Government powers must co-operate with the energy sector to mitigate an increasing cyber threat, says Marsh

Businesses and government powers are urged to collaborate in combating malicious cyber attacks on energy firms by Marsh global energy practice chairman, Andrew George.

Energy firms are being disproportionately targeted by increasingly sophisticated hacker networks that are motivated by commercial and political gain, according to Marsh’s latest risk management research paper, Advanced Cyber Attacks on Global Energy Facilities.

Speaking at Marsh’s biannual National Oil Companies conference in Dubai, George said: “While insurance is vital in mitigating the impact of cyber attacks on energy companies’ bottom lines, the nature and changing risk profile of the cyber threat demands a collaborative, risk-based approach from businesses and governments around the world.

“Energy companies should consider the risk of cyber attack as inevitable and focus on preparing scenarios to identify, respond and contain any attacks accordingly.”

According to Marsh, energy firms are increasingly vulnerable to cyber attacks and hacking owing to the widespread adoption of internet-based, or ‘open’, industrial control systems (ICS) that reduce costs, improve efficiency and streamline operations in next-generation infrastructure developments.

However, George said the adoption of ICS offers hackers the opportunity to access through back doors and exploit system weaknesses, potentially inflicting costly damages.

He said: “While the global energy sector has yet to experience a catastrophic physical damage loss as a result of a cyber attack, its resiliency to date is certainly not due to a lack of effort on the part of hackers.

“Several energy firms have suffered attacks originating from malicious software or viruses, which have disrupted production and destroyed computer hardware.

“A successful attack on computer control or emergency shutdown systems, even at a small refinery, petrochemicals or gas plant, could result in estimated maximum loss as a result of fire or explosion worth hundreds of millions of dollars.”