Will Low Oil Prices Prompt Cutbacks in Cybersecurity Spending?
The collapse in global oil prices has prompted companies across the industry, from operators to contractors, to sharply reduce capital (CAPEX) and operating expenditures. Are these reductions also affecting spending on cybersecurity?
Most industry experts and government authorities, including the Department of Homeland Security (DHS), U.S. Cyber Command and the National Security Agency (NSA) estimate that over 40 percent of the recent cyber-attacks in North America targeted the oil, energy and resources segments. Thus, it would be unwise and inappropriate to compromise some areas of security and safeguards, whether they address workplace safety, environmental impairment, pollution or cybersecurity, Glenn Legge, a partner at Legge, Farrow, Kimmitt, McGrath & Brown LLP, told Rigzone.
The oil and gas industry is exposed to cyberattacks through its use of Big Data, or data sets so large and complex that processing them with on-hand data management tools or traditional data processing applications in difficult. Big Data is managed by supervisory control and data acquisition, or SCADA systems, and industrial control systems, or ICS, according to a November 2014 presentation by Legge. Big Data is utilized throughout the energy sector for analysis, from real-time downhole data sensors that gather information on deepwater rigs, to the remote monitoring of onshore wells, as well as midstream and maritime transportation, refining and petrochemical.
Faced with pressure from shareholders to boost returns and reduce costs, the oil and gas industry is using IT to achieve operational efficiencies. The broad geographic distribution of oil and gas facilities also means that IT must be used to link facilities with headquarters.
Successful cyber-attacks have already affected major power grids, oil pipelines, gas infrastructure and the energy trading markets. Adversaries of oil and energy organizations seek financial gain, competitive advantage, intellectual property, valuable exploration data and the like. These adversaries include sophisticated foreign state-sponsored hackers, corporate cyber-spies and other malicious attackers intent on disrupting, spying and stealing.
“Everything that we do as a society is powered by energy and because of this these critical resources and the companies that control them need to remain vigilant about the cyber threat,” said Jeffrey Bernstein, managing director of T&M Protection Resources' Information Security Advisory Division in New York City.
The spending cutbacks are the quickest way for companies not only to reduce margin, but pacify shareholders and maintain internal financial health. Despite the cuts, Bernstein said it’s difficult to imagine that a responsible energy company, particularly a publicly traded company, would make significant cuts in the critical areas of health, safety and environment (HSE).
View Full Article