The oil and gas sector is not noting troubling times solely due to price falls, it seems, with a new study revealing that firms are also open and vulnerable to severe cyber risks. A publication by DNV GL showcases some of the top cyber risks for offshore Norway operations that could affect the entire global industry.
As digital threats continue to rise, Norwegian intelligence authorities have said that many are aimed directly towards the oil and gas sector. With criminals increasingly sophisticated, and their methods growing in innovation, it is essential that energy companies sit up and take notice. Surveying 1,100 business professionals, it was found that just 27% set concrete goals when it comes to tackling cybercrime, with 58% using an ad hoc strategy. DNV GL’s head of the security and information risk section, Petter Myrvang, said: “Headline cybersecurity incidents are rare, but a lot of lesser attacks go undetected or unreported as many organisations do not know that someone has broken into their systems. The first line of attack is often the office environment of an oil and gas company, working through to the production network and process control and safety systems.”
Outlining some of the major cybersecurity vulnerabilities, DNV GL said that many firms had a lack of awareness and training in their workforce. This was made worse by the fact that remote work is often required during maintenance and operations, opening the door to breaches. Insufficient separation of data networks was also highlighted, as was a poor cybersecurity culture among contractors, suppliers and vendors. Companies also failed to physically secure cabinets, data rooms and other storage facilities properly while continuing to use vulnerable software and standard IT products that have known associated risks.
For oil and gas companies concerned about vulnerabilities, DNV GL suggests that executives should take a risk-based approach to strategising effect safeguards. By using the familiar bow-tie model, a system that is utilised in safety barrier management, firms can more easily identify potential asset vulnerabilities and threats and put appropriate barriers in place to limit cyber-risk consequences.
The need for oil and gas firms to take action and protect themselves from cyber risks should be a top priority. Breaches can not only damage a company’s infrastructure and operations but also negatively effect consumer opinion. At a time when energy firms must operate as efficiently as possible due to falling prices and sector turbulence, it is essential to have cyber-safeguards in place.