Cybersecurity management for professionals working in the Liquefied Natural Gas (LNG) subsector, liquefaction facilities, LNG vessels, and other supporting entities of the LNG lifecycle
There are significant risks associated with the handling and transportation of the Liquefied Natural Gas. The sector’s reliance on digital technology and automation has increased the importance of robust cybersecurity measures.
LNG operations involve highly flammable substances under extreme pressure and low temperatures. A cybersecurity breach could result in unauthorized actions or operational disruptions that lead to leaks, spills, or explosions, with extremely important national security, safety and environmental consequences.
LNG is a significant component of the global energy supply. Disruptions due to cyber attacks can lead to substantial economic losses due to downtime, loss of product, and damage to infrastructure.
Natural gas in its liquid state is about 600 times smaller in volume than its gaseous state. Liquefying natural gas allows the natural gas industry to convey its energy resource long distances to markets not supported by pipelines. For shipping and storage, LNG must be kept at about -260° Fahrenheit to remain in a liquid state. The LNG industry is made up of components established to enable the shipping of natural gas as LNG.
During the exploration phase, natural gas is extracted from reservoirs and transported via pipeline to an LNG liquefaction facility. LNG liquefaction facilities convert natural gas into LNG, store processed LNG, and supply LNG to transport vessels.
Gas Pre-Treatment (Pre-Liquefaction)
Prior to liquefaction, it is essential to begin the process with a pre-treatment. The gas pretreatment removes impurities, such as any non-methane chemicals, from the natural gas stream. This pre-treatment prepares the gas for liquefaction and reduces the chance of hydrates forming, which will hinder the performance of operations.
Liquefaction
The liquefaction process is what turns the natural gas into liquefied natural gas. Following the pre-treatment, the gas is cooled until it reaches the temperature at which it turns from a liquid to a gas.
This may be accomplished through several processes, but typically involves the use of a heat exchanger that allows the heat energy in the natural gas to be absorbed by pre-cooled refrigerant liquids. The natural gas is cooled to approximately -260° Fahrenheit, the temperature at which natural gas will change from a gas to a liquid.
Liquefied Natural Gas Storage
LNG is stored in highly insulated tanks to help maintain the low temperatures required to keep it in a liquid state. Even though the storage tanks are well insulated, some heat from the surrounding environment will still be absorbed by the tanks and transferred to the LNG stored inside. This causes a small amount of the LNG to change back into a gas and rise to the top of the tank. The change from a liquid to a gas absorbs heat energy helping to keep the rest of the liquid cool. As natural gas builds up at the top of the storage tank it is reclaimed by a boil-off gas (BOG) system and used or sold by the liquefaction facility.
Operational Technology (OT) Supporting Critical Systems
Pre-treatment, liquefaction, and storage processes are monitored and controlled with the aid of operational technology (OT). OT also supports process safety systems that are used to protect equipment and avoid potential hazards to the environment or human safety. Examples of operational technology in use within process and safety systems include embedded systems, relays, programmable logic controllers (PLCs), and human machine interfaces (HMIs).
Vulnerabilities include:
1. SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems monitor and control the physical processes of LNG operations. These systems are connected to other networks, making them vulnerable to attacks.
2. Industrial Control Systems (ICS): ICS are prevalent in LNG facilities for managing processes. These systems, if compromised, can alter the operation of valves, pumps, and other machinery critical to safe LNG handling.
3. Data Transmission and Storage: Information about LNG operations is transmitted across networks and stored digitally, creating targets for data theft, espionage, or manipulation.
4. The human factor: Cyberattacks targeting the human factor in the Liquefied Natural Gas (LNG) industry represent a significant and growing concern. The human factor refers to the role that employees, contractors, suppliers, service providers, and other insiders play in the protection of data and processes.
All persons that have authorised access to information and control systems pose significant risks. Security incidents can be intentional (sabotage, espionage, theft) or unintentional (accidental data leakage due to carelessness or lack of knowledge). Social engineering is one of the most common attacks exploiting human vulnerabilities.
Persons that have authorised access to information and control systems may not be aware of the ways cyber attackers exploit vulnerabilities, making training crucial. Industries like LNG often experience high turnover rates, particularly among contractors. Frequent changes in personnel can lead to gaps in security. With the increasing use of personal devices for work and remote access to networks, controlling the security of these access points becomes very difficult.
5. LNG is an excellent target in hybrid warfare: Hybrid warfare attacks against the Liquefied Natural Gas (LNG) industry represent a complex and multifaceted threat. Hybrid warfare is characterized by the use of non-military tactics such as cyber attacks, disinformation, economic pressure, and the exploitation of legal and political loopholes. Adversaries may also deliberately destroy, damage, or obstruct, for political or military reasons. These tactics can be used simultaneously and are designed to remain below the threshold of traditional military conflict.
LNG is a crucial energy resource for many countries, making it a strategic target in hybrid warfare scenarios. Disrupting LNG supply can have significant economic and political impacts. Due to its economic importance, the LNG industry is a high-profile target, and attacks can have significant geopolitical implications. State-sponsored groups can use asymmetric tactics to achieve their goals without engaging in open conflict. This could include sabotage, cyber espionage, or support to insurgent groups.
6. Espionage against the Liquefied Natural Gas (LNG) industry: It can be conducted by competing businesses, hostile nation-states, or other entities seeking a competitive advantage or strategic leverage.
Competing companies engage in industrial espionage to steal innovations. Governments also conduct espionage to bolster their national energy security, gain economic advantages, or strategically disrupt other nations' energy supplies. They search for information like plant operations, maintenance schedules, safety protocols, security measures, details about suppliers, routes, logistics, and vulnerabilities in the supply chain of LNG operations.
A very simple espionage case study
Companies and organisations often consider espionage a low impact low likelihood event, and they believe it is a very difficult and complex operation. It is not, as persons, not systems, are often the weakest links. We will consider a very simple and easy example: Cyber espionage facilitated through a spear phishing campaign, from a State-sponsored group.
1. Preparation: Adversaries conduct extensive research on the LNG entity, identifying key personnel having authorised access to data and systems. The research includes:
- Public and Open Source Information: Adversaries collect publicly available information, including details from websites, press releases, and industry reports. They gather information on operations, locations, partnerships, and key projects.
- Social Media Analysis: The extensive research on social media platforms provide further insights into the employees' roles, their professional connections, their families, weaknesses, habits, political and sexual orientation. Also, recent company activities, and internal company events.
- Technical Footprint Analysis: The primary goal is to gather detailed information about the target organization’s network architecture, online services, and related technologies. It also aims to identify weak spots, such as outdated systems, unpatched software, or exposed services that could be leveraged to gain unauthorized access.
2. Infiltration: In our simple example, using information gathered, adversaries craft personalized phishing emails that appeared to come from friends, family, vendors, partners, or employees, containing malicious links or attachments.
3. Breach: Several employees will be deceived into clicking the links, which lead to the installation of malware on their systems.
4. Exfiltration: Malware leads to unauthorised access to the network, enabling the adversaries to navigate covertly and gather sensitive data related to technology and operations. Exfiltration in the context of a cybersecurity breach refers to the unauthorized transfer of data to a location controlled by adversaries. Data is often encrypted or obfuscated to mask them as regular network traffic.
This is a very simple example. State-sponsored adversaries are able to plan and execute complex and very sophisticated plans. Persons that have authorised access to data and systems must understand the modus operandi of adversaries and protect their organisation, the critical infrastructure, and their countries.
You may also visit:
Cybersecurity for the maritime industry
Maritime Cybersecurity Trained Professional (MarCybTPro) distance learning program