The Petroleum sub-sector includes the exploration, production, storage, transport, and refinement of crude oil. The refined oil is then stored and distributed to key economic sectors throughout the United States.
The United States has about 536,000 crude oil producing wells, along with 30,000 miles of gathering pipelines, 55,000 miles of crude oil pipelines, 150 petroleum refineries, 64,000 miles of product pipelines, and over 1,400 petroleum terminals.
There are four pipelines that traverse New Jersey pushing crude and finished petroleum products for distribution within the state and other locations along the east coast. New Jersey is home to two refineries and multiple petroleum storage terminals.
New Jersey is an attractive target for cyber operations against the Energy Sector because it is a major distribution center for petroleum products throughout the northeast. While state-sponsored threat actors have demonstrated the capability to launch cyber attacks that cause physical damage to infrastructure, the Petroleum sub-sector in New Jersey is likely to face intrusions aimed at establishing persistence to support intelligence collection. The cybersecurity firm Symantec reported that 43 percent of global mining, oil, and gas companies were victims of at least one cyber attack in 2014. In July 2014, Symantec also reported the hacking group Dragonfly compromised systems and stole information from more than 1,000 organizations in four countries—nearly a quarter of these companies were in the United States. The targets included energy generation firms, petroleum pipeline operators, and other energy companies.
In the United States, there have been three terrorist plots against the Petroleum sub-sector, all of which occurred between 2005-07. One of these plots involved Michael Reynolds of Pennsylvania, who was arrested after an attempt to aid al-Qa’ida by attacking energy infrastructure, including petroleum pipelines. The second was a plot by four individuals to blow up fuel tanks and pipelines under JFK Airport. The third involved two individuals who discussed attacks against oil refineries in the United States with international terrorist groups.
Inclement weather is the most frequent disruptive natural hazard that affects petroleum production and distribution. Flooding from natural disasters poses a risk due to the location of petroleum infrastructure in coastal regions. In 2008, Hurricanes Ike and Gustav impacted nearly 65 million barrels of crude oil by interrupting production at facilities located on the Gulf of Mexico.
This year, US President Obama signed the PIPES Act of 2016, which reauthorizes the Pipeline and Hazardous Materials Safety Administration’s (PHMSA) oil and gas pipeline programs through 2019. In addition, the PIPES Act includes new mandates to strengthen current PHMSA safety procedures and programs.
PHMSA’s 2016 Emergency Response Guidebook is a resource for first responders at the scene of a transportation incident involving hazardous materials.
In April 2016, the American Petroleum Institute put out its annual Oil and Natural Gas Industry Preparedness Handbook. The report discusses the industry’s preparedness and response strategy following events such as Superstorm Sandy.
- What security vulnerabilities exist in the physical and cyber realms that terrorists or nations could exploit?
- What types of cyber incidents are petroleum companies in New Jersey experiencing?
- What information is being targeted, accessed, or exfiltrated during cyber operations?
For more information, please contact NJOHSP's Preparedness Bureau at firstname.lastname@example.org.