BLOG: What Oil, Gas Needs in Cybersecurity Hires
A little over a week ago, I sat and listened to leaders from prominent oil and gas companies discuss what they were doing – and could be doing better – to combat cybersecurity threats within the Operational Technology (OT) environment at their organizations.
A February report by the Ponemon Institute, based on results from a survey of almost 400 U.S. individuals responsible for managing cyber risks in the OT environment, stated that 68 percent of respondents said their organization experienced at least one cyber compromise and 61 percent said their organization’s industrial control systems protection and security is not adequate.
So, what to do?
It’s not like the oil and gas industry is unaware of its cybersecurity challenges. Attacks are becoming more frequent and can be quite costly for companies.
Just one-third of respondents believe there is full alignment between OT and IT with respect to cybersecurity operations. Sixty percent said they do not have enough staff; 45 percent said they have the internal expertise to manage cyber threats in the OT environment.
“The need [for cybersecurity professionals] is tremendous, given the recent board level focus given to cyber risk,” Susan Peterson Sturm, director, cyber product marketing and strategy, for Honeywell Process Solutions, told Rigzone. “Recruitment is a very big deal with several of the majors naming a designated cybersecurity engineer that is part of the plant staff.”
With respect to cyber readiness, 41 percent of respondents said their organizations are in the early to middle stage of maturity, meaning many OT cybersecurity program activities haven’t been planned or deployed, or they have been planned and defined but only partially deployed, the report said.
Similarly, Sturm said one of the challenges with oil and gas recruitment is that defined job structures and career paths for industrial cybersecurity resources haven’t been created.
“This is problematic because treating these roles like engineering resources will not allow businesses to make competitive offers. The pay scale for cyber industrial resources, for example, is significantly higher than a typical instrumentation and controls technician,” Sturm said.
She said another challenge is that industrial security roles are often scoped way too broadly.
“By way of comparison, it would be like asking for a doctor who can perform as a pediatrician, do brain surgery, HIPAA compliance and post op care,” she said. “Individuals that can do all these things well are very rare and this does not reflect the realities of the marketplace.”
WHAT DO YOU THINK?
Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.
- Gunvor CEO Sees Russian Refining Capacity Taking Hit from Drone Strikes
- These Factors Helped Brent Oil Price Break Above $85
- Sinopec Engineering Posts Higher Annual Petrochemicals Revenue
- Imperial Pipeline in Winnipeg Goes Offline for Three Months
- Gaz System to Acquire Gas Storage Poland
- Subsea7 Secures Contract to Service Woodside's Trion
- Adnoc Inks Supply Deal for Ruwais LNG Project with Germany's SEFE
- TotalEnergies to Acquire TLCS Eyeing Bayou Bend CCS Project
- Norway Regulator Blasts Proposal to Halt New Oil and Gas Permits
- Chinese Mega Company Makes Major Oilfield Discovery
- EIA Drops 2024 Henry Hub Gas Price Forecast
- EIA and Standard Chartered Offer Up Latest Oil Price Predictions
- Red Sea Region Sees Another Watershed Incident
- Chevron Oil Project in Kazakhstan to Cost $48.5B
- OPEC Voices Encouragement after IEA Affirms Support for Oil Security
- Biden Govt Bares Strategy for Freight Charging, Hydrogen Fueling Infra
- Rystad Looks at the Buzz Around White Hydrogen
- Ukraine Hits Third Russian Refinery In Escalating Drone Strikes
- VIDEO: Missile Attack Kills Crew Transiting Gulf of Aden
- Norway Regulator Blasts Proposal to Halt New Oil and Gas Permits
- Chinese Mega Company Makes Major Oilfield Discovery
- What Is the Biggest Risk to Offshore Oil and Gas Personnel in 2024?
- Is Peak Oil Demand Close?
- Vessel Sinks in Red Sea After Missile Strike
- JP Morgan, Standard Chartered Reveal Latest Oil Price Forecasts
- Exxon Rights in Stabroek Do Not Apply to Hess Merger with Chevron: Hess
- Rystad Forecasts Net Production of Top Permian Producers in 2024
- Analysts Reveal Latest Oil Price Outlook Following OPEC+ Cut Extension