Oil & Gas

The oil and gas industry is a significant target for cyber criminals. As more infrastructure is connected to the Internet the threat has never been greater. The consequences can be devastating and long lasting to critical business operations. 

The oil & gas cyber landscape

The oil and gas sector is a fast maturing industry in terms of cyber security. Targeted and sophisticated attacks like Stuxnet and Flame have made companies aware that cyber security is a major issue, requiring financial and strategic investment. Today’s cyber threats are persistent, well organised and too often successful. Energy leaders face a vast array of challenges that can avert their attention, including demand for always-on services, growing regulations and initiatives like replacing legacy industrial controls with devices such as smart meters. The increasingly connected nature of energy infrastructure poses a huge risk. With machinery and networks being controlled remotely, the attack surface that hackers can exploit is growing rapidly. Infrastructure terrorism poses a major risk. Plants can be remotely shut down and supplies can be interrupted.

Globally, it is estimated that cyber attacks against oil and gas infrastructure will cost energy companies close to $1.9 bn by 2018. [1]

The oil and gas industry is used in nearly every aspect of our lives and so protecting critical supply systems is vital. A successful attack could have disastrous consequences. The threat of hacktivism has grown over recent years. It began with low-level DDoS attacks which knock websites offline, but now there’s a much greater risk. Large DDoS attacks can be directed at critical systems, overloading them and could result in the malfunction of crucial infrastructure.

Once a system has been exploited, gaping security holes can give hackers the potential ability to destroy infrastructure, create widespread chaos and even endanger lives by altering the physical industrial automation systems. 

How we can help

Vulnerability assessment & consulting of industrial control system hosts, equipment & services


Detailed analysis of all security, operations, relevant equipment and hosts.

Attacker modelled penetration testing for ICS environments


Using the techniques employed by real-world Advanced Persistent Threat (APT) actors, NCC Group specialists design and deliver a simulated attack to test an organisation’s defences.

Network design analysis for Industrial Control System (ICS) environments


NCC Group offer specialist network architecture design analysis against the challenging operational environments in this area.

[1] Bloomberg (2015) - https://www.bloomberg.com/news/articles/2015-06-10/hackers-favorite-target-big-oil 

Contact us

Send us an email infosec@nccgroup.trust or

call us on +44 (0)161 209 5111