Study: DNV GL Reveals Top 10 Cyber Security Threats on NCS

DNV GL has conducted a study revealing the top ten biggest cyber security threats for companies operating offshore Norway.

The international DNV GL survey of 1,100 business professionals found that the most serious cyber security vulnerabilities for operations on the Norwegian Continental Shelf comprised:

1.  A lack of cyber security awareness and training among employees
2.  Remote work during operations and maintenance
3.  Using standard IT products with known vulnerabilities in the production environment
4.  A limited cyber security culture among vendors, suppliers and contractors
5.  Insufficient separation of data networks
6.  The use of mobile devices and storage units including smartphones
7.  Data networks between onshore and offshore facilities
8.  Insufficient physical security of data rooms, cabinets, etc
9.  Vulnerable software
10. Outdated and ageing control systems in facilities

Although the study focused on operations on the NCS, DNV GL stated that the issues are equally applicable to oil and gas companies anywhere in the world. This study follows the claim made by Eric Knapp, the global director of cyber security solutions and technology for Honeywell Process Solutions, earlier this month, who suggested that cyber attacks in the global upstream oil and gas industry are increasing and becoming more advanced.

“We have seen that there’s an increase in activity. We can extrapolate from that that globally there’s an increase ... Malware creation and the cyber threat as an entity is an organization. Malware changes and evolves … we’re seeing activity increase across the board,” Knapp told Rigzone at an annual meeting for Honeywell users in the EMEA region held in Madrid.

Petter Myrvang, head of security and information risk at DNV GL - Oil & Gas, said in an organization statement:

“Headline cyber security incidents are rare, but a lot of lesser attacks go undetected or unreported as many organizations do not know that someone has broken into their systems. The first line of attack is often the office environment of an oil and gas company, working through to the production network and process control and safety systems.”

Over the past 30 years, the oil and gas sector has been the target of well-known cyber attacks. One of the most famous was launched against Saudi Aramco in 2012 by the terrorist organization, Cutting Sword of Justice. The group launched the attack to stop oil and gas production in Saudi Arabia’s largest exporter within the Organization of the Petroleum Exporting Countries (OPEC), according to a white paper by Lockheed Martin Corporation.

A graduate in journalism from Cardiff University, Andreas has eight years of experience as a business journalist. Email Andreas at andreas.exarheas@rigzone.com

WHAT DO YOU THINK?

Click on the button below to add a comment.
Post a Comment
Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.

Related Companies
Events  SUBSCRIBE TO OUR NEWSLETTER

Our Privacy Pledge
SUBSCRIBE

More from this Author
Andreas Exarheas
Assistant European Editor | Rigzone
 -  Green Energy Firm Fights UK Fracking P... (Dec 9)
 -  UKCS Oil, Gas Extraction Drops 10% (Dec 8)
 -  Analysts: Production Ramp-Up at TEN Cr... (Dec 7)
 -  Statoil to Stop Using H225 Helicopter ... (Dec 6)
 -  KRG Doing All It Can To Ensure IOC Pay... (Dec 5)


Most Popular Articles

From the Career Center
Jobs that may interest you
Executive Director
Expertise: Business Development|Executive|Project Management
Location: Houston, TX
 
Senior Accounting Analyst Job
Expertise: Accounting|Budget / Cost Control|Financial Analyst
Location: Denver, CO
 
Associate Product Portfolio Manager Job
Expertise: Business Development|Marketing|Sales
Location: Denver, CO
 
search for more jobs

Brent Crude Oil : $54.33/BBL 0.81%
Light Crude Oil : $51.5/BBL 1.29%
Natural Gas : $3.75/MMBtu 1.35%
Updated in last 24 hours