unclassified oil and natural gas economic espionage...
TRANSCRIPT
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
SPECIAL AGENT MICHAEL S. MORGAN
FEDERAL BUREAU OF INVESTIGATION
HOUSTON FIELD OFFICE
Oil and Natural Gas Economic Espionage An Evolving Threat:
Insider Threats and Cyber Security
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Why Is Economic Espionage Important?
Estimates on the impact of Economic Espionage vary.
Some are as high as ~$400 billion per year.
UNCLASSIFIED 2
Impacts include:
Lost revenue
Lost jobs
Clean Power Plan compliance
Lost investments for research
What We Do Know…
Change in cash flow considerations
Delays or interruption in production
Long-term competition challenges
Impedes strategic planning
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
A recent FBI survey of 165 US companies found that China was the perpetrator in 95 percent of economic-espionage cases.
Fox News, Dean, July 25, 2015
The head of the National Counterintelligence and Security Center
states “the Chinese government plays a
significant role in economic espionage”. CNN, Bruer, July 24, 2014
China Most Predominant Threat
UNCLASSIFIED 10/28/2016
UNCLASSIFIED
UNCLASSIFIED
“ The pervasiveness of the cyber threat is such that the FBI and other intelligence, military, homeland security, and law enforcement agencies across the government view cyber security and cyber attacks as a top priority.”
FBI Director James Comey
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Oil and Natural Gas Economic Espionage
5
Reduce Costs, Increase Efficiencies, And Survive The Ever-Changing Market
PROFITS CYBER
VULNERABILITIES OPPORTUNITY MOTIVATION
CURRENT ACCESS
FUTURE
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Motivations
6
Reduce Costs, Increase Efficiencies, And Survive The Ever-Changing Market
Declining Oil Prices
Geophysical Obstacles
Water & Other Critical Resource
Availability
PROFITS
FUTURE
MOTIVATION
Mining Rights and Regulations
Climate Change
Pollution
Digital Oilfield
CURRENT
• Global low oil prices
• Complex geologic conditions
• Industry regulations – oil and gas mineral rights
• Other drilling conditions
• Portfolio diversification
• Industry “know how” and expertise
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Opportunities
7 Reduce Costs, Increase Efficiencies, And Survive The Ever-Changing Market
PROFITS
FUTURE
CYBER
OPPORTUNITY
State-Sponsored Support
Climate Change
Pollution
Digital Oilfield
US Footprint
ACCESS
• Continued low oil prices
• Environmental protection
• Digitization
• State-sponsored support
• Access
• US industry seeking legitimate joint ventures and partnerships
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
• US global footprint
• Market downturn dynamics
• Access to US R&D and academia
• Open market transparency
• Cyber threats
• Insider threats and asset recruitment
Vulnerabilities
8 Reduce Costs, Increase Efficiencies, And Survive The Ever-Changing Market
Debt Loan
Contention
Selling Assets & Shares
Risky Investing Conditions
Academia
People
Acquisitions
R&D
Joint Ventures
CYBER
VULNERABILITIES
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Methods, Tactics and Techniques
9
Violating Export Control Laws
Hacking and Spearphishing
Headhunters & Job Postings
Attending/Hosting Conferences
Liaison w/ Universities Trespassing
Social Media Joint Ventures Bribing Insiders Visiting Delegations
Intelligence Services
US-Based Diplomatic Offices
Mergers & Acquisitions
Insider Threat
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
• Computer Hackers: Computer savvy people who specialize in writing and manipulating computer code to gain access or install unwanted software on your computer.
• Social Hackers: People who specialize in exploiting personal connections through social networks.
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
• Intellectual Property Theft
• Ransomware
• Business E-mail Compromise
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
Intellectual property theft: Robbing individuals or companies of their ideas, inventions, and creative expressions—often stolen when computers and networks are accessed by unscrupulous competitors, hackers, and other criminals.
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
Ransomware: Malware that infects computers and restricts users’ access to their files or threatens the permanent destruction of their information unless a ransom is paid. The actors behind these sophisticated schemes advise the users that if they pay the ransom, they will receive the private key needed to decrypt the files.
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
•Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data. •Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system). •Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans. •Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary. 10/28/2016
UNCLASSIFIED
UNCLASSIFIED 10/28/2016
•Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories. •Disable macro scripts from office files transmitted over e-mail.Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
UNCLASSIFIED
UNCLASSIFIED
Business e-mail compromise (BEC): BEC is a type of payment fraud that involves the compromise of legitimate business e-mail accounts—often belonging to either the chief executive officer or the chief financial officer—for the purpose of conducting unauthorized wire transfers. After compromising a company’s e-mail account—usually through social engineering or malware—the criminals are then able to send wire transfer instructions using the victim’s e-mail or a spoofed e-mail account. BEC scams have been reported in all 50 states and in 100 countries and have caused estimated losses of more than $3 billion worldwide.
10/28/2016
UNCLASSIFIED
UNCLASSIFIED 10/28/2016
UNCLASSIFIED
UNCLASSIFIED
•Verify changes in vendor payment location and confirm requests for transfer of funds. •Be wary of free, web-based e-mail accounts, which are more susceptible to being hacked. •Be careful when posting financial and personnel information to social media and company websites. •Regarding wire transfer payments, be suspicious of requests for secrecy or pressure to take action quickly.
10/28/2016
UNCLASSIFIED
UNCLASSIFIED
10/28/2016
•Consider financial security procedures that include a two-step verification process for wire transfer payments. •Create intrusion detection system rules that flag e-mails with extensions that are similar to company e-mail but not exactly the same. For example, .co instead of .com. •If possible, register all Internet domains that are slightly different than the actual company domain. •Know the habits of your customers, including the reason, detail, and amount of payments. Beware of any significant changes.
UNCLASSIFIED
UNCLASSIFIED
Questions?
MICHAEL S. MORGAN
Special Agent, Strategic Partnership Coordinator
Houston FBI
(713) 936-7734
[email protected] 10/28/2016