With the exploitation of cost-effective brand new operational concepts, increased dependence on cyber structures and use of digital technologies, oil and gas industry is currently exposed to new sets of threats, DNV GL wrote in an article identifying the largest cyber security threats to industry. According to the operator, Cyber-attacks have grown in sophistication and size, making them more difficult to defend against, and costing firms increasing sums of money to recover from.
In December 2015, DNV GL delivered a cybersecurity study to Lysne Committee, a body appointed by Norwegian Ministry of Justice & Public Security to assess the digital vulnerabilities of the country. DNV GL’s study revealed the top 10 most pressing cyber security threats for firms operating offshore Norway.
Company’s international survey of more than 1,000 business professionals revealed that, although companies were actively managing information security, only 58% had adopted a special management strategy, with just 27% setting concrete goals.
According to Petter Myrvang, head of Security & Information Risk, DNV GL Oil & Gas
“Headline cyber security incidents are rare, but a lot of lesser attacks go undetected or unreported as many organizations do not know that someone has broken into their systems. The first line of attack is often the office environment of an oil and gas company, working through to the production network and process control and safety systems”.
DNV GL said that while their study focused on operations on Norwegian Continental Shelf, these issues were equally applicable to gas and oil operations anywhere around the globe.
Top 10 Oil and Gas Industry Cyber Security Vulnerabilities:
1. Lack of cyber security awareness, lack of training among employees
2. Remote work during maintenance and operations
3. Limited cyber security culture among suppliers, contractors and vendors
4. Using standard IT products with known threats in the production environment
5. Insufficient separation of data networks
6. Data networks between on- and offshore facilities
7. The use of storage units and mobile devices including smartphones
8. Insufficient physical security of data cabinets, rooms, etc.
9. Ageing and outdated control systems in facilities
10. Vulnerable software.
DNV GL said it believed that cyber security threats could be addressed through risk-based approach. This allowed companies to identify the vulnerabilities of operations and assets, plan barriers preventing incidents and soften the consequences of cyber risks. That included procedures to maintain barrier quality documented in performance standards.
According to Trond Winther, head of Operations Department, DNV GL Oil & Gas, as all oil and gas process plants were currently connected to the Internet, protecting digital infrastructure against cyber-attacks ensured optimal production regularity and safe operations.