By: Craig Badrick on October 17th, 2017
Why the Oil and Gas Industry Is Vulnerable to Security Threats
Network Security | Cybersecurity
Despite being particularly vulnerable to cybersecurity threats, the oil and gas industry has yet to take appropriate steps to secure its digital infrastructure.
“Cyber attacks in the oil and gas industry can have potentially devastating consequences for the economy and national security,” says Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute in the introduction to his organization’s recent report on the state of cybersecurity in oil and gas.
Ponemon’s concerns seem to be well-founded, as the Institute reported that 68% of oil and gas companies surveyed admitted that their operations have had at least one security compromise in the past year. More often than not, these breaches have resulted in the loss of confidential information or operational technology (OT) disruption.
Another report from Motorola Solutions claims that “cyber attacks against oil and gas infrastructure will cost companies $1.87 billion by 2018.” This is an inevitable byproduct of increased digitization in the oil and gas industry — as DNV GL Security Head Petter Myrvang puts it, “Digitization is very much about pain and gain. Cybersecurity is one pain.”
Unique Cybersecurity Challenges
The oil and gas industry’s relatively high vulnerability to cybersecurity threats stems from a convergence of several factors. For one, the industry’s central role in the country’s critical infrastructure makes it a target for politically-motivated attacks. A cyberattack on a series of major oil and gas facilities could cripple the local, statewide, or even national economy, making it a fairly low-risk, high-reward proposition for bad actors. Skilled hackers could even manipulate the OT on an offshore rig to increase the likelihood of a fire or explosion.
In addition to the high economic and symbolic value of oil and gas facilities, the inherent vulnerability of the industry’s underlying infrastructure, both physical and digital, provides hackers with even greater incentive to attack.
As the industry has become more digitized, the number of oilfield network entryways has increased exponentially. Drilling rigs, storage tanks, and other traditional infrastructure have been retrofitted with newer hardware and software control systems, many of which must be connected to the internet to function. Critical control systems that once were completely isolated are now part of a network that can be infiltrated from any number of access points.
In fact, according to the Motorola report, 96% of mobile devices do not have encryption protection. And while 62% the of oil and gas companies surveyed for the Ponemon report agreed that encryption of data in motion is a “very effective” cybersecurity measure, only 48% plan to use it within the next year.
This troubling figure brings us to yet another factor contributing to the oil and gas industry’s substandard cybersecurity: the inability of oil companies to take the steps necessary to secure their digital infrastructure. Only 41% of businesses in the Ponemon survey continually monitor their infrastructure in order to spot, prioritize, and repel threats, and Ponemon estimates that this lack of oversight means almost half of all cyberattacks on oil and gas companies’ OT go undetected.
Finding a Cybersecurity Partner
Partly to blame for this insufficient security is a lack of IT resources. As the Ponemon report highlights, 60% of oil and gas companies do not have enough staff to maintain a robust cybersecurity program, and only 45% of companies believe they have the internal expertise necessary to manage cybersecurity threats in the modern OT environment.
Fortunately, the oil and gas industry can partner with companies like Turn-key Technologies (TTI) in order to bolster its cybersecurity protocols. With over two decades of experience in the petrochemical industry, TTI understands the unique challenges presented by an oilfield or offshore rig environment, and can help companies design and deploy a wireless networking solution that is both high-functioning and secure.
If you’re interested in learning more about how Turn-key Technologies can help you optimize your oilfield network security, visit our PetroChem Solutions Page.