Is Your Company Ready for the Next Big Cyber-Attack?
As robotics, digitization and the Internet of Things (IoT) become more ingrained in oil and gas operations, cyber-attackers continue to provide stark reminders that critical computer infrastructure systems – increasingly linked via wireless networks – are vulnerable to serious breaches. For instance, the recent WannaCry ransomware and Fireball malware attacks together affected hundreds of millions of computer users worldwide. Also, attacks this week affected the world's largest shipping company and a major Russian oil producer.
As WannaCry, Fireball and more recent attacks showed, cyber-criminals are becoming more sophisticated. Moreover, the wireless networks that increasingly undergird oil and gas industrial control systems (ICS) provide tempting access points for hackers. How vigilant are oil and gas companies in regard to protecting their increasingly complex operational infrastructure? According to a recent report from Deloitte, there is room for improvement. In fact, the report's authors contend that oil and gas companies are relative laggards when it comes to implementing ICS cyber-security initiatives.
Rigzone recently caught up with one of the authors, Deloitte Global Energy and Resources Risk Advisory Leader Paul Zonneveld, to discuss how oil and gas players can bolster the security of their control systems. Read on for details.
Rigzone: First off, in regard to cybersecurity, what are some areas in which the oil and gas industry is to be commended for taking a proactive approach in mitigating risks?
Zonneveld: Cyber risk and cyber threat mitigation strategies are now moving up the priority list for boards and senior executives of oil and gas companies, as the number of incidents has increased and vulnerabilities are identified. The oil and gas business is still lagging other sectors but the issue is now being taken more seriously
Rigzone: You've identified four critical cybersecurity risks (see infographic below). Is there a common thread(s) underlying all of these risks? Please elaborate on any common threads and what could be done to bolster defenses on those fundamental fronts.
Zonneveld: The increasing proliferation of remote sensors and IoT devices raises the level of risk and exposure to cyber-attack, both from external “bad actors” and human error within company operations as systems become more complex. Protecting against cyber threat is an ongoing part of business and asset operations, not susceptible to one-off fixes, so the key is awareness of key vulnerabilities and critical system components, leading to robust plans for rapid identification of issues and system recovery. Deloitte’s Secure-Vigilant-Reliant framework focuses cyber planning on making cyber defense as effective as possible.
Rigzone: Through the course of your research, have you identified any factors from within E&P companies, refiners and other oil and gas industry players that have contributed to cybersecurity falling short?
Zonneveld: The oil and gas business is complex with most companies operating a very diverse set of assets with equipment and control systems of different design, different vintage and designed for a different purpose than for cyber protection. In addition, at any one site, there is likely to be a complex ecosystem involving operators, partners, contractors, equipment suppliers and service providers each with different data and operational rights and needs. Add in a strong culture of operational integrity and safety and it becomes challenging to design and implement fit-for-purpose comprehensive cyber risk and recovery protocols.
Rigzone: Are any industries "doing it right" and could serve as a model for the oil and gas industry to bolster its cybersecurity efforts?
Zonneveld: Every industry has its own risk profile, with different threats and controls needed to combat “bad actors.” Financial services is likely the most advanced in implementing programs to combat cyber risk, but of course, this industry attracts the greatest attention from attackers and is often the first to be compromised when new forms of attack are developed. E&P companies are wise to learn from this sector – their experiences and strategies for continuous improvement can help avoid costly mistakes.
Rigzone: Would you like to add any comments?
Zonneveld: The E&P sector is faced with an additional challenge – that industrial control systems have not been designed for security nor have the environments they operate in. There is no quick fix—it will take time and strong leadership to address this risk in order to support of safe and reliable operations.
WHAT DO YOU THINK?
Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.
- Falcon Oil Declares Commercial Flow Test Results for Shenandoah Well
- Macquarie Strategists Expect Brent Oil Price to Grind Higher
- Japan Failing to Meet Corporate Demand for Clean Power: Amazon
- UK Oil Regulator Publishes New Emissions Reduction Plan
- Pennsylvania County Joins List of Local Govts Suing Big Oil over Climate
- PetroChina Posts Higher Annual Profit on Higher Production
- McDermott Settles Reficar Dispute
- US, SKorea Launch Task Force to Stop Illicit Refined Oil Flows into NKorea
- Russian Navy Enters Warship-Crowded Red Sea Amid Houthi Attacks
- USA Commercial Crude Oil Inventories Increase
- New China Climate Chief Says Fossil Fuels Must Keep a Role
- Oil Demand Outpaces Expectations, Testing Calculus on Peak Crude
- House Passes Protecting American Energy Production Act
- TotalEnergies Restarts Production in Denmark's Biggest Gas Field
- USA Oil and Gas Job Figures Jump
- Republican Lawmakers Say IEA Has Abandoned Energy Security Mission
- Blockchain Demands Attention in Oil and Gas
- Houthis Warn Saudi Arabia of Retaliation If It Backs USA Attacks
- Macquarie Sees USA Oil Production Exiting 2024 at 14MM Barrels Per Day
- Summer Pump Prices Set to Hit $4 a Gallon Just as Americans Hit the Road
- New China Climate Chief Says Fossil Fuels Must Keep a Role
- Chinese Mega Company Makes Major Oilfield Discovery
- VIDEO: Missile Attack Kills Crew Transiting Gulf of Aden
- Norway Regulator Blasts Proposal to Halt New Oil and Gas Permits
- Chinese Mega Company Makes Another Major Oilfield Discovery
- What Is the Biggest Risk to Offshore Oil and Gas Personnel in 2024?
- Vessel Sinks in Red Sea After Missile Strike
- Exxon Rights in Stabroek Do Not Apply to Hess Merger with Chevron: Hess
- Equinor Makes Discovery in North Sea
- Analysts Reveal Latest Oil Price Outlook Following OPEC+ Cut Extension