system, regardless of its impact on daily life or critical infrastructure.

Powerline Image

Cyber Attacks on the Oil and Gas Industry

The oil and gas industry has been a cybercriminal target due to the critical nature of its energy infrastructure and the amount of money it generates. Among the most significant cyberattacks in the industry was the DarkSide attack on Colonial Pipeline in May 2021. The attack forced the largest oil pipeline operator in the US to shut down its 5,500 miles of pipeline, causing fuel shortages and panic buying in several US states. The CEO of Colonial Pipeline authorized a ransom payment of US$ 4.4 million to DarkSide, which drew massive attention to the vulnerability of the US energy sector.

Cybersecurity threats in the oil and gas industry are a global problem, with significant attacks occurring in other countries, including:

  • The Triton malware attack in 2017 targeted the safety systems of Saudi Aramco.
  • In 2020, the Ekans ransomware attack targeted Chevron's Industrial Control Systems (ICS) and Operational Technology (OT).
  • The Ryuk ransomware attack in 2019 disrupted ExxonMobil's downstream business.
  • In 2019, the LockerGoga ransomware attack affected all 35,000 Norsk Hydro employees across 40 countries.
  • Petrobras was affected by the WannaCry ransomware attack in 2017, which impacted at least 100,000 organizations across 150 countries.

These attacks on critical infrastructure and businesses worldwide highlight the increasing cyber threat to the industry.

As AI-powered attacks ramp up, especially GenAI-optimized reconnaissance and phishing campaigns, the industry needs to build an AI-resistant OT cybersecurity shield around its networks.

Image of an Oil Rig

Strengthening Oil and Gas OT Cybersecurity

Organizations must develop the ability to withstand and protect themselves against cyber-attacks to achieve cyber resilience. Detecting, responding to, and recovering from an attack is crucial in achieving cyber resilience. Cyber resilience is essential for any enterprise as it provides improved cybersecurity, enhances brand reputation, and ensures business continuity.

The Cyber Resilience in Oil and Gas initiative is a multistakeholder program that brings together senior executives and practitioners from the oil and gas and ICT industries to foster collaboration and information sharing. The initiative aimed to strengthen industrial security by developing various resources and tools, including a framework for managing third-party cyber risks. This has become a critical issue as the oil and gas industry increasingly uses third-party vendors and service providers. The framework helps companies assess and mitigate risks to protect their digital infrastructure and assets.

While cybersecurity guidelines like NERC CIP, NIST 800-207, and IEC 62443 may not be directly mandated for oil and gas companies,  they can serve as blueprints for achieving strong cybersecurity.

BlastWave’s Oil and Gas OT Cybersecurity Solutions

The oil and gas industry heavily relies on technology to control and manage critical operations such as drilling, refining, and distribution. A solution that protects their OT network and enables secure remote access is mandatory to keep the oil and gas industry operating smoothly.

BlastWave offers three key capabilities to the industry:

Oil and Gas Station Image
Make Devices Undiscoverable OT Security

Network Cloaking:

Network Cloaking ensures that critical yet outdated legacy infrastructure such as PLCs, DCSs, RTUs, SCADA, and HMIs become invisible to external threats. Rather than just obfuscating these systems, they do not appear in any scans or probes from a hacker. BlastShield ensures strong OT cybersecurity with the entire oil and gas supply chain. With Network Cloaking, AI-enhanced reconnaissance tools cannot probe into the internal workings of a well or refinery because they have no path to reach the internal OT networks.

OT Secure Remote Access:

BlastShield provides OT Secure Remote Access to critical upstream, midstream, and downstream systems, ensuring OT managers can monitor and manage them without exposing them to cyber threats. BlastShield’s phishing-resistant MFA biometric authentication protects against GenAI-powered phishing attacks and MFA hijacking. A full mesh of P2P encrypted tunnels is created to secure traffic from users to remote locations and any agent-enabled systems, protecting against Man-in-the-middle attacks.

Network Segmentation (MicroSegmentation):

BlastShield simplifies the challenge of microsegmentation by creating simple peer-to-peer encrypted and authenticated tunnels to each device or group of devices without complex firewall rulesets. IT and OT network staff and temporary contractors are permitted access to only the systems they are responsible for, and privileges can be granted and revoked in real-time. BlastShield prevents lateral movement by Secure Remote Access users within the network and can even provide lateral movement protection at Layer 2 for local network connections.

Download Solution Brief