Last week, in an unprecedented move, the British National Cyber Security Centre (NCSC) issued a joint statement with the FBI and the US Department of Homeland Security warning that Russia had launched a cyber attack on critical UK infrastructure.
While the threat posed by cyber attacks seems to intensify on a weekly basis, British companies face continual warnings that they are not equipped to handle a hack.
A London-based energy insurance giant is also sounding the alarm bell, saying that the insurance industry is struggling to predict the impact a cyber attack would have on UK oil and gas firms because of the novelty of the threat.
“There is no doubt that the energy industry is a target for cyber attack,” said Robin Somerville, a business development director at Willis Towers Watson.
“What we don’t know yet is to what extent it’s going to make a difference to the overall balance sheet and to what extent there’s going to be claims to the insurance market. Because you haven’t got a track record, all the models just sit there empty,” he said.
Earlier this month, four US natural gas pipeline operators were temporarily shut down after hackers breached a shared data network. Although no gas service was interrupted, customer data may have been stolen, and the attack highlighted the possible vulnerability of the energy system.
Tim Erlin, the vice president of product management and strategy at US software firm Tripwire, said the US has seen an increasing number of attacks – and more importantly an increasing number of successful attacks – on energy infrastructure. Andrew Lloyd, the president of security firm Corero, said the US pipeline operator hacking was “precisely the type of attack that the UK government is seeking to protect us against”.
Hackers could also spark environmental disasters, an “elephant in the room” for oil and gas companies because of the “absolutely extreme” cost associated with the worst situations, by insurance standards.
“Once you can get hold of a valve in a pipeline, then we know that a Macondo-type situation could happen easily,” Somerville said, referring to the Deepwater Horizon oil spill that occurred in the Gulf of Mexico in 2010.
The deadly oil spill caused the death of 11 workers and gushed nearly 5m barrels of oil into the Gulf, and it has cost BP, the operator of the Macondo field, more than $60bn (£43bn) in the eight years since. It was one of the largest environmental disasters in US history.
“The [insurance policy] limits offered currently are not adequate for a Macondo-type event,” said Graham Knight, the head of downstream natural resources at Willis Towers Watson.
“There’s no insurance for $60bn. I don’t think there’s even a bond or an index-linked security or anything like that for $60bn.
“So taking that as the extreme, you’ve got the potential for environmental problems to dwarf any risk management strategy a client currently has,” he said.