Protecting the connected barrels
Cybersecurity for upstream oil and gas
Oil and gas might not seem like an industry that hackers would target. But they do—and the cybersecurity risks rise with every new data-based link between rigs, refineries, and headquarters. In an increasingly connected world, how can upstream O&G companies protect themselves?
In the recent years cyber attackers have targeted crude oil and natural gas (O&G) companies worldwide. These attacks growing in frequency, sophistication, and impact as the industry utilizes ever more connected technology. However, the industry’s cyber maturity is relatively low, and O&G boards show generally limited strategic appreciation of cyber issues. This study from Deloitte University Press shares insight gained from interviews, extensive secondary research including a review of technical papers, recent surveys on the industry’s cyber preparedness, and study of recent cyber-attacks on oilfield services. While acknowledging that business units differ from company to company, the study outlines a detailed cyber vulnerability and severity assessment framework at an aggregate industry value-chain level.
Vulnerability of upstream operations
The study examines three major upstream stages: exploration, development, and production & abandonment. Although each operation needs to be secured, these stages all have their own cyber risk profile. Examples in the study help to understand where to take action first and what are the critical points of each operation.
- Exploration: This stage has the lowest cyber vulnerability and severity profile. However, a company’s competitive field data is at most risk in this operation, and an attack might long remain unnoticed due to no direct costs or visible impacts. Also, companies are increasingly using advanced sensors and computing which bring more IoT-based solutions and data feeds that may be disrupted by an attack.
- Development: Within the O&G value chain, development of oil and gas wells is an operation particularly exposed to cyber incidents. Real-time operations centers and interconnected engineering databases attract attackers. Diverse business objectives of all stakeholders make it challenging for operators to have a single cybersecurity protocol, and then there may be a systemic concern of already-infected rigs and devices entering the ecosystem.
- Production and abandonment: The oil and gas production operation ranks highest on cyber vulnerability in upstream operations, mainly because of its legacy asset base, which was not built for cybersecurity but has been retrofitted and patched in bits and pieces over the years, and lack of monitoring tools on existing networks.