Cyber and physical attacks – understanding and managing the risks in oil and gas

WHILE the cyber threat has been talked about for many years as an emerging security risk to the oil and gas industry, it is now very much ‘a new reality’. The risk of cyber and/or physical attack is ever present and both have the potential to put people, processes and property in danger.

For the oil and gas sector - like other sectors - it continues to be difficult to detect and defend against. In what has been an uncertain time for the industry, now, more than ever, it is important that we build our resilience against the changing threats of the global geopolitical and security landscape.

Politically and economically, the attention of hackers is drawn to energy in wishing to cause disruption by halting production, causing financial loss, or even causing loss of life. The offshore physical security environment is ever changing with strategic geopolitical shifts giving rise to new areas of potential conflict and global networks of terrorists continue to pose a threat to politically important commercial operations.

Technological advancements in our industry may also expose more of our operations to cyber attack. Malicious groups have an increasingly large armoury of technology - physical weaponry and malware - with which to target oil and gas operations.

Indeed those with specialist knowledge suggest that in most cases, cyber and physical attacks are disassociated, although ‘cyber physical’ attacks, where control systems are hacked to cause physical damage, are on the increase.

During a keynote session at Offshore Europe 2017, we shall seek to inform our understanding of what the new realities are in the global security environment, so that we can proactively manage the risks and ensure safe and sustainable operations.

With pressure on bottom lines, expenditure on sometimes expensive risk mitigation technology, could be seen as challenging. However, the threats are unlikely to go away and will continually evolve. It is therefore vital that companies continue to invest in solutions that will ensure security for their personnel, assets and reputation.

Cooperation and sharing information within the industry is crucial to help companies collectively respond to emerging threats and, importantly, learn from incidents where things have gone wrong. There are a number of ongoing collaboration initiatives on cyber security in the oil and gas sector, which is good to see.

Investment in risk management will establish effective processes and procedures to ensure industry remains on top of security threats, and will also instil a culture of security within any organisation.

Human error still remains one of the main causes of security lapses and all employees should have an understanding of how they are likely to be targeted. In today’s digital world, simply opening an infected email in a head office for example, may lead to serious consequences for upstream and downstream operations.

Delegates will leave with a better understanding of the shifts in global strategic risks to oil and gas operations and the ‘new realities’, threats and vulnerabilities that companies are facing. The discussion will also share experiences and learnings from security trends in existing offshore producing regions such as West Africa, the Middle East and South America.

Deirdre is a former vice-president and council member of Aberdeen & Grampian Chamber of Commerce.