Oil and gas cyber security

Below are findings from a recent EY report on cyber security titled, ‘Global Information Security Survey 2014.’

  • 61% of oil and gas organisations believe it is unlikely or highly unlikely that they would be able to detect a sophisticated attack.
  • 13% believe that their information security function is fully meeting the organisational needs.>
  • 29% have no real time insight on cyber threats.

Security budgets

  • The majority of current spend is being allocated simply to maintain existing security capabilities.
  • Many organisations have not historically seen their cyber security posture improve as spend has increased.
  • IT security budgets are staying relatively static.
  • Security departments invest the latest security tools rather than seeking the root cause of security challenges.
  • Budget constraints are often compounded by a separation of roles and responsibilities for operational technology security and cyber security.

Security metrics

  • Security departments tend to report lag indicators to provide information of likely cyber threats.
  • Cyber threats continually evolve along with the factors that influence them.
  • Oil and gas companies need to look at integrating leading indicators with their lag indicators.

Recognising the breach

  • There is growing evidence that the majority of large organisations have been breached.
  • In some cases, investigation has shown that the breach occurred months earlier than discovery.
  • It is often only at the point when data is tampered with that companies identify malicious behaviour and respond.
  • Oil and gas organisations have the broad experience necessary to manage and support complex operations linked to large scale networks and with many points of ingress and egress.

Working together

  • The oil and gas sector needs to recognise the value of joining resources together.
  • The industry needs to use working groups to share and disseminate threat intelligence.
  • The experience and capability of consultancies needs to drive change and improvement programs.
  • Leveraging security vendor technology to underpin different aspects of cyber threat monitoring, alerting, defence and response would help the industry.

Edited from report by Claira Lloyd

Published on 02/07/2015

Get your FREE Oilfield Technology magazine »

Get your FREE trial of Hydrocarbon Engineering magazine »

Get your FREE trial of World Pipelines magazine »


Related articles

Cybergeddon – how real is the threat: part one

Gordon Cope, Contributing Editor, discusses the threat of cyber attacks to the oil and gas industry.

Cyber insurance gap

Marsh is closing the cyber insurance gap for energy companies.

Cyber security

Sourcefire explains how the energy industry can put the power back in its own hands.

Cyber attacks on the energy industry

March comment on how next generation industrial control systems create an open invitation for hackers.

Recommend magazines

  Hydrocarbon Engineering  LNG Industry  Oilfield Technology  World Pipelines