Cybersecurity needs to be the focus for the energy sector

By: Vinodkumar Raghothamarao, Director Consulting, Energy Wide Perspectives & Strategy, IHS Markit EMEA

Post COVID-19, digital transformation is emerging as a driver of paradigm shift in the world around us. Since the industrial revolution, the energy industry has played a pivotal role in the economic transformation of the world. Oil and gas companies have been adopting digital technologies for years, helping to increase the recovery of fossil resources, improve production processes, reduce costs and improve safety.

The oil and gas industry is used to managing security and integrity in remote operations. However, the increased digital connectivity between operational facilities and equipment leads to an imbalance of cybersecurity threats from a small set of bad actors or hacktivists. These aren’t just threatening to physical security and operational integrity: sensitive proprietary data is also at risk.

Historically oil and gas firms have not focused on cybersecurity due to lack of stringent laws and regulations unlike other industries such as healthcare and telecom etc. Energy companies invest less than 1 per cent of their revenue on cybersecurity but this situation has begun to change.

As per the World Economic Forum’s Global Risks Report 2021, cyber risks continue ranking among global risks. The recurring explosion in industry-specific attacks underscores the serious need for meaningful advancements and maturity in cybersecurity programmes within the oil and gas industry.

Cyber-attacks are opportunistic and attacks will continue to evolve in sophistication. The need of the hour is to bridge the gap between IT and OT by adopting cybersecurity best practices. To safeguard vital information, an oil and gas company must not only address the security of the traditional IT and OT environments, it must also deal with the added complexities from the Internet of Things (IoT), while also integrating innovative digital business process disruptors, such as AI, blockchain and robotic process automation.

Yet in today’s digitally connected ecosystem, the failure of weak links can take down critical infrastructure for all participants. Protecting the entire system requires all industrial operators – both large and small – to detect and defend against cyberattacks.

Within the oil and gas industry, Industrial devices are being connected at all points of the asset life cycle. This includes legacy assets that were not designed with security in mind to assets within green field projects that include security considerations. There is a greater impetus towards increased focus on cyber security required to utilise the full capabilities of the digital assets and processes.

The use of connected sensors and digital monitoring systems for tracking data and production systems. IOT has enhanced operations. There is a thin line of difference between IT and OT with more data exchange and interoperability.

For example, in oil and gas rigs, the number of IoT devices is huge and there’s a lot of legacy, so AI is used to detect new devices and then start profiling them. AI-enabled security is an attractive solution for IoT enabled oil and gas environment given the massive number of connected devices and new vulnerabilities. AI-enabled security systems need to be trained to effectively apply AI methodologies. Training allows an AI system to determine what’s connected to the network, what the connected devices do and what normal operations look like.

Cybersecurity must be the epicentre of focus for companies’ digital transformation strategies. Cybersecurity is viewed as overhead or roadblock, should be bought in the beginning and not afterthought and C-level executives need to make sure that this message is delivered across the organization.

C-level executive in oil and gas firms are focused on enabling secure digital transformation and to reap the benefits of digital transformation without risks, the following useful approaches can be adopted:

- Instil the foundation for a strong cyber resilience to secure the assets. Continue to improve risk detection and response scalability.

- Partner with IT organizations, any service rigorous risk processes and introduce controls to mitigate such risks.

- Ensure cybersecurity policies and standards are in place. Create cyber security awareness amongst the workforce

- Industrial control systems (OT) lagging behind IT domain. Need for greater collaboration to address the current challenges and to bridge the gap.

- Establishing and aligning cybersecurity practices across the Oil & Gas supply chain

Road Ahead

Using deep learning and AI, new predicting and monitoring cyber security technologies for the oil and gas industries are slowly emerging that could completely transform them. Being able to predict what’s coming and see beyond what’s currently seen allows oil and gas companies to deal with potential cyber security problems before they happen, saving them time, money, and bad publicity. A future where we’re surrounded by artificial intelligence as a key problem solver for cyber security is imminent. Going forward, the impact of ML and AI will be realised in the cybersecurity solutions for oil and gas industry. Early adopters are taking advantage with a head-start in the competition to protect their assets. These evolving cyber security approaches are likely to outlast the current downturn and could lead to real changes in oil and gas companies’ overall business strategies.