U.S. energy companies seen at risk from cyber attacks: CFR report
WASHINGTON (Reuters) - U.S. oil and natural gas operations are increasingly vulnerable to cyber attacks that can harm the competitiveness of energy companies or lead to costly outages at pipelines, refineries or drilling platforms, a report said on Wednesday.
The energy business, including oil and gas producers, was hit by more targeted malware attacks from April to September last year than any other industry, said the Council on Foreign Relations (CFR) report, citing data from a Houston-based security company, Alert Logic.
Cyber attacks on energy companies, which are increasing in frequency and sophistication, take two main forms, the CFR report said. The first kind, cyber espionage, is carried out by foreign intelligence and defense agencies, organized crime, or freelance hackers.
These parties covertly capture sensitive corporate data or communications with the goal of gathering commercial or national security intelligence. U.S. energy companies are subject to frequent and often successful attempts by competitors and foreign governments to access long-term strategic plans, bids tendered for new drilling acreage, talks with foreign officials and other trade secrets, the report said.
A campaign against U.S. energy companies by hackers based in China, called Night Dragon by McAfee, a leading security company that is part of Intel Corp, began in 2008 and lasted into 2011. The campaign stole gigabytes of material, including bidding data in advance of a lease auction. One unidentified energy company official believes his company lost a bid in a lease auction because of the attack, the CFR report said.
Many companies are either unaware of similar attacks or are afraid to disclose them for fear of upsetting investors, it said.
"That's too bad because it makes it harder for Washington to help them and it also makes it harder for the public to be aware of what threats are out there," said Blake Clayton, a fellow in energy and national security at CFR and a co-author of the report.
The second main cyber risk to energy companies is the disruption of critical businesses or physical operations through attacks on networks.
"This has a lower probability but potentially higher cost," said Clayton. Continued...