Lack of cybersecurity awareness in the oil & gas industry – a major risk for the environment
A cyberattack on oil and gas control systems can result in severe consequences to human safety and the environment in the form of ruptures, explosions, fires, releases and spills.
This implies that cybersecurity measures should be fully implemented in this sector. But that is not the case – which is a huge risk to both the society and the environment.
Oil & gas industry is dependent on digital technology
The ICS and SCADA systems used in this sector are dependent on digital technology. Oil and gas companies rely on highly connected data and control systems to facilitate exploration, drilling, system monitoring and to optimize production from onshore and offshore resources.
Before, the networks used between process equipment and control systems were isolated from other networks such as internet, but that is no longer the case. The need to transfer production data to IT systems, and for remote maintenance of the systems, means that such separation is no longer practically possible.
This increased use of automation within this sector is needed to manage costs, to extract the most value from currents assets and to maximise up-time.
But as the dependence on IT technology has grown, so has the vulnerability to cyberattacks which leads to increased risk of threats to the ICS and SCADA networks.
Low cybersecurity awareness in the oil & gas industry
According to the latest report by Dragos the oil & gas industry is an especially valuable target for adversaries seeking to exploit industrial control systems (ICS) environments. One major reason being that this sector still has critical IT vulnerabilities left unprotected, ie cybersecurity measures have not been implemented.
One example of a company that was hit is Saipem, an Italian oil and gas industry contractor, that in December 2018 fell victim to a cyber-attack that hit servers based in the Middle East, India, Aberdeen and Italy. The attack, that used a variant of the notorious Shamoon virus, crippled between 300 and 400 servers and up to 100 personal computers, which led to the cancellation of data and infrastructures.
But why is the cybersecurity awareness so low in this sector?
A major challenge with all security is awareness and training among employees – to have a security culture. Malicious codes are usually spread due to human error through attachments in emails that are opened, memory sticks that are inserted, laptops that are connected to unknown networks etc.
Within the oil & gas industry most of the staff is located onshore and a lot of work is done remotely. Attention to security, and building a security culture, is maybe then not the highest priority. Without this awareness, the right equipment is not installed, mistakes are more likely made, and the likelihood of unwanted incidents increase.
How to work with cybersecurity in the oil & gas industry
With the sector facing such a high cyber risk, it’s more crucial than ever for oil and gas organizations to inhabit a cybersecurity culture and move from reactionary to proactive.
Employees must be informed about the risks and taught how to minimize vulnerabilities. Old equipment and systems must be replaced, and networks should be separated.
To protect data in ICS/SCADA environments, organizations in the oil and gas industry also need technical solutions that prevents leakage and maintains network confidentiality. Robust cybersecurity is an absolute necessity for safe, continuous and reliable operations and can be a reality with the right solutions.
Need some help? Advenica has a long experience with cybersecurity and with securing critical data. We can help you with cybersecurity advise on how to build a cybersecurity culture and with future-proof high assurance cybersecurity solutions that will make sure you can have a secure digitalisation.
Most welcome to contact us!