Security Chief Says Cybersecurity Ranks as Top Long-Term Threat to Statoil
While terrorist attacks grab headlines, cybersecurity poses the greatest long-term threat to Statoil ASA’s global oil and gas operations.
The 2013 terrorist attack on Statoil, BP, and Sonatrach’s jointly held facility in El Amenas, Libya, prompted Statoil to set up an independent investigation to assess the risk of a similar attack occurring in the future. The company’s report on the incident, published in September 2013, concluded that the company lacked a security culture and the security it had in place was not fit-for-purpose for a company with international aspirations.
After completing its assessment, Statoil determined that the great long-term threat to its operations came not from physical attacks but from cybersecurity attacks, Adrian Fulcher, head of security threat assessment at Statoil, told attendees at the API Cybersecurity Conference in Houston.
While the company operates in a number of challenging environments worldwide, most of Statoil’s assets are on the Norwegian continental shelf, Fulcher said. As a possible consequence, the company has had a fairly easygoing security culture, which also extended to Statoil’s cybersecurity culture.
“If we were to suffer a major large-scale accident as a result of an attack on our industrial control systems, it is something that would shape and change the future course of the company in a big way,” Fulcher said.