When you think of the oil and gas industry, the first thing that comes to mind probably isn’t cyber security. With plenty of sensitive information, the oil and gas industry is more susceptible to cyber attacks than you may think. Most of these companies also deal with a lot of different stakeholders, making the consequences of the attacks largely dependent on the malefactor’s goal.
What Measures are Being Taken?
As a whole, the oil and gas industry is estimated to spend $1.87 billion USD on cyber security during 2018. This increased spend on security measures is largely due to the automation and integration within the industry. Stored in company databases is sensitive information about drilling spots and access codes to company machines. According to the EY Oil and Gas Global Information Security Survey 2017-2018, 60% of companies in the oil and gas industry have experienced a serious cyber threat, which is 19% higher than in the previous year.
Potential risks a company may face:
- Plant shutdown
- Equipment damage
- Disruption in product quality
- Undetected spills
- Safety measures violation
Why Is it So Important?
Increased cyber security is important in the oil and gas industry because recently, the industry has gravitated to remote-based technology, such as drones. This is usually done for remote work and, by nature, requires information to be transferred digitally. If a hacker is able to gain access to a drone, they are able to complete tasks that an employee usually would, in addition to gaining access to other information without detection. To prevent this from happening, oil and gas companies have instituted strict protocols regarding the use of mobile devices.
An oil and gas company can experience a data breach along three key areas of the supply chain:
A cyber attack that occurs upstream affects drilling vessels, which are considered an extremely valuable corporate asset. These vessels use proprietary information when drilling, which is compromised in the event of an attack.
This part of the supply chain is when crude oil is transported from a production site to a refinery. The oil being transported is highly valuable and transportation is already considered a high-risk activity. A cyber risk could lead to outside sources knowing precise locations and protocols, threatening the security of the load.
During the final stage of the oil and gas supply chain, oil and gas is converted into other products, such as kerosene, aircraft fuel, and gasoline. A cyber security breach could lead to the hacking of monitoring equipment or surges in the pressure of transmission lines. If this happens, the product can no longer be used, resulting in a significant profit loss.
What Can be Done?
Oil and gas companies are already on the right track by investing in increased security measures. That being said, companies first need to understand where their vulnerabilities lie before being able to take protective measures. A multi-faceted IT protection system ensures that a company’s data is protected from various standpoints.