The global energy sector is increasingly vulnerable to cyber-attacks and hacking, due to the widespread adoption of internet-based, or ‘open’, industrial control systems (ICS) to reduce costs, improve efficiency and streamline operations in next-generation infrastructure developments.
According to the Marsh Risk Management Research paper, Advanced Cyber Attacks on Global Energy Facilities, energy firms are being disproportionately targeted by increasingly sophisticated hacker networks that are motivated by commercial and political gain.
Releasing the paper at Marsh’s bi-annual National Oil Companies (NOC) conference being held in Dubai, Andrew George, Chairman of Marsh’s Global Energy Practice, commented: “Open ICS have integrated controls that are linked with other information technology networks, giving hackers the opportunity to gain access through back doors and exploit system weaknesses to their advantage.
“While the global energy sector has yet to experience a catastrophic physical damage loss as a result of a cyber-attack, its resiliency to date is certainly not due to a lack of effort on the part of hackers. Several energy firms have suffered attacks originating from malicious software or viruses, which have disrupted production and destroyed computer hardware.
“A successful attack on computer control or emergency shutdown systems, even at a small refinery, petrochemicals or gas plant, could result in estimated maximum loss as a result of fire or explosion worth hundreds of millions of dollars.”
While new projects generally incorporate more sophisticated risk management practices and apply rigorous standards to minimise risk, Marsh’s research states that cyber risk is accentuated at the beginning and end of the project lifecycle, during the design and decommissioning stages. Marsh refers to this at the ‘ICS security risk reliability bath-tub curve’.
Mr George continued: “While insurance is vital in mitigating the impact of cyber-attacks on energy companies’ bottom lines, the nature and changing risk profile of the cyber threat demands a collaborative, risk-based approach from businesses and governments around the world. Energy companies should consider the risk of cyber-attack as an inevitable one, and focus on preparing scenarios to identify, respond and contain any attacks accordingly.”
Marsh’s NOC conference takes place under the patronage of His Highness Sheikh Maktoum Bin Mohammed Bin Rashid Al Maktoum, Deputy Ruler of Dubai. The Twitter hashtag for the conference is #MarshNOC; special reports and updates are available from the conference’s
Marsh is a global leader in insurance broking and risk management. We help clients succeed by defining, designing, and delivering innovative industry-specific solutions that help them effectively manage risk. We have approximately 27,000 colleagues working together to serve clients in more than 100 countries. Marsh is a wholly owned subsidiary of Marsh & McLennan Companies (NYSE: MMC), a global professional services firm offering clients advice and solutions in the areas of risk, strategy, and human capital. With more than 54,000 employees worldwide and approximately $12 billion in annual revenue,