Following the recent tragic events in Paris, Beirut and Egypt, the issue of security has shot to the top of governments’ agendas. Long term investment in defence and public safety has been promised by world leaders, as has increased spending in the area of cyber security. In recent years, cyber security incidents have multiplied rapidly in both frequency and cost, and digital crime tactics have become increasingly sophisticated to maintain the advantage. According to PWC’s ‘US Cybercrime: Rising Risks, Reduced Readiness’ report, in January 2014, ‘the US Director of National Intelligence ranked cyber crime as the top national security threat.’
Register for free »
Get started now for absolutely FREE, no credit card required.
Being one of the largest industries in the world, the energy sector is a prime target for cyber attacks, and extensive, broad spectrum security measures are critical to protecting its infrastructure. The American Petroleum Institute (API) ranks the energy industry as the second highest of all industries most likely to suffer a cyber attack, behind 'aerospace and defence'. This threat has become increasingly prevalent over the past few years as oil and gas companies have moved to digitalise their operations and services.
‘With the digital evolution of oil and gas information technology (IT), operational technology (OT) systems, networks and processes, many of the underlying security design principles have been strained by fundamental business economics,’ EY noted in its 'Oil and Gas Cybersecurity: Time for a Seismic Shift?’ report. ‘However, as oil and gas organisations have joined the race for global interconnectivity, they have opened their doors to an increased cyber threat, often without even realising it.’
As repeatedly highlighted by industry bodies, security companies and market reports, companies large and small must be prepared to face an attack, no matter how vast their resources may be. Indeed, one of the most high profile cyber attacks the industry has witnessed was against oil and gas major Saudi Aramco. On 15 August 2012, the company's computer network was struck by a self-replicating virus, named Shamoon, that infected around 30 000 of the company’s Windows-based machines. Saudi Arabia's national oil and gas firm took approximately two weeks to recover from the extensive damage. Meanwhile, smaller scale attacks have also impacted the industry. Cyber security company Symantec noted that infiltrators attacked 43% of global mining, oil and gas companies at least once in 2014.
These are worrying statistics for our industry; however, the growth in high profile and sophisticated cyber attacks on oil and gas installations is fuelling the development of advanced security solutions. The oil and gas security and service market size is estimated to grow from US$26.34 billion in 2015 to US$33.90 billion by 2020, at an estimated CAGR of 5.2%, according to MarketsandMarkets research.
Information exchange is becoming an increasingly used tool to combat cyber attacks. For example, API and the Financial Services Information Sharing and Analysis Center (FS-ISAC) have developed the recently launched Oil and Natural Gas Information Sharing and Analysis Center (ONG-ISAC), which can be used to provide shared intelligence on cyber incidents, threats, vulnerabilities, and associated responses present throughout the industry. Furthermore, we are seeing constant developments in technology, software and security solutions from industry leaders such as Honeywell, Intel Security, Siemens AG, Microsoft and Schneider Electric – be sure to catch the company’s article on page 41, which explains why companies that decide to share their cyber security solutions could be leaders in major industry advancements – and I don't doubt that 2016 will bring some exciting new advancements.
On that note, on behalf of the whole Hydrocarbon Engineering team, I’d like to take this opportunity to thank all of our readers, authors and advertisers for their support throughout 2015 and wish all of you a very enjoyable holiday season and happy New Year!