oil and gas icons

Perspectives

An integrated approach to combat cyber risk

Securing industrial operations in oil and gas

Critical infrastructure relies on industrial control systems (ICS) to maintain safe and reliable operations. Making operational processes secure, vigilant, and resilient is a challenge and requires oil and gas companies to harmonize and align two cultures: engineering and IT.

Oil and gas companies securing their ICS

The oil and gas industry is making its way to the next level of digital evolution, embracing and integrating robotics, digitization, and the Internet of Things (IoT) into the operational environment. This has led to new opportunities to improve productivity and drive down costs. However, the convergence of operational and business systems has also opened up the company to a whole new array of cyber risk.
 
This report shares the insight gained from our extensive field experience, including lessons learned in helping oil and gas companies to go beyond safety in securing their ICS. This report examines how cyber threats impact the oil and gas value chain.

Back to top

An integrated approach to combat cyber risk: Securing industrial operations in oil and gas

Cyberattacks and ICS

Engineers have successfully designed and deployed ICS with safety and reliability in mind, but not always security. Why? Originally, there was little need for it. Fit for purpose, isolated operational systems were the order of the day.

Since these operational systems were not integrated to enterprise systems or even to each other, the risk of a large scale cascading failure due to an attack, cyber or otherwise, was extremely isolated.

Fast forward 20 years, and the ubiquitous connectivity of the IoT has turned the most basic assumptions about operational security upside down. Today, all sorts of industrial facilities, including oil fields, pipelines, and refineries, are vulnerable to cyberattacks. Regardless of their location, operational systems can now be compromised by external or internal risks, causing safety or production failures and increasing commercial risk.

Although ICS are typically designed to fail safe, the increasing sophistication of cyber criminals heightens the risk of catastrophic incidents, along with the magnitude of the impacts in terms of cost, safety, reputation, and commercial or financial losses.

Back to top

person in hardhat with wrench

While the industry has escaped a major operational catastrophe thus far, this good fortune may not last unless companies expand their cyber security programs.

Improving cyber security

Like other industries, the oil and gas sector has been working to improve cyber security, which is a priority concern among senior leadership and boards of directors.

While the industry has escaped a major operational catastrophe thus far, this good fortune may not last unless companies expand their cyber security programs.

To date, oil and gas companies have been primarily focused on protecting corporate, as opposed to operational, systems and data. That’s because IoT—where production can be controlled from an iPad or a smart phone, for instance—is relatively new, gaining momentum over the last decade. Also, operational systems are inherently different, requiring engineering know how, and not just IT expertise, in order to secure them appropriately.

Today, an approach that brings together IT and engineering is needed to address cyber security programmatically and sustainably.

Back to top

oil derrick icon
Did you find this useful?