Optimal Physical and Cyber Security in the Oil, Gas and Energy Industry

Both cyber and physical security are among the top priorities for every organization in the oil, gas and energy sector – especially due to the year on year rises of cybercrime. Technology has a huge role to play here as all of these organizations are seeing adapting to automation and Information and Communication Technologies (ICT). Not only do these changes make their processes leaner and faster but also make their industrial and physical assets susceptible to cyber attacks.

The cybersecurity being employed in the oil, gas and energy industry has seen a wide range of sophisticated attacks quite recently. Attacks of the sort which are not only a breach of public infrastructure and corporate assets, but also effectively disrupt safety. As a result, these breaches can cause these organizations loss of both reputation and life. Another snowball effect of the very same breaches is an increase in the cost of oil, gas and energy prices.

Complex Environments

As we all know, the oil, gas and energy industry is quite reliant on a complex structure of refineries, power grids, power stations and pipelines. All of these are inclusive of a wide array of valuable assets which could be very dangerous if they were ever to fall in the wrong hands.

If we were to think of all of these valuable assets and add on the Information Technology Infrastructure as well – we might say that the complexity only seems to exponentially increase. This is not the case however. When operations and networks are driven with the help of ICT procedures, workflows and processes, these industries can be seen operating and functioning in the most optimal manner.

That said, securing this sensitive data alongside physical infrastructure is vital. Simply because of the reason that these environments are so complex, their security is usually broken down to two main components. These include traditional forms of security which is then made to overlap with cyber security for industrial data. Why though? This is because industrial data is highly confidential and quite sensitive – which is why it should be protected no matter what the cost.

The Threats

The oil and gas industry are up against a wide array of threats – first of which is because their operations usually rely on third parties for large portions of their work. This is because these companies quite commonly operate offshore by attaching activities with non-state actors. In these environments, these operations tend to entice terrorists or similar kinds of factions who, for their own cause, will destroy, deplete or disrupt these critical resources. Once this has occurred, critical infrastructural functions that rely on these resources are simultaneously sabotaged. These infrastructures include smart cities, plants, airports and railways among many others.

In order to save themselves from these huge risks, these industries employ fully electronic and digital environments in their processes. These technologies can be seen ranging from pipeline shutdowns and shaft lifts all the way to ventilation systems and main access controls. One can even say that virtually everything here is automated.

If these systems are attacked, terrible disasters can occur which could include gas explosions, trapped miners or the loss of oxygen – all of which but lives and the business to risk. Cyber security therefore becomes an essential part of the integrity of every organization in the industry.

Cyber Security

We have already established that as an organization becomes smarter with technology – their security needs tend to become heightened as well. Security measures being used in these industries range from perimeter security all the way up to advanced threat protection systems. These advanced systems include technologies that protect these organizations with the help of SCADA (Supervisory Control and Data Acquisition), IoT and Security Intelligence & Monitoring Technologies among others.

All of these advanced and traditional security measures are implemented by these organizations from central point so as to address better management in regulatory requirements and address compliance. This is because the risks associated to these security measures are endless. They protect everything from hazardous material handling and health and safety practices to delivery and transport compliances and employee access rights. That said, when these measures are handled from a central point, these organizations tend to transition easily.

Organizations in these industries have also formed consortiums of sorts for their cyber security needs. An example of this is the 2004 forum called LOGIC (Linking Oil and Gas Industry to Improve Cyber Security). This forum was undertaken by Chevron, Total, Shell and British Petroleum (BP) for cyber security R&D purposes.

Quite similarly, some other energy companies have also come up with a forum called FIRST (Forum for Incident Response and Security Team) which is a cyber attack response team. This coordination body was formed for the sake of any potential incident response from Private and Government sectors that belonged to somewhere around 61 countries.

With the help of such forums, oil, gas and energy companies now have the ability to leverage expertise and insights from security provider services while also remaining in the loop of all current happenings. As a result, these companies are technologically equipped by having a 360 degree view of security needs – whether common or new.

RefComm 2019