The well-being of employees and the facility or jobsite is the core concern of health and safety professionals in the oil and gas industry, and that priority won’t change anytime soon.
However, an emerging risk has bubbled to the surface in the form of cyberattacks on companies that extract, refine, transport and supply oil and natural gas.
Though addressing such issues is currently in the realm of the security and information technology departments of many companies, health and safety professionals need to be aware of the risks that such breaches could cause to workers and companies as a whole.
Recent cyberattacks raise the alarm
“Four pipeline companies across the U.S. experienced cyberattacks early in 2018, according to Bloomberg.”
In early April, four pipeline companies across the U.S. experienced significant issues related to the systems they use to communicate with customers, Bloomberg reported. Three of those businesses quickly identified the root of the problem as malicious intrusions by hackers.
The attacks were seemingly similar to those conducted by malicious digital agents in many other industries, cybersecurity expert Chris Bronk told The New York Times. He noted hackers likely wanted to access a source of potentially valuable information, such as facts about buyers and sellers of a given facility.
However, at least one of the companies said it didn’t believe any sensitive customer data was stolen. The attack affected the communication systems and databases related to oil and natural gas, but had no direct impact on physical provision via those pipelines.
These attacks are not new, as Bloomberg pointed out similar incidents dating back to 2012.
“It’s important to recognize that this does not appear to be an attack on an operational system,” Cathy Landry, a spokeswoman for the Interstate Natural Gas Association of America, told Bloomberg. “An attack on a network certainly is inconvenient and can be costly, and something any company – whether a retailer, a bank or a media company – wants to avoid, but there is no threat to public safety or to natural gas deliveries.”
Increased potential for cyberattacks
While current cyberattacks center around assets like business and customer data and overall disruption of the energy grid, there is opportunity for more widespread disruptions in the future.
As the internet of things – internet-connected tools, parts and machinery that transmit and share operational information – becomes more common, hackers may find opportunities to move beyond data and attack specific elements of infrastructure.
Although still a hypothetical concern, it’s one that could put workers and valuable assets in harm’s way.
The idea of a malicious digital intruder causing a major, violent disruption by igniting natural gas, for example, is far more a Hollywood fantasy than fact. But the ability to hack into systems to shut down a pipeline or cause other operational disturbances is a possibility.
Health and safety professionals need to begin preliminary fact-finding discussions with their IT and security teams about potential issues in the years to come to ensure the effects of a cyberattack don’t lead to issues in the physical world for staff or the facility as a whole.