Oil and gas might not seem like an industry that hackers would target. But they do—and the cybersecurity risks rise with every new data-based link between rigs, refineries, and headquarters. In an increasingly connected world, how can upstream oil and gas companies protect themselves?
Risks—and Stakes—Keep Rising
For years, cyberattackers have targeted crude oil and natural gas companies, with attacks growing in frequency, sophistication, and impact as the industry uses ever-more-connected technology. But, the industry’s cyber maturity is relatively low, and oil and gas boards show generally limited strategic appreciation of cyber issues.
Why is this so? Perhaps because the industry—engaged in exploration, development, and production of crude oil and natural gas—may simply feel like an unlikely target for cyberattacks. The business is about barrels, not bytes. In addition, the industry’s remote operations and complex data structure provide a natural defense. But, with motives of hackers fast evolving—cyberterrorism, industry espionage, disrupting operations to stealing field data—and companies increasingly basing daily operations on connected technology, risks are rising fast, along with the stakes.
Different areas of the oil and gas business, naturally, carry different levels of risk and demand different strategies.
Among upstream operations, development drilling and production have the highest cyber risk profiles; while seismic imaging has a relatively lower risk profile, the growing business need to digitize, electronically store, and feed seismic data into other disciplines could raise its risk profile in the future. A holistic risk-management program that is secure, vigilant, and resilient could not only mitigate cyber risks for the most vulnerable operations but also enable all three of an upstream company’s operational imperatives: safety of people, reliability of operations, and creation of new value.