Start the conversation
The energy industry has a dangerous enemy that is getting stronger and more motivated to damage companies' operations and wreak havoc on global oil prices.
This new threat comes from the growing trend of cybercrime, and the criminals have become more focused on disrupting large industrial systems, like those operating in the energy industry.
Indeed, oil companies are reporting more frequent, better organized attacks on their systems. With most of the world's energy production and distribution controlled by computers, this puts the industry in an incredibly vulnerable position.
Executives say the repercussions of an attack that isn't stopped in time could be massively harmful.
"If anybody gets into the area where you can control opening and closing of valves, or release valves, you can imagine what happens," Ludolf Luehmann, IT manager at Royal Dutch Shell PLC (NYSE ADR: RDS.A, RDS.B), said at the World Petroleum Congress in Doha, Qatar. "It will cost lives and it will cost production, it will cost money, cause fires and cause loss of containment, environmental damage – huge, huge damage."
Crime Targets the Energy Industry
Cybercrime used to focus on hacking into systems to retrieve people's personal financial information. But now it's become more sophisticated and hackers more skilled, targeting more complex and protected systems to get highly classified information.
"The scene used to be dominated by speculative attacks – people being at the wrong place at the wrong time, but it was nothing personal," security researcher David Emm told BBC News. "But we certainly are in a different world than where we were 18 months ago. What we're starting to see is an increase in targeted attacks. We know critical systems, like those in oil production, are vulnerable to attack."
Shell's Luehmann told Reuters hackers are now unleashing attacks over longer periods of time, collecting more information than before to create more complex and resilient infections.
While other businesses can more easily shut down their information technology systems to update software security, the energy industry cannot simply turn off the oil and gas supply for long stretches of time. Any long disruption – from an attack or from trying to prevent one – wouldn't just affect one company, but the entire global oil market.
"Oil needs to keep on flowing," Riemer Brouwer, head of IT security at Abu Dhabi Co. for Onshore Oil Operations, told Reuters. "We have a very strategic position in the global oil and gas market. If they could bring down one of the big players in the oil and gas market you can imagine what this will do for the oil price – it would blow the market."
The energy industry became of aware of how far cybercrime has progressed when Stuxnet, a highly sophisticated piece of malware, was detected in June 2010. Stuxnet is believed to be the first worm created to target high-value infrastructure like power stations and water plants.
Stuxnet differs from most viruses in that it targets systems that commonly aren't connected to the Internet for security purposes. Instead it infects through keys used to move files around. After it infects the machine and can access a company's internal network, it hunts for specific software made by Siemens AG (NYSE ADR: SI). Stuxnet can then reprogram the software and give new instructions to the machinery it controls.
The Stuxnet virus crippled Iran's computers, putting the country's plan for atomic weapons at least two years behind schedule.
Stuxnet made the energy industry aware that an attack on their systems was not only possible but likely. Now it's one of their biggest concerns.
"It's something that we have to stay on top of every day," Dennis Painchaud, director of International Government Relations at Canada-based global energy company Nexen Inc. (NYSE: NXY), told Reuters. "It is a risk that is only going to grow and is probably one of the preeminent risks that we face today and will continue to face for some time."
The frightening truth is that with hackers able to operate from anywhere in the world, and becoming harder to detect, the industry is getting closer to a dangerous cyberattack. In fact, security software maker Symantec Corp. (Nasdaq: SYMC) in October published a report on a new virus similar to Stuxnet, named Duqu. Duqu appears to be designed to gather information that makes it easier to launch future attacks.
"So far we haven't had any major incidents," said Abu Dhabi Co.'s Brouwer. "But are we really in control? The answer has to be "no.'"
Time to Invest in Cybersecurity Stocks
With more industries feeling threatened by such attacks, companies that specialize in cybersecurity have a chance to flourish.
Companies and governments wanting to beef up their defenses will call on their services. It's estimated that about $221 billion a year is lost to cybercrime, and more high-level companies and institutions have been hit. The International Monetary Fund, the French Ministry of Finance, and global security company Lockheed Martin Corp. (NYSE: LMT) have all been hacked this year.
"A lot of countries now are pumping money into research – the last 18 months have shown these people are after not just the public's money, but they're after larger organization's information," said researcher Emm.
U.S. Senate Majority Leader Harry Reid, D-NV, on Nov. 16 wrote a letter to Senate Minority Leader Mitch McConnell, R-KY, expressing the need for their chamber to take up legislation that deals with Internet-based attacks early next year.
"Given the magnitude of the threat and the gaps in the government's ability to respond, we cannot afford to delay action on this critical legislation," Sen. Reid wrote.
This means with more money being spent to protect against cybercrime, investors should act now to get ahead of the coming rush to cybersecurity stocks.
Investors have two ways to approach cybersecurity investing. You can focus on companies that provide specific data-protection products or online security, like Symantec Corp., Check Point Software Technologies Ltd. (Nasdaq: CHKP), and Sourcefire Inc. (Nasdaq: FIRE). Or you can get ahead of the curve by investing in companies that educate and train computer security experts, including ManTech International Corp. (Nasdaq: MANT) and SAIC Inc. (NYSE: SAI).
While these five companies are poised to profit from the explosive growth in cybersecurity spending, there's actually one other company – a small-cap player – that has a tremendous upside. If current projections are correct, the stock could soar by 174% or more over the next 12 months.
News and Related Story Links:
Cyber attacks could wreck world oil supply
- BBC News:
Oil cyber-attacks could cost lives, Shell warns
- BBC News:
Stuxnet worm “targeted high-value Iranian assets’
- Money Morning:
How the "New Cold War" with China Will Change America's Future
- Money Morning:
Profit From Congress' Next Move With a Cybersecurity Stock That Could More Than Double