Cyber attacks could cost lives and cause huge damage, according to Ludolf Luehmann, an IT manager for the Shell oil and petrol company.
Shell has been targeted by an increased number of criminally and commercially motivated attacks in the past year, he told the World Petroleum Conference in Doha, according to BBC reports.
The industry is experiencing a new dimension of attack that could put physical machinery at serious risk, having real-world consequences on business processes, said Luehmann, breaking the traditional industry silence.
Shell has declined to comment further on Luehmann’s statements, and BP, which is known to have been targeted by cyber attacks after the Gulf oil spill, routinely declines to speak publicly about security issues as a matter of company policy.
Protecting the critical infrastructure
But IT security firms report an increase in the number of targeted cyber attacks, particularly against organisations in the defence, pharmaceutical, oil and gas industries.
This, coupled with the fact that many oil and gas firms are part of the critical infrastructure, raises the question of whether national governments should help protect them from cyber attack, said Sam Jardine, TMT associate at international law firm Eversheds.
But the answer to that question must be both "yes" and "no", he said.
It should be "yes" in the sense that the government ought to be one step ahead of business in terms of the anti-hacking technology it deploys to safeguard national security. It will also have information on known hackers and so may have workarounds which the private sector has not had to consider. It is also in the national interest to ensure an uninterrupted energy supply to its citizens.
But the answer should be "no" in the sense that private sector energy organisations should foot the bill for defending against cyber attacks. The information on their systems is proprietary and of intrinsic value to those companies and their shareholders, which are essentially private interests. Therefore, costs in safeguarding information should be borne by those seeking to prevent its disclosure.
“UK MP David Blunkett, who is also chairman of the International Cyber Security Protection Alliance, recently called for the cybersecurity silos of government, law enforcement and business to be torn down, to aid in a more joined-up approach to fighting cybercrime. Preventive information sharing makes eminent sense, although cost sharing may be harder to swallow in these austere times,” said Jardine.