oil and gas icons

Perspectives

An integrated approach to combat cyber risk

Securing industrial operations in oil and gas

Critical infrastructure relies on industrial control systems (ICS) to maintain safe and reliable operations. Making operational processes secure, vigilant, and resilient is a challenge and requires oil and gas companies to harmonize and align two cultures: engineering and IT.

An integrated approach to combat cyber risk: Securing industrial operations in oil and gas

The oil and gas industry is making its way to the next level of digital evolution, embracing and integrating robotics, digitization, and the Internet of Things (IoT) into the operational environment. This has led to new opportunities to improve productivity and drive down costs. However, the convergence of operational and business systems has also opened up the company to a whole new array of cyber risk.

This report shares the insight gained from our extensive field experience, including lessons learned in helping oil and gas companies to go beyond safety in securing their ICS. This report examines how cyber threats impact the oil and gas value chain.

Back to top

An integrated approach to combat cyber risk

Download the report

Protecting the connected barrels: Cybersecurity for upstream oil and gas

Oil and gas might not seem like an industry that hackers would target. But they do—and the cybersecurity risks rise with every new data-based link between rigs, refineries, and headquarters. In an increasingly connected world, how can upstream oil and gas companies protect themselves?

Back to top

A new cybersecurity report: Protecting the connected barrels

More from Deloitte Insights

Refining at risk: Securing downstream assets from cybersecurity threats

Pipelines, refineries, and tank farms all rely heavily on industrial control systems to maintain smooth, safe operations. This combination of engineering and IT makes the downstream industry vulnerable to cyber threats. What can downstream companies do to create a more secure, vigilant, and resilient enterprise?

Back to top

The third report in our oil and gas cyber security series: Refining at risk

More from Deloitte Insights

Cyberattacks and ICS

Engineers have successfully designed and deployed ICS with safety and reliability in mind, but not always security. Why? Originally, there was little need for it. Fit for purpose, isolated operational systems were the order of the day.

Since these operational systems were not integrated to enterprise systems or even to each other, the risk of a large scale cascading failure due to an attack, cyber or otherwise, was extremely isolated.

Fast forward 20 years, and the ubiquitous connectivity of the IoT has turned the most basic assumptions about operational security upside down. Today, all sorts of industrial facilities, including oil fields, pipelines, and refineries, are vulnerable to cyberattacks. Regardless of their location, operational systems can now be compromised by external or internal risks, causing safety or production failures and increasing commercial risk.

Although ICS are typically designed to fail safe, the increasing sophistication of cyber criminals heightens the risk of catastrophic incidents, along with the magnitude of the impacts in terms of cost, safety, reputation, and commercial or financial losses.

Back to top

person in hardhat with wrench

While the industry has escaped a major operational catastrophe thus far, this good fortune may not last unless companies expand their cyber security programs.

Improving cyber security

Like other industries, the oil and gas sector has been working to improve cyber security, which is a priority concern among senior leadership and boards of directors.

While the industry has escaped a major operational catastrophe thus far, this good fortune may not last unless companies expand their cyber security programs.

To date, oil and gas companies have been primarily focused on protecting corporate, as opposed to operational, systems and data. That’s because IoT—where production can be controlled from an iPad or a smart phone, for instance—is relatively new, gaining momentum over the last decade. Also, operational systems are inherently different, requiring engineering know how, and not just IT expertise, in order to secure them appropriately.

Today, an approach that brings together IT and engineering is needed to address cyber security programmatically and sustainably.

Back to top

oil derrick icon
Did you find this useful?