Cybersecurity training for the Energy Sector, Gas Subsector


According to the "Offshore Oil and Gas" Report to Congress from the US Government Accountability Office (GAO) in October 2022, modern exploration and production methods are increasingly reliant on remotely connected operational technology — often critical to safety — that is vulnerable to cyberattacks. Older infrastructure is also vulnerable because its operational technology can have fewer cybersecurity protection measures.

A successful cyberattack on offshore oil and gas infrastructure can cause physical, environmental, and economic harm. For example, according to GAO, officials said that the effects of a cyberattack could resemble those that occurred in the 2010 Deepwater Horizon disaster. Disruptions to oil and gas production or transmission could also affect energy supplies and markets.

As a reminder, on April 20, 2010, the oil drilling rig Deepwater Horizon, operating in the Gulf of Mexico, exploded and sank resulting in the largest spill of oil in the history of marine oil drilling operations.

According to GAO, threat actors are becoming increasingly capable of carrying out attacks on critical infrastructure, including offshore oil and gas infrastructure. At the same time, the infrastructure is becoming more vulnerable to attacks. More specifically, the OT in oil and gas infrastructure is increasingly vulnerable to being exploited in cyberattacks that could result in serious harm to human safety, the environment, and the economy.

According to the 2022 Annual Threat Assessment of the U.S. Intelligence Community, adversaries possess the ability to launch cyberattacks that could have disruptive effects on critical infrastructure. Transnational cyber criminals are increasing the number, scale, and sophistication of ransomware attacks, fueling a virtual ecosystem that threatens to cause greater disruptions of critical services worldwide.

State-sponsored hacker groups carry out operations that look like cybercrime or hacktivism, but are hidden cyberespionage or business intelligence attempts.

Cyber intrusions to Gas Subsector facilities, often starting with simple phishing attacks, gather intelligence and steal credentials. The effect on business, trade, products, services, government entities, hospitals, banks, the retail market, and families can be disastrous.

Modules of the tailor-made training


- Important developments in the Energy Sector, Gas Subsector.

- Understanding the challenges.

- Countries having the capability to launch cyberattacks that could disrupt the Gas Subsector infrastructure.

The modus operandi

An overview of some attacks that are suitable for the objectives of the training. At the end of the presentation we will cover one or more of these attacks in depth.

CISA Alert (TA18-074A): Russian Government Cyber Activity Targeting Energy and Other Critical Infrastructure Sectors.
- Indicators of compromise (IOCs) and technical details on the tactics, techniques, and procedures (TTPs) used by cyber actors on compromised victim networks.
- The multi-stage intrusion campaign, as it was characterized by the DHS and the FBI, by state-sponsored cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.

- How could all these attacks succeed?

Understanding the tactics, techniques, and procedures (TTPs).
- spear-phishing emails (from compromised legitimate account),
- watering-hole domains,
- credential gathering,
- open-source and network reconnaissance,
- host-based exploitation, and
- targeting industrial control system (ICS) infrastructure.

Who is the “attacker”?

- Countries, competitors, criminal organizations, small groups, individuals, employees, insiders, service providers.

- Hacktivists and the Gas Subsector.

- Professional criminals and information warriors.

How do the adversaries plan and execute the attack?

- Step 1 – Collecting information about persons and systems.

- Step 2 – Identifying possible targets and victims.

- Step 3 – Evaluation, recruitment, and testing.

- Step 4 - Privilege escalation.

- Step 5 – Identifying important clients and VIPs.

- Step 6 – Critical infrastructure.

Employees and their weaknesses and vulnerabilities.

- Employee collusion with external parties.

- Blackmailing employees: The art and the science.

- Romance fraudsters and webcam blackmail: Which is the risk for the Gas Subsector?


- Trojan Horses and free programs, games, and utilities.

- Ransomware.

Social Engineering.

- Reverse Social Engineering.

- Common social engineering techniques

- 1. Pretexting.

- 2. Baiting.

- 3. Something for something.

- 4. Tailgating.

Phishing attacks.

- Spear-phishing.

- Clone phishing.

- Whaling – phishing for executives.

- Smishing and Vishing Attacks.

Cyber Hygiene.

- The online analogue of personal hygiene.

- Personal devices.

- Untrusted storage devices.

- Best practices for managers and employees in the Energy Sector, Gas Subsector.

- What to do, what to avoid.

Case studies.

We will discuss the mistakes and the consequences in one or more case studies.

Closing remarks and questions.

Target Audience

The program is beneficial to all persons working for the Energy Sector, Gas Subsector. It has been designed for all persons having authorized access to systems and data.


One hour to half day, depending on the needs, the content of the program and the case studies.

Delivery format of the training program

a. In-House Instructor-Led Training,
b. Online Live Training, or
c. Video-Recorded Training.


Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.

George Lekatis, General Manager of Cyber Risk GmbH, can also lead these training sessions. His background and some testimonials:

Terms and conditions.

You may visit:

Contact us

Cyber Risk GmbH
Dammstrasse 16
8810 Horgen
Tel: +41 79 505 89 60


We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.