The truth about cyber security's impact on the oil and gas industry
THE WORST-CASE SCENARIO
In the instances where security is breached, the possible consequences highly depend on the malefactors and their aims. Alexander Polyakov, who authored an article for Forbes about cybersecurity in the industry, has said that: “competitors or state-backed hackers are interested in revealing sensitive information. Sabotage, on the other hand, is likely to come from hacktivists.”
Whatever the intentions of the criminals, Alexander goes on to explain three possible worst-case scenarios the industry can experience:
Oil Market Fraud
A cybercriminal could upload a malicious program that dynamically changes the oil stock information of a company – potentially wreaking havoc and leading oil prices to change if the criminal artificially inflates the level of stock.
Tank information management solutions can be hacked, potentially changing the critical values. Increasing the filling limit of an oil tank, above its maximum, could result in a catastrophic situation.
Remote plant equipment is at risk of data manipulation, including temperature and pressure measurements. A hacker could implant false data showing that there has been a breakdown in the equipment in a remote facility, leading to wasted time and investment investigating the issue.
PROCESS AND PRIVACY ARE KEY
With such worst-case scenarios and business damage at stake, it is not a surprise that the industry has already responded by implementing initiatives to drive better security through process and privacy.
PWC’s survey asked respondents about their cybersecurity operational plans over the next 12 months. 62% said that they already had a single leader in place who is responsible for the cybersecurity process in their company. 48% of respondents said they’re performing security risk assessments internally but only 31% are conducting an inventory on third-party connections.
As for privacy, 39% of respondents said their top initiative is to improve privacy internally with training and awareness. Clearly, companies are beginning to take the issue more seriously, but work is required to fully educate and protect companies in the industry.
SUPPORT FROM EUROPEAN POLICYMAKERS
2017 has seen the completion of a new report by the Energy Expert Cyber Security Platform (EECSP) – a group that gives guidance to the European Commission on infrastructural issues, security of supply, smart grids technologies and nuclear energy.
The report was quick to highlight strategic challenges and specific needs for cybersecurity in the energy sector in four key areas:
- Management of risks and threats
- Cyber defence
- Cyber resilience
- Capacity and competences to take action.
The report goes on to propose that the European Commission encourage EU energy regions to share information on cybersecurity, as well as create a cyber response framework for the energy sector – helping businesses prepare for an attack. These actions, although beneficial to the oil and gas industry, are still to be fulfilled by the European Commission.
THE FUTURE RISKS OF CYBER SECURITY
The report by EECSP also flagged the role that new digital technologies are playing within the energy sector as a whole. As data on energy production and monitor demand homogenizes, so too will the physical infrastructure, such as electricity grids and gas transport pipelines, heightening the impact that a cybersecurity breach could have.
Together with a shift towards mobile devices to work from, such as IP-connected process control systems and devices, it is clear to see that cybersecurity is going to be more important than ever in years to come.
This is a view shared by Trond Winther, head of the Operations Department at DNV GL – Oil & Gas who scrutinised the 1,100 survey responses they compiled on behalf of the Norwegian Government and offshore companies in the region.
“As all oil and gas process plants are now connected to the Internet in some way, protecting vital digital infrastructure against cyber-attacks also ensures safe operations and optimal production regularity”.
DETECTING THREATS, PROTECTING DATA
Here at Claxton, our IT Manager continues to work with our sister companies in the Acteon Group to detect threats early and protect our vital data. But, as they explain, the group as a whole are also looking to protect clients from cyber-attacks too.
“Acteon is currently in the process of exploring the use of cybersecurity technologies to help harden the technology estate across the group, which includes Claxton. The specific areas of focus have been around the end user, in particular, next-generation anti-virus clients and web & email filtering.”
“The aim is to consolidate and centralise our technologies into single cloud technology platforms that can be utilised by the entire group. This will drive internal efficiency and reduce costs, while greatly improving our ability to prevent and detect existing and emerging threats.”
THE IMPORTANCE OF CYBER SECURITY
Cybersecurity will continue to play a big role in the oil and gas industry as criminals become savvier. The industry, however, is responding with solid budgets, educational initiatives and support from European policymakers to ensure security remains high.
The founding of a cyber response framework for the European energy sector will do a lot to protect those in the economic region, but companies should still look out for themselves and ensure their crucial data, and infrastructure is never compromised.
For more insight, analysis and advice on key topics within the oil and gas industry, subscribe to the Claxton Engineering blog and get our articles direct to your inbox, as soon as we publish them. Subscribe for free, today.
Decommissioning Case Study Pack
The Claxton offshore decommissioning case study pack showcases our vast experience of delivering successful decommissioning projects.