Oil & gas – Refining security strategies

December 27, 2021

The Oil & Gas sector is incredibly susceptible to malicious attack because it is a cornerstone of critical infrastructure. How can we best secure our facilities?

Oil and gas is a major industry supporting the global economy as oil and gas still remain the primary sources of energy for industrialised and developing economies of the world. Unsurprisingly, the oil and gas industry is one of the most attractive targets for growing global terrorism and maritime piracy. While the threat of terrorism and sabotage attacks are across the supply chain of the oil and gas industry – from oil wells, transportation to refineries, the threat of piracy primarily concerns the oil tanker industry.

Any major terrorist attack or act of sabotage on production facilities like oil rigs, offshore platforms and refineries will result in loss or complete stoppage of production, which might take months to restart. The entire supply chain from oil wells and offshore platforms to pipelines, tankers and refineries can be affected by the following security threats:

Piracy
Terrorism
Insurgency
Organised crime
Civil protest
Inter-state hostilities
Vandalism
Internal sabotage

Any above threat can cause severe economical and ecological damage that might affect the international oil & gas markets.

In addition to physical threats, cyber vulnerability has become increasingly prominent. The growing value of business data, the vulnerability of networked systems and the importance of fuel infrastructure have made oil and gas companies major targets for malicious hackers. Already, the industry has been the victim of several high-profile attacks. The Colonial Pipeline hack compromised the business’s networks, shut down its operations, and deprived the East Coast of a pipeline that supplies nearly half the region’s fuel. Oil and gas companies need to invest in cybersecurity and quickly. Otherwise, some of the nation’s most important infrastructure could be left wide open to future attacks.

Significant changes to oil and gas systems have made companies much more vulnerable to cyberattacks over the past few years. Ongoing digitisation in the industry and a transition away from centralised systems to distributed management strategies have made managing cyber risks essential for oil and gas.

Many businesses rely on weak cybersecurity strategies such as air-gapped systems, which are computers that are not connected to the Internet. In some cases, systems that were erroneously assumed to be air-gapped became easy targets for attacks. While these strategies have never provided a strong defense against attacks, they may make companies especially vulnerable as time goes on. Legacy systems that were never intended to be easily accessible are now connected to the internet for visibility and maintenance purposes, closing the IT-OT gap for the industry.

Internet-connected systems and smart devices, which are increasingly common in heavy industry, help oil and gas companies to gather real-time data on field operations, improve maintenance, and increase vehicle fleet visibility. They also further increase the attack surface of company networks.

These systems may also store an immense amount of information about oil and gas apparatuses. A predictive maintenance tool that uses data from IoT sensors may include details such as the type of metal plating a machine uses to correctly predict machine wear, corrosion resistance and conductivity. All this information could be available to attackers who successfully breach a company’s cyber defenses.

To read the full article see our latest issue here: December/January 2022 Single Issue – (securitybuyer.com)