Cyber Risk to Help Shape Industry Trends in 2014

The oil and gas industry’s increasing reliance on third party vendor materials, products and services means it will need to employ greater cyber risk management practices to protect their businesses from would-be hackers.

The need for greater cyber risk management in the oil and gas industry technology supply chain is one of six trends anticipated to impact the global oil and gas industry in 2014, according to a recent report by McLean, Virginia-based management consulting, technology and engineering services firm Booz Allen Hamilton.

The global upstream and downstream industries face the challenge of managing cyberthreats in the technology supply chain. While oil and gas companies recognize that they can more efficiently operate their business using networked infrastructures, the industry is only now coming to terms with the cyber risk management challenges created by a more open network and increased reliance on the technology supply chain, Booz Allen Hamilton noted in a recent report.

Oil and gas companies face the threat of cyberattacks anywhere technology has intelligent components (hardware and software) that are inserted into the production operations of the supply chain, Emil Trombetti, senior vice president with Booz Allen, told Rigzone in a statement.

While it’s difficult to guarantee that third-party vendors will provide “bullet-proof” solutions to protect critical business assets, there are several strategies that offer assurance that due diligence is being done, said Emil Trombetti, senior vice president with Booz Allen, in a statement to Rigzone. For example, third-party liability for damages incurred if their products are used in a cyberattack, or data breach situation, require that vendor products adhere to cybersecurity industry standards. Havingequirements to inform customers as soon as possible if any security concerns are found with their products and requirements to provide timely fixes for these issues Is another strategy to ensure due diligence.

The industry will also need to take a more customized approach to cyber risk management. All oil and gas companies face the risk of a cyberattack – and only so much can be done to eliminate this threat. Instead, companies should develop comprehensive security risk management plans that meet specific circumstances of high-risk environments, such as ventures into new geographic locations, markets and products.

“In terms of standard cyber risk management, you always have to address not only technology, but also the process and people aspects of risk management,” said Trombetti. “In terms of customized risk management strategies, these differ in many ways and reflect the different aspects of a business.”