Shell has issued a stark warning on the risks to its IT systems.
As the company made public an aggressive strategy to increase production and cut costs, it emphasised the importance of secure technology to the continued functioning of its business and production environments, as well as to its reputation.
The comments follow reports last month that Shell, BP, Exxon, Marathon, ConocoPhillips and oil services company Baker Hughes were all the victims of ‘Night Dragon’ hacking attempts from China.
“We rely heavily on information technology systems for our operations,” the company said in its annual financial statement published this week, adding that systems and related staff were “increasingly concentrated” geographically.
“Shell, like many other multinational companies, has been the target of attempts by others to gain unauthorised access through the Internet to our IT systems, including more sophisticated attempts often referred to as advanced persistent threat,” it said.
Shell has experienced significant security breaches, particularly in Nigeria where in 2009 it reached a $15 million out of court settlement over its alleged involvement in the death of Nigerian activists including the poet Ken Saro-Wiwa. Shell said the payment did not mean it accepted responsibility.
Last year, an elaborate fake email about its operations in the country was circulated, suggesting the company was planning to stop its deepwater drilling off the coast. The news followed a massive data leak in which the details of 176,000 Shell employees and contractors in Nigeria were emailed to campaigners. Data included home telephone numbers of some staff who worked remotely.
“Disruption of critical IT services, or breaches of information security, could have a negative effect on our operational performance and earnings, as well as on our reputation,” Shell said this week.
The comments come as the Ponemon Institute issued a report stating that cryptography is an essential component of businesses’ data protection and compliance efforts. Seventy-one percent of auditors surveyed believe that information assets cannot be fully protected without it, the institute found. Shell has not commented directly on encryption.
As Shell works to tighten information security, it is simultaneously attempting to slash billions of dollars from costs.
Chief executive Peter Voser this week confirmed to investors that total savings for 2009 and 2010 hit $4 billion (£2.5 billion), half of which was achieved last year. It is targeting a further $1 billion savings this year.
Cost reduction and simplification had taken place in both the company’s upstream (exploration and drilling) and downstream (refining and distribution) operations, he said. In downstream, which formed over half of the cost cutting, changes took place in “several areas”, he said, including “designing more efficient business processes” and “offshoring of back office support”.
Shell’s offshoring programme has proceeded apace, with the company establishing its own shared services centres in eight countries including China and India, and boasting that its global scale had enabled it to spend $200 million less than market prices for contracting and procurement in low cost markets. It spent around $1.2 billion last year in those areas.
Overall, Shell has dramatically cut overall staff numbers, with 7,000 staff leaving the company last year. In the past, it has attempted to assure IT and engineering staff that most of the changes were in “non-technical areas”.
It added: “Despite staff reductions in 2010, we maintained external recruitment in order to deliver our strategy and plans in the future. The majority of our graduates and experienced hires continues to come from technical disciplines.”
Shell also said it adopted a new technology strategy last year, referring to both IT and mechanical systems, and targeting innovation and speed of deployment. The programme “emphasises continued strong investment in research, speeding up the commercialisation of ideas, and working more closely with strategic external partners, such as customers and universities”, it said.
“Technology and innovation are essential to Shell,” it added. “If we do not develop the right technology, do not have access to it or do not deploy it effectively, the delivery of our strategy, our profitability and our earnings may be affected. We operate in environments where the most advanced technologies are needed.”
Shell is mainly Microsoft Windows-based, but also runs Linux platforms to support exploration and production systems, and it runs some Unix systems. Its key applications are hosted out of Amsterdam, based on SAP and Oracle software.