Oil and gas security leaders face a wide range of challenges that threaten their operations and assets. And the risks they tackle every day have only become more complex and unpredictable.
For starters, teams must protect many facilities across a wide geographic area. Because companies often have critical infrastructure built in remote locations, worksites are vulnerable to theft, sabotage, and natural disasters. And the transportation of energy commodities presents additional problems, such as leaks and piracy.
To complicate matters further, security teams must navigate the complex political environment of the towns and cities where they do business. Failure to do so could lead to opposition from local communities. And in many cases, we have seen this result in regulators limiting operations or halting expansion projects – all of which can have enormous financial consequences for the business.
So to address these challenges, more organizations have turned to open source intelligence (OSINT). Thanks to the explosion in the amount of public data available online, OSINT has emerged as an invaluable tool for gleaning insights into threats and vulnerabilities. And by proactively identifying potential issues, OSINT can help security leaders take proactive measures to mitigate risks or respond faster to crisis situations.
Still, open source intelligence remains a new field. And many teams don’t appreciate how to harness OSINT techniques to their full advantage.
So in this blog post, we will explore five ways oil and gas security leaders can exploit OSINT. From travel security to public relations, let’s break down several cases where security leaders can leverage open source intelligence to protect their employees, customers, and property.
1. Executive Protection
Corporate executives face many dangers due to their visibility and influence. These risks include traditional physical threats, such as stalking and assassination attempts, from disgruntled employees or groups who oppose their company's policies. And in more recent years, managers have become vulnerable to new cyber risks, like hacking, doxing, and identity theft.
A threatening post directed towards a senior executive of a Fortune 500 company. Discovered by Navigator. Identifying information has been redacted.
To proactively address these concerns, close protection teams have turned to OSINT. For example, monitoring social media can allow analysts to identify individuals that pose a direct physical threat to a protectee. And through further research, security teams can gain insights into the habits, lifestyle, and mindset of a person of interest.
Finally, OSINT research can also allow protectors to spot other risks to their protectee, such as identifying misinformation spreading across social media, personal information leaked online, or disruptions of upcoming travel plans.
2. Public Relations
Oil and gas companies must keep tabs on the local politics of the towns and cities where they do business. Local politics can have a big impact on operations, as decisions made by city councils, county boards, and state legislators can affect everything from zoning and land-use regulations to permitting or environmental compliance. And failure to navigate these complex political environments can result in costly delays in obtaining permits, increased opposition to projects, as well as legal and regulatory penalties.
Open-source intelligence, however, can help businesses study public opinion and gain insights into the political situation in these areas. For instance, OSINT tools can allow security teams to track public sentiment toward their operations. That can help companies identify the specific concerns of locals in a given area or respond to potential issues before they become a crisis. Security leaders can also use OSINT to study the political positions of local officials, which can put companies in a position to identify key decision-makers and anticipate regulatory changes.
3. Accidental Information Breaches
A new employee might publish a picture of their ID card on LinkedIn. Bored workers stuck at a remote facility may publish entertaining videos to TikTok or Instagram. A contractor could store sensitive data on an unsecured cloud server. The EXIF data embedded in a photo published on a blog could reveal the location of a senior executive’s personal residence.
An unsanctioned YouTube video of a worker providing a tour of an offshore oil platform in Saudi Arabia. The video includes many potential insights for attackers, including the types of technologies used, the names of several employees, and detailed layouts of the facility. Discovered by Navigator.
These tidbits of leaked information can have enormous value for attackers sleuthing out security vulnerabilities within an organization. But by monitoring the web, OSINT analysts can detect these accidental breaches and take down content before it gets into the wrong hands.
4. Event Security
Event security, such as for an annual meeting or industry conference, poses several challenges. The physical safety of attendees represents one obvious concern. Companies, however, also need to consider the risk of planned disruptions by unauthorized individuals, which could derail the assembly or result in embarrassing press coverage.
But by monitoring open data sources, security teams can identify potential problems, such as trespassers or planned disruptions, and take appropriate measures to mitigate them. Furthermore, OSINT analysts can help to spot any physical threats that may endanger attendees, and prepare the right response.
5. Worksite Safety
Oil and gas security teams must contend with many job site hazards, from wars and industrial accidents to extreme weather and workplace violence. During these situations, seconds count. A delayed response could cost an organization millions of dollars in damages or business disruption. Even worse, failing to react quickly in a crisis can endanger the lives of customers and employees.
Trespassers present another concern. Unauthorized individuals at a company worksite can disrupt operations, damage equipment, or harm themselves and others. And that can lead to loss of life as well as legal actions against the company.
An employee posting from their job site, potentially exposing the location of valuable equipment. Post discovered by Navigator, identifying information has been redacted.
Thankfully, OSINT tools can assist security teams when addressing these challenges. For starters, it’s not uncommon for users to report crisis situations on social media hours before these stories get picked up by traditional news outlets. Through web monitoring, analysts can be alerted to emerging events at or near their worksites in almost real time.
Additional information, such as photos and eyewitness accounts, can also help security teams understand the scope and impact of the event. That can allow companies to respond faster to crisis situations and make better-informed decisions.
Energy companies face a swath of different cybersecurity risks, including attacks on their control systems, intellectual property theft, and disruption of operations. Control systems, such as those used to operate oil and gas production and pipelines, are particularly vulnerable to cyberattacks. These systems represent critical components to daily operations, and they’re often connected to the Internet and may have outdated software. A successful attack by criminals, terrorist groups, or nation-states, could cause significant damage and disrupt operations. Additionally, the use of ransomware or other malicious software also poses a major threat.
But like physical security, energy companies can use OSINT to protect their data and electronic systems as well. For example, ethical hackers can conduct reconnaissance about their organization’s system infrastructure, such as open ports, inter-connected devices, software, public business records, website-listed directories, and other unintentionally exposed information. Such intelligence could be used to identify vulnerable access points and security gaps.
Likewise, OSINT can also identify situations where employee log-in credentials or other sensitive data has been leaked or exposed. If such information has been breached or disclosed in any cyber-attack or data leak, the security team or analyst can alert impacted stakeholders to quickly reset their passwords and deploy the security controls.
The Bottom Line on OSINT for Oil and Gas Security
While OSINT represents a powerful tool for oil and gas security, leaders must also consider several challenges and limitations before applying these techniques to their own programs.
For starters, the sheer volume of content published online can overwhelm even the most well-staffed teams. Even worse, OSINT analysts can only derive intelligence from public sources. If a threat doesn’t materialize online, it could slip past undetected. For these reasons, OSINT will never represent the ultimate ‘silver bullet’ for any corporate security program.
That said, open source intelligence still serves as a valuable tool for energy companies. After all, it’s far cheaper to proactively identify and address threats than to respond after an incident has already occurred. And OSINT can represent a serious force multiplier for any resource-strapped security team.