Hunton Insurance Recovery Blog

In what has been described as a “watershed” cyber incident, hackers recently used sophisticated malware—dubbed Triton—to take control of a key safety device installed at a power plant in Saudi Arabia. One of the few confirmed hacking tools designed to manipulate industrial control systems, this new breach is part of a growing trend in hacking attempts on utilities, production facilities, and other critical infrastructure in the oil and gas industry. The Triton malware attack targeted the Triconex industrial safety technology made by Schneider Electric SE. The attack underscores the importance of mitigating this and other similar risks through cyber and other traditional liability insurance as part of a comprehensive cybersecurity program.

The Triton attack was only discovered because the hackers, believed to be state-sponsored, went too far in manipulating the plant’s safety mechanisms, accidentally triggering the device’s automatic shutdown process and exposing the breach, which otherwise may have remained undetected while the hackers probed and recorded network activity. The Triconex safety system at issue is widely used in the energy industry, including in refineries, drilling sites, and chemical and power facilities.

As demonstrated by recent hacking incidents, oil and gas companies face a unique set of cyber risks, including a broad array of direct and indirect losses that can accompany a cyber breach. The Triton attack, for example, took advantage of the interconnected safety system that could not only access computer networks, but could also remotely control physical processes throughout the plant.

Companies can mitigate these risks by employing sound operational incident response practices, in conjunction with adequate cyber insurance and comprehensive traditional insurance policies, such as pollution liability and general liability policies. An effective insurance program should minimize coverage gaps when pollution events, property damage, bodily injury or business interruption results from cyber attacks. A more detailed discussion of these and other insurance issues related to cyber risk in the energy sector can be found in the December issue of The American Oil & Gas Reporter, where Lawrence Bracken, Michael Levine, and I discuss four key coverages that oil and gas companies should be using to mitigate cyber risk.

Sources: Hackers halt plant operations in watershed cyber attack (Reuters Dec. 14, 2017); Triton: hackers take out safety systems in 'watershed' attack on energy plant (The Guardian Dec. 15, 2017); 'Triton' malware menaces industrial safety systems (E&E News Dec. 15, 2017).