About Us  |   Contact Us  |   Register  | Login  |   

Follow HedgeWorld on Twitter HedgeWorld on LinkedIn






HEDGEWORLD NEWS
Search the News
Advanced News Search
HedgeWorld News by Region
United States / Americas
Europe
Asia / Australia
International
HedgeWorld News Sections
Managed Futures & Derivatives
Daily News
Regulatory/Legal
Strategies/Analysis
Technology
Opinion
People
Indexes
Other News Features
Most Popular
LexisNexis Headlines
Reuters Headlines
The HedgeWorld Blog
Alternative Advantage Daily Newsletter
RSS Service
Sign Up For Email News Alerts
Reprints



US energy companies seen at risk from cyber attacks-CFR report
06/26/2013 Email this story  |  Printable Version

* Energy businesses top target list for hackers

* Goals of attacks are espionage, operational disruption

* "Night Dragon" hack in 2008 stole lease auction bid info

WASHINGTON, June 26 (Reuters) - U.S. oil and natural gas operations are increasingly vulnerable to cyber attacks that can harm the competitiveness of energy companies or lead to costly outages at pipelines, refineries or drilling platforms, a report said on Wednesday.

The energy business, including oil and gas producers, was hit by more targeted malware attacks from April to September last year than any other industry, said the Council on Foreign Relations (CFR) report, citing data from a Houston-based security company, Alert Logic.

Cyber attacks on energy companies, which are increasing in frequency and sophistication, take two main forms, the CFR report said. The first kind, cyber espionage, is carried out by foreign intelligence and defense agencies, organized crime, or freelance hackers.

These parties covertly capture sensitive corporate data or communications with the goal of gathering commercial or national security intelligence. U.S. energy companies are subject to frequent and often successful attempts by competitors and foreign governments to access long-term strategic plans, bids tendered for new drilling acreage, talks with foreign officials and other trade secrets, the report said.

A campaign against U.S. energy companies by hackers based in China, called Night Dragon by McAfee, a leading security company that is part of Intel Corp, began in 2008 and lasted into 2011. The campaign stole gigabytes of material, including bidding data in advance of a lease auction. One unidentified energy company official believes his company lost a bid in a lease auction because of the attack, the CFR report said.

Many companies are either unaware of similar attacks or are afraid to disclose them for fear of upsetting investors, it said.

"That's too bad because it makes it harder for Washington to help them and it also makes it harder for the public to be aware of what threats are out there," said Blake Clayton, a fellow in energy and national security at CFR and a co-author of the report.

The second main cyber risk to energy companies is the disruption of critical businesses or physical operations through attacks on networks.

"This has a lower probability but potentially higher cost," said Clayton.

The Stuxnet virus, said to have been created by the United States and Israel to attack Iran's nuclear program, is an example of a campaign that ended up escaping from its intended target at the risk of causing harm to a U.S. company. Chevron Corp said late last year it had been infected by Stuxnet, but said without elaborating the virus was quickly controlled.

An attack dubbed Shamoon last year on Saudi Aramco, Riyadh's state oil company, ultimately disabled some 30,000 computers. The company said the attack was aimed at stopping oil and gas output at the biggest OPEC crude exporter.

Oil production was apparently unaffected, but damage could have been more severe had the attack penetrated further into the network, the report said.

Hackers from a group called "Cutting Sword of Justice," suspected to be insiders, claimed responsibility for the attack, which was believed to have been delivered using a USB drive.


Email This Story to a Friend   |   Display Printable Version of This Story

Story Copyright © 1999-2014 Reuters HedgeWorld All rights reserved.

HedgeWorld News is sponsored by:






Lipper    Privacy   User Policy  Legal Disclosure Copyright/DMCA  Site Map    FAQ    Glossary  Thomson Reuters for Hedge Funds
All rights reserved. Users may download and print extracts of content from this website for their own personal and non-commercial use only. Republication or redistribution of HedgeWorld content, including by framing or similar means, is expressly prohibited without the prior written consent of Thomson Reuters. HedgeWorld is a registered trademark of Thomson Reuters.