The broad proliferation of software systems by the oil and gas industry to carry out sensitive and critical missions has raised the concerns about ensuring the reliability, safety, and security of such systems. Establishing confidence in software systems used by oil and gas industry is extremely critical as it is directly linked to the public and environmental safety, international energy market stability, oil and gas supply chain, and confidentiality of information.
Additionally, establishing confidence in software systems is essential to reduce the risk associated with the huge investments by the oil and gas industry in the discovery, development, drilling, production, and processing facilities that employ such software systems. Ensuring the security of software systems becomes more crucial given the current open and complex interconnected infrastructures of these systems. These open and interconnected environments have consistently invited various malicious activities that threaten the peaceful operations of information processing systems. Vulnerabilities associated with these systems cannot be completely removed, and as a result, successful attacks are always launched against computing systems.
Although current computer infrastructures employ advanced protective techniques like firewalls, access controls, and cryptographic mechanisms, these systems are susceptible to attacks due to the following reasons. First, security loopholes will always be present even in the implementation of the protective systems. Second, it is difficult to build a complete, effective, and long term security infrastructure due to the dynamic nature of the information systems infrastructures. This dynamic nature is driven by the need to continuously upgrade, change, deploy, or remove some parts of the legacy systems. Moreover, malicious attacks against computing systems are increasing in terms of sophistication and novelty. The panel will address the following three major information security challenges facing the oil and gas industry today, ensuring an IT zero tolerance strategy that would guarantee continuous and safe global energy supply: Supervisory Control and Data Acquisition (SCADA) systems security, Zero-Day vulnerabilities, and Advanced Persistent Threat (APT).
Riemer Brouwer, Head, IT Security, ADCO
Enterprises, especially fully integrated energy companies, are collecting and retaining more data than they did a decade ago. Data is now being produced at increasing rates – driven by quantum leaps in the capacity for storage and available processing power, huge amounts of data are being made available for analysis.
Oil and Gas (O&G) companies have realized the competitive advantages that can be gained by utilizing useful and timely information. O&G Companies have traditionally focused their efforts on automation and building efficient data gathering systems. These systems succeeded in streamlining and automating data gathering, installing sensors, digitizing oilfields and in many cases eliminating manual data entry, providing decision-makers quicker access to data.
However, in order to maximize Return on Investment, O&G Companies need to shift focus and build strategies around what is now being termed as “Big Data”. This part of the panel will discuss the challenges of collecting, governing and retaining the ever increasing data volumes and the opportunities that big data can provide to decision-makers.
Walid El Abed, Founder & Chief Executive Officer, Global Data Excellence
The ever growing number and variety of new technologies, products, and vendors coupled with aggressive business demand and rigid legacy IT environments is posing a threat to business growth, agility, safety, and innovation. Enterprises are struggling with the daunting task of managing and controlling a chaotic technology landscape while staying in-line with business plans and execution strategies. This is clearly evident in the oil and gas industry where integration between legacy IT systems and new technologies in support of exploration and production of new energy sources.
Taking a holistic view and approach to this challenge involves tackling challenges in multiple areas at the same time, but mainly in agility, capacity and growth, interoperability, regulatory and compliance, security, technology refresh, safety, data management, and overall productivity. The enterprise architecture (EA) practice aspires to tackle this challenge in a pragmatic and structured approach and acts as an overarching umbrella that governs and facilitates technology change to meet business growth and agility needs. In the past decade, the enterprise architecture practice has been going through growing pains and maturing in better defining itself, its boundaries, and its mode of operation. Standards in the EA field had as well matured and gained wide adoption, many of which proved to be successful, when properly implemented and governed, in aiding large enterprises steer through technology and business uncertainty. This part of the panel will discuss the IT Demands growth, agility while maintaining adequate security and technology interoperability.
Yanni Charalambous, Vice President & Chief Information Officer, OXY