Last week, we looked at the second of three oil and gas deep dives when we examined the role that operational technology and information technology play within this sector.
Specifically, we addressed the challenges in protecting IP in oil and gas since accessibility of data is such a crucial element within this industry. IP provides the competitive advantage that sets each company apart from others in a highly integrated industry. It also helps oil and gas companies better understand the current environment to deliver better future results.
The challenge with IP in the oil and gas sector is determining how to best keep the IP safe, yet accessible to those that need it. Industrial Defender and Lockheed Martin, its parent company, have approached this challenge by successfully combining the IT and OT landscapes. The result is a robust solution towards IT and OT security that includes people (e.g. training), the processes (e.g. policy and procedures) and the technology to address modern security challenges.
However, there’s more that the oil and gas industry can do to improve their cyber maturity and cyber capabilities. One suggestion is to examine whether oil and gas companies can take an approach towards oil and gas that in some ways mirrors their Health, Safety and Environment (HSE) policies. To better explain what I mean, let’s take a brief look at HSE.
The oil and gas industry always carries the dangers associated with dealing with a combustible element in extreme and often remote conditions. Add to those dangers the often unpredictable nature of sociopolitical events with the often inclement weather of drilling locations, and the very nature of finding, transporting and refining oil and natural gas becomes daunting.
Losing money by drilling into a dry well, while damaging to the revenue stream, appears less drastic when compared to the damages incurred on any one of the major disasters that occurred over the last 30 years. If something goes wrong in this industry it puts lives, local habitats and even global economies at risk.
That’s one of the key reasons why this industry has led the implementation of HSE as an organizational pillar that is universal in this sector. Few industries triage and escalate prospective HSE near misses for the purpose of predicting incidents with the same thoroughness as oil and gas companies. Fewer private sector companies promote the value of such seemingly innocuous acts as holding the handrails when climbing or descending stairs, or making sure to start each presentation with a safety slide describing the precautions or actions attendees must know about in the event of an emergency.
In oil and gas, cyber attacks have the risk of slowing, if not outright stopping, production. But because they also have the potential to become critical safety issues, cyber security should be addressed within this industry in a similar way as HSE. The ability to record, monitor, track and forecast cyber incidents and IT near-misses, regardless of how benign or innocuous sounding they are, should be tracked universally within this industry.
Only then can oil and gas companies begin to forecast their potential security issues and gaps, mitigating cyber attacks that do occur, and stopping others well before they can do any damage.