How big a threat is the issue of cyber security for oil and gas facilities and plants?
With attacks increasing both in terms of numbers and sophistication, for most it is not a question of if they are attacked, but when. Indeed, the risks facing oil and gas producers in the region are ever changing and ever growing.
With oil and gas facilities increasing the use of digital systems, the risk of a cyber-attack is amplified. This increase is largely down to the rise of software-driven technology, such as the cloud and virtualised environments, which have highlighted the need for more regular updates of systems to protect a company’s assets.
This is why it is important for companies to assess their digital assets, in order to best quantify that risk, and ensure that the appropriate cyber security controls are in place.
What trends are you noticing in the oil and gas cyber security sector?
There have been significant efforts from the industry to address issues related to cyber security.
This is partly a result of the aftermath of previous attacks, and also a reflection of changing industry requirements for availability, reliability and safety. They are also driven by regulation and the adoption of cyber security standards in the region, as many national governments in the Middle East have stepped up requirements.
Other trends we are noticing in this space include the Industrial Internet of Things (IIoT) revolution and the growing need for mobility and connectivity via the use of connected devices and systems. While IIoT is set to bring unprecedented opportunities, it will also bring new cyber security risks that organisation will need to prepare for.
To mitigate these risks, businesses must take a holistic approach. This means adopting technological solutions to detect and manage risks, continuous cyber security processes, and relevant employee training.
What predictions do you have for the sector over the next year to 18 months?
Neither the expectations of critical businesses in the Middle East, nor the threats they face, show any sign of diminishing. In fact, both look likely to continue to grow. As they do, the difficulties of meeting them with traditional IT solutions and in-house expertise will grow as well. As a result, we expect to see an uptake of managed cyber security services in the oil and gas sector.
Cyber security will also play a key role in helping businesses unleash the full potential of IIoT by securely deploying connected solutions and technologies.
Due to the low price of oil, we also expect there to continue to be a demand for digital oil-field applications for remote monitoring so that man-hours can be reduced. Companies will use new technology to help to minimise the costs of production while continuing to innovate.
What new solutions are you introducing in terms of combatting cyber security threats facing oil and gas plants?
Honeywell offers complete cyber security solutions for industrial environments and critical infrastructure, by addressing end-to-end with solutions and professional services that range from assessments and network security to response and recovery.
The growing trend of managed services is where Honeywell partners with customers to improve their cyber security posture. Honeywell’s Industrial Cyber Security Risk Manager is a first solution of its kind that proactively monitors, measures and manages cyber security risks for industrial environments. We focus on continuous innovation at the Honeywell Industrial Cyber Security Lab in Atlanta, USA - a world-class environment where we develop and test new cyber security solutions. In addition, our strategic relationships with leading technology players including Palo Alto Networks, Cisco, Intel Security and others extend the value of our solutions.
How have low oil prices affected companies willingness to take a proactive stance on security?
There is no doubt that the low oil prices have had a significant impact on the way that organisations operate. When it comes to cyber security, it isn’t something that can be compromised. As mentioned earlier, with recent major cyber-attacks fresh in the minds of key stakeholders and the increasing trend of mobility and connected devices, proactive security is on the rise, especially since millions of dollars are at stake.
It is important to note that in the current climate, cutting costs in areas such as security risks leaving organisations exposed to threats in the future. This is why it is encouraging to see regional companies continue to be proactive when it comes to their security.