Skip to main content

Intelligence assured

Subscribe to future blog posts featured in our newsletter

Read more about how we handle personal data

A cyberattack on oil and gas control systems can result in severe consequences to human safety and the environment in the form of ruptures, explosions, fires, releases and spills.
This implies that cybersecurity measures should be fully implemented in this sector. But that is not the case – which is a huge risk to both the society and the environment.

Oil & gas industry is dependent on digital technology

The ICS and SCADA systems used in this sector are dependent on digital technology. Oil and gas companies rely on highly connected data and control systems to facilitate exploration, drilling, system monitoring and to optimize production from onshore and offshore resources. 
Before, the networks used between process equipment and control systems were isolated from other networks such as internet, but that is no longer the case. The need to transfer production data to IT systems, and for remote maintenance of the systems, means that such separation is no longer practically possible. 

This increased use of automation within this sector is needed to manage costs, to extract the most value from currents assets and to maximise up-time. 
But as the dependence on IT technology has grown, so has the vulnerability to cyberattacks which leads to increased risk of threats to the ICS and SCADA networks.

oil & gas industry

Low cybersecurity awareness in the oil & gas industry

According to the latest report by Dragos the oil & gas industry is an especially valuable target for adversaries seeking to exploit industrial control systems (ICS) environments. One major reason being that this sector still has critical IT vulnerabilities left unprotected, ie cybersecurity measures have not been implemented.

One example of a company that was hit is Saipem, an Italian oil and gas industry contractor, that in December 2018 fell victim to a cyber-attack that hit servers based in the Middle East, India, Aberdeen and Italy. The attack, that used a variant of the notorious Shamoon virus, crippled between 300 and 400 servers and up to 100 personal computers, which led to the cancellation of data and infrastructures.

But why is the cybersecurity awareness so low in this sector?
A major challenge with all security is awareness and training among employees – to have a security culture. Malicious codes are usually spread due to human error through attachments in emails that are opened, memory sticks that are inserted, laptops that are connected to unknown networks etc. 
Within the oil & gas industry most of the staff is located onshore and a lot of work is done remotely. Attention to security, and building a security culture, is maybe then not the highest priority. Without this awareness, the right equipment is not installed, mistakes are more likely made, and the likelihood of unwanted incidents increase.

cybersecurity in oil & gas industry

How to work with cybersecurity in the oil & gas industry

With the sector facing such a high cyber risk, it’s more crucial than ever for oil and gas organizations to inhabit a cybersecurity culture and move from reactionary to proactive.

Employees must be informed about the risks and taught how to minimize vulnerabilities. Old equipment and systems must be replaced, and networks should be separated. 
To protect data in ICS/SCADA environments, organizations in the oil and gas industry also need technical solutions that prevents leakage and maintains network confidentiality. Robust cybersecurity is an absolute necessity for safe, continuous and reliable operations and can be a reality with the right solutions.

Need some help?
Advenica has a long experience with cybersecurity and with securing critical data. We can help you with cybersecurity advise on how to build a cybersecurity culture and with future-proof high assurance cybersecurity solutions that will make sure you can have a secure digitalisation.

Most welcome to contact us!

Ransomware attacks on municipalities and similar organisations are more frequent than ever. The attacks can block all computers, and thus all digital communication, with the attacker demanding a huge ransom to unblock them. Avoiding digital communication is hardly an option in today's world. The only way to protect digital communication and not fall victim to these attacks is to work with cybersecurity in a consistent and structured way. 

Integrity and privacy are attacked

Almost all information is digital today; convenient in many ways. Municipalities deal with much sensitive digital information; private information that unauthorised persons should be able to see. A ransomware attack can change this in a second – resulting in that citizens’ integrity and privacy no longer is safe.


Cybersecurity – your responsibility towards your citizens

To avoid falling victim to ransomware attacks, consistent and structured work with cybersecurity is necessary. This is emphasised in new legislation with higher demands on information security. Cybersecurity is simply your responsibility and the only viable way to secure municipalities’ digital communication.


Obtain security insight – the start of keeping integrity and privacy safe

The first step to working proactively with cybersecurity is to obtain security insight through a risk and security analysis. Based on the analysis, it is possible to evaluate the requirements to make sure that the right level of security is defined according to the identified challenges.

Read the Advenica case “Securing municipalities' digital communication” and learn more about:

  • millions of reasons why you should invest in cybersecurity
  • new legislation that sets higher demands on information security
  • how to obtain security insight
  • how you keep your citizens’ integrity and privacy safe

Find the case here.