Digitalization benefits the oil and gas industry but increases cyber risk
Most oil and gas companies were hit by a cyber incident in 2016
DNV GL’s new Recommended Practice details how to build cyber security with the emphasis on operational technology
A study by Ponemon Institute found almost 68% of oil and gas companies in the US were hit by at least one cyber incident in 2016.3 Another report revealed that 75% were affected and drew attention to cyber attacks on industrial control systems, not just on corporate information technology networks.4 The global Petya ransomware attack in June 2017 affected oil and gas companies.
The frequency of attacks is probably underestimated. Companies are reluctant to publicize them for fear that exposing a vulnerability may invite further attacks.
“Dealing with cyber security challenges has become a key focus area for the oil and gas sector and there is greater awareness of the requirements that need to be in place,” observed Pål Børre Kristoffersen, principal consultant, information risk management, DNV GL – Oil & Gas. “Critical network segments in production sites, which used to be kept isolated, are now connected to networks, making the operational technology more vulnerable.”
Managing cyber risks to oil and gas operational technology is vitalSenior oil and gas industry leaders agree about the need for a focus on this aspect of cyber security.
“The operational technology convergence between information technology and engineering is critical to ensuring successful operational technology security management,” said Julie Fallon, senior vice president engineering, Woodside Energy.