The recent financial pressures as a result of the oil downturn have left cyber security functions for many firms within the oil and gas sector considerably underfunded and out of date.
This has the potential to create a wealth of opportunity for cyber criminals to test their capabilities, and those operating in the oil and gas sector must not be complacent.
The high-value and high profile nature of the sector, coupled with the complex layers of supply chains, processes and industrial controls, makes the industry a potentially high value target for hackers. The attack could be for financial gain, to steal intellectual property, data, or to cause operational disruption.
It’s therefore easy to appreciate why our 2017 global CIO survey found that confidence in cyber security has steadily fallen, with only one in five IT leaders feeling well prepared to respond to an attack. Meanwhile the number of serious cyber-attacks has continued to rise, with one in three businesses reporting a major attack in the past two years, 45% higher than four years ago.
In the oil and gas sector, CIOs face a huge task in ensuring all systems are updated with the latest security patches. Today’s operations use increasing levels of automation – complex and interconnected sub-systems – from operational, hydraulic, mechanical, to electrical. System monitoring, inventory control, and information and business systems all link together from the business to function. A problem in one system can have a cascading failure effect on the entire operation, so all of these must be secure.
In addition, on 25 May 2018 the new EU General Data Protection Regulation (GDPR) comes into effect, which will directly impact any organisation in the UK and worldwide which has dealings with consumers and businesses in EU member states. This will fundamentally alter the scale, scope and complexity of the way personal information is processed, and the threat of fines for businesses who fail to comply will create a step change in the digital landscape. While GDPR will inevitably play a major role in bolstering cyber security defences by forcing businesses in oil and gas to reflect on their own digital systems, and how they handle data, the preparation will require significant investment.
Source: Offshore Energy Today