Cyber Security for Oil and Gas Companies
With the advance of technology, the oil and gas utilities industry has moved to incorporate information technology (IT) into its upstream and downstream operations so as to achieve better oversight on productivity, real-time monitoring and control and a more productive working relationship with heavy steel fabrication companies. This has led to increased streamlining in the process of managing supply and demand; however, it has also made the industry more vulnerable to cyber-attacks. Cyber-attacks have the potential to inflict substantial damage on critical infrastructure, and this can lead to far-reaching consequences in an increasingly decentralized digitally connected energy ecosystem. This blog will discuss more about cyber-attacks and potential protective measures from such events.
Cyber-readiness of oil and gas companies
In May 2021, the possibility of a cyber incident with regard to the oil and gas industry was brought to the public’s awareness when U.S. pipeline operator Colonial Pipeline suffered a ransomware attack. The company was forced to stop running the systems that operate its 5,500-mile pipeline and the economic damage, including adverse impacts to the pipe fabrication industry, was tremendous. Europe’s oil products sector was hit in February 2022 when a cyberattack targeted loading facilities in Germany and spread to key terminals in the Amsterdam-Rotterdam-Antwerp (ARA) network. A total of 17 terminals (11 in Germany and six in ARA) were affected. This instance shows that attacks are becoming increasingly frequent – and more sophisticated. As early as 2017, the U.S. research institute Ponemon was commissioned by Siemens to conduct a survey of the oil and gas industry. According to its findings, 68% of U.S. oil and gas cyber managers said that their organization had experienced at least one loss of confidential information or disruption to operations in their Operational Technology (OT) environment over the past 12 months. At the same time, the study asserted that many organizations lacked awareness of OT cyber risk.
What can companies do?
The energy sector’s leaders and top executives need to take greater responsibility in mitigating the risk of cyber-attacks. CEOs and board members must draw from their decades of expertise in integrating energy assets with OT and leveraging IT networks to reduce cyber risk across their hyperconnected operating environments. For decades, oil and gas companies have pursued productivity gains by researching advanced excavation techniques and by linking physical energy assets with OT control systems and IT networks. That trend continues today with energy organizations seeking big data, artificial intelligence (AI), and automation solutions to reduce costs, improve efficiency and help reduce emissions. Throughout this process, industry executives have also pioneered key management principles and risk-based approaches to securing the technologies and processes that serve as the foundation for their hyperconnected industrial Internet of Things (IoT) business model. To prepare for the new normal of more frequent and sophisticated cyber-attacks on energy and critical infrastructure, energy sector CEOs and corporate board members must take the best practices and key lessons learned from a decade of both successfully addressing and learning from the failures of addressing cyber risk.
Conclusion
Resilience of the oil and gas industry to cyber attacks has a lot of potential to improve going forward. Assessment of IT/OT security should include current risk covering, systems, threats and impacts. Digital workforce in oil refineries can improve field force effectiveness using wearable devices and digital tools, including augmented-reality systems. Regulatory developments in this space can assist in making oil and gas companies more aware of cyber attack risks, however the industry has a long way to go in its quest to become technologically resilient!