Mr Alexander Polyakov
CTO, Co-Founder
ERPScan, USA
Founder of ERPScan, President of EAS-SEC.org project, and recognized as an R&D professional and
Entrepreneur of the year, Alexander Polyakov’s expertise covers the security of enterprise businesscritical software like ERP, CRM, SRM from SAP and Oracle and industry-specific solutions for Oil and
Gas, Energy, Retail and Manufacturing. He has received several accolades and published over 100
vulnerabilities. He has authored multiple whitepapers such as annual award winning “SAP Security in
Figures” and surveys devoted to information security research in SAP. Polyakov has authored a book
about Oracle Database security and has presented his research on SAP and ERP security at more than
60 conferences and trainings in 20+ countries in all continents. He has also held trainings for the CISOs
of Fortune 2000 companies, and for SAP SE itself.
“Cybersecurity for Oil and Gas Industry - How hackers can steal oil”
The Oil and Gas cybersecurity is a topic of great importance as such companies are responsible for a
great part of some countries’ economy. Experts agree that cyber-attacks against companies involved in
the industry are growing in number and complexity. For example, ERPScan revealed the ways how an
ERP system (namely SAP and Oracle) can be compromised including vulnerabilities, misconfigurations,
unnecessary privileges and custom code issues. SAP states that 85% of the Forbes 2000 oil and gas
companies use its solutions and about 70 million barrels per day of oil are produced by companies using
SAP solutions. These facts make SAP systems a perfect entry point of sabotage attack performed by
nation states or hacktivists.
This talk, based on a several case studies conducted during research and professional services, will shed
a light on this highly critical and very dark area. We will discuss specific attacks and vulnerabilities
related to oil and gas companies as well as guidelines and processes on how to avoid them.