Updated: Nov 14, 2019
The oil and gas industry is bracing for an increase in cyberattacks over the next year. The rising exploitation of digital technologies, dependence on cyber infrastructures and cost-minded operational concepts leaves the industry prone to new threats. Cyberattacks in the industry are rising in complexity, with more difficulty in detection and defense.
Notably, these 10 cybersecurity threats are of particular concern and will require resources and investment to remedy:
1. Lack of Awareness and Training
The oil and gas industries involve some work in locations that can pose dangerous conditions, like an oil rig. Although drone-based technology continues to play a role in certain rig-related tasks that pose a risk to people, there remain a multitude of tasks that require hands-on human attention. These tasks, in particular, require ample training and awareness.
Employees with a lack of training are likelier to commit errors that leave the system open to attack. Especially today, many employees utilize mobile technology to monitor equipment and communicate. These mobile devices have the potential to be compromised, requiring more cyberawareness than ever before and the training that helps increase such awareness.
2. Remote Work
The ability to work remotely is more real than ever thanks to advancements in drone-based and mobile technology. Although this technology places people away from harmful locations and tasks, the exchange is more vulnerabilities in cybersecurity. Remote work makes things easier, but it also enables a hacker to gain access and perform tasks an employee can, without detection.
As a result, the oil and gas industry should implement strict protocol regarding use of remote and mobile devices, while requiring employees regardless of seniority to undergo training to comprehend these new protocols.
3. Using IT Products With Known Weaknesses
As a cost-cutting measure, some in the oil and gas industry opt to use IT products with known weaknesses, hoping their attentiveness can compensate for those vulnerabilities. Some IT products allow a hacker to attack a weak link within the supply chain to gradually gain access to the larger organization, a symptom of outdated control systems. While some vendors in the oil and gas supply chain focus commendably on cybersecurity, others pose a risk, making it essential for oil and gas companies to be selective regarding their IT products of choice.
4. Cybersecurity Culture Is Limited
Even in a very technological culture, cybersecurity remains a niche sector. Instilling a cybersecurity culture can help reduce employees misusing company systems, leading to less avenues for threats to take hold. Managers can instill a cybersecurity culture by hosting seminars on the importance of cybersecurity, highlighting in particular how a damaging attack can lead to a loss of revenue and consequently jobs. Managers can also emphasize how cybersecurity will only continue to rise in importance, making handling it a coveted and relevant skill.
5. Data Network Separation Is Insufficient
An insufficient separation of data networks provides more avenues for cybersecurity attacks. Although a lack of separation can be less costly, an IT infrastructure with insufficient separation of data can provide hackers with the ability to access a boatload of valuable information upon access. As a result, the oil and gas industry should consider the investment required for further separation of data as something to consider, which could be worthwhile in the long term.
6. Insufficient Physical Security of Data Rooms
A hacker that accesses a business's data room can wreak utter havoc. Many in the oil and gas industry see the industry as less coveted than other governmental or financial sectors, though they underestimate the fact that hackers are willing to hack anything for monetary or political gain. As a result, the oil and gas industry should implement strict physical security for data rooms, issuing employees secure keycards and assigning security to the data room specifically. Cybersecurity and physical security go hand-in-hand when securing data rooms.
7. Software Weaknesses
When choosing software to aid with cybersecurity, the oil and gas industry should be wary of the lowest bidder. Although some software may seem costly, their additional features and stauncher security can potentially end up saving millions if offering features that reduce cybersecurity threats. Software that’s vulnerable to cybersecurity attacks is not going to hold up in the long term.
8. Outdated and Aging Control Systems
Cybersecurity threats constantly evolve, with hackers working to exploit systems old and new. Whereas at least the new systems have recent threats in mind during their development, outdated systems may not be equipped to handle newer issues. Technology continues to develop at a rapid pace, and hackers are adapting. The oil and gas industry needs to adapt as well, requiring frequent updates of its control system software and infrastructure.
9. Onshore and Offshore Facility Connections
Oil and gas industries require collaboration between onshore and offshore facilities, prompting the use of mobile and remote devices. In addition to maintaining security at these respective locations, the industry should be aware of security regarding the connection between various facilities. Communication should be open, but not to the point where a hacker can access components of both by accessing one facility. Implementing a layered security system is one way to keep this data secured while maintaining a seamless line of communication between facilities.
10. Plant Shutdown
If a plant has to shut down for some reason, there should be a protocol in place to ensure all technology and systems can be secured even without a human presence. Utility interruptions and plant shutdowns, in addition to health issues like spills, can require the evacuation of the premises. In such a scenario, the industry should equip its security infrastructure to withstand secure remote access or automated security.
The oil and gas industry faces many cybersecurity threats as technological innovations continue to emerge. Fortunately, it can keep pace with threats and regard the issues above before a problem occurs.
Credit: safety4sea.net, exxon.com
© 2019 De Angelis & Associates. All Rights Reserved.