In an article published in Oil Review Middle East magazine, Nina Terp, specialist author/freelance writer in the area of energy, discusses the need for the oil and gas industry to improve its systems’ cyber resilience
In May 2021, the possibility of a cyberattack on the oil and gas industry was brought to the public’s awareness when U.S. pipeline operator Colonial Pipeline suffered a ransomware attack. This latest example shows that attacks are becoming more and more frequent – and more sophisticated.
The threat did not begin with the establishment of digital applications in this sector: Information systems (IT) and especially operational technology (OT) are also at risk. Their protection ensures the safety of people, systems and data. Siemens Energy is convinced that the only way to remain one critical step ahead is by taking immediate action.
Ahmed Bakr is a senior cybersecurity officer (CSO) based in the Saudi Arabian city of Jeddah. He and his colleagues support the various Siemens Energy Business Units and their customers in every aspect of cybersecurity. Services include critical asset identification, vulnerability management for IT applications and support for those responsible for industrial cybersecurity of Siemens Energy's portfolio, which also covers the oil and gas business field.
According to Bakr, “Oil and gas companies are targets of cyber criminals. We all are. Their attacks are intended to target a company’s systems and inflict damage by compromising the availability, integrity, and confidentiality of data for example. Although awareness is growing, defence against cyberattacks will have to be taken even more seriously in the future.”
The case of Colonial Pipeline in the USA shows what a single attack can do. The company was forced to stop running the systems that operate its 5,500 mile pipeline. The economic damage was tremendous. The next cyberattack is on its way; the only question is when and how.
“The oil and gas industry has to prepare right now,” Bakr says. As early as 2017, the U.S. research institute Ponemon was commissioned by Siemens to conduct a survey of the oil and gas industry. According to its findings, 68% of U.S. oil and gas cyber managers said that their organisation had experienced at least one loss of confidential information or disruption to operations in their OT environment over the past 12 months. At the same time, the study asserted that many of the organisations lacked awareness of the OT cyber risk.
What is clear, according to Bakr, is that successful cybersecurity needs to be based on a so-called layered defense. Competent cybersecurity ensures people, systems and data are kept safe from cyberattacks.
The article goes on to discuss how companies can increase their cyber resilience, and Siemens Energy’s capabilities and initiatives in this field. See p30 of the current issue: https://www.oilreviewmiddleeast.com/current-issue
