Energy Industry Must Address Increasing Cybersecurity Threats
The increased use of digital technologies, cloud services and connected infrastructure has allowed oil and gas companies to increase efficiency and uptime, improve safety and reduce costs. However, it has also exposed the industry to heightened risk of cyberattacks.
Security analysts have identified nearly 150 cybercriminal groups that are specifically targeting oil and gas companies and their complex supply chains. According to one study, nearly 70 percent of oil and gas companies have experienced cyberattacks that exposed confidential information or disrupted operations.
The distributed nature of the energy industry has hampered security efforts. Oil and gas companies typically run sprawling operations with sites in hard-to-reach locations that require remote monitoring for performance, quality control and safety. However, these communications are often left unencrypted due to bandwidth limitations and the desire for near-real-time transmissions.
Nearly 70 percent of oil and gas companies have experienced cyberattacks.
Legacy Gear Lacks Protections
Additionally, the industry is highly dependent on legacy operational technologies that lack even basic security protections. Older data acquisition and process control systems were never intended to be exposed to the Internet or even connected to corporate networks. They often don’t even have password protection. Over time, these systems are being retrofitted and patched, but the level of security remains far from ideal.
Meanwhile, the increased use of IoT sensors to monitor remote equipment and track data flows has created another attack vector. Industry analysts say a typical drilling rig might employ several hundred IoT sensors to collect and transmit data about oil composition, downhole pressure, pipe thickness, temperature, flow rates and much more. However, IoT sensors are inviting targets because they tend to have minimal security features.
Supply chain security is another challenge. Oil and gas companies have complex supply chains involving extraction, transportation, refining and distribution operations that include both domestic and multinational partners. Because these partners depend on cloud-based systems and software solutions to gather and exchange data, they are natural targets for attack. A weakness in any link can compromise the integrity of the entire supply chain.
To date, cybersecurity has been a bit of an afterthought for energy companies. A 2018 study found that energy companies were spending less than 0.2 percent of their revenues on cybersecurity — about one-third of what financial services companies spend. That’s partly because many companies put cybersecurity initiatives on hold following a global collapse in oil prices in 2014.
Gaining Executive Support
Given the nature of the threats and potential for widespread disruption, energy companies need to prioritize cybersecurity investments. Executive leadership is critical for developing a security infrastructure with comprehensive protections rather than simply purchasing and installing a series of unrelated point products.
While C-level executives and other key stakeholders may understand the risks at play, they don’t often have the technical knowledge to create a strategy for addressing a wide variety of threats, today and in the future. To gain their support, IT pros must be able to explain the threat landscape without using jargon so that executives clearly understand how threats will affect business outcomes.
It’s hard to overstate the risks involved. Because energy resources are strategic assets that support economies around the world, cybersecurity is not merely a business issue — it is a national security issue. State-sponsored actors are looking to further their own political and economic goals by disrupting energy supplies or stealing sensitive data about new oil reserves and advanced extraction techniques. In a 2018 security bulletin, the Department of Homeland Security warned that the Russian government is engaged in a prolonged intrusion campaign against energy companies in the U.S.
GDS has established expertise in the technology requirements of the oil and gas industry. Our skilled engineers and technicians help energy companies minimize risk with a suite of services that prevent network intrusions, block malicious files, control access and lock down IoT devices. Contact us to learn how we can help your organization improve the security of your critical infrastructure.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.