In this Energy Brief, Blake Clayton and Adam Segal argue that cyber threats to oil and gas suppliers pose an increasingly challenging problem for U.S. national security and economic competitiveness. Attacks can take many forms, ranging from cyber espionage by foreign intelligence services to attempts to interrupt a company's physical operations. These threats have grown more sophisticated over time, making them more difficult to detect and defend against. So too have the actors behind them, which have evolved from lone hackers with few resources to state-sponsored teams of programming experts. Several of the world's major oil and gas producers, including Saudi Aramco (officially the Saudi Arabian Oil Company) and Qatar's RasGas, have fallen victim to cyberattacks since 2009. Others, such as Chevron, have also had their networks infected.
Clayton and Segal contend some damage was done in each of these cases, but the costs of future breaches could be much higher, whether to corporate assets, public infrastructure and safety, or the broader economy through energy prices. Successful cyberattacks threaten the competitiveness of the U.S. oil and gas industry, one of the nation's most technically advanced and economically important sectors. While intrusions previously focused on the theft of intellectual property and business strategies, the malware attack on Saudi Aramco reflects a worrying qualitative change toward attacks with the potential for causing physical disruptions to the oil and gas supply chain.