Report: Oil & Gas Cybersecurity Risks to Continue in 2015
Rigzone: In terms of assessing the security of third-party vendors and protecting assets, will this trend increase in 2015? I’m assuming this has to do with oil and gas companies expanding operations into emerging areas and working with new companies. Is this primarily an issue for overseas operations, or is this an issue companies also face working in the United States?
Senterfit: Joint ventures in new territories with new partners bring an unprecedented amount of risk from a cyber, physical and operational perspective. We’ve seen how subcontractors can introduce cyber threats into a large corporation through unconventional means. We also know that the supply chain and the extended enterprise of some of the large operators are the subject of cyberattacks, with disruptions due to one or more of their third-party impacted. Proactive and predictive analysis of the supply chain and third-parties is a key element of an integrated risk approach.
[In some cases], the operator may not be the target of a cyberattack or labor issues. It might be one of their key suppliers and even if the contract has terms protecting the operator it does not solve the operational issues that may occur. As company’s team or join with regional partners, the question around physical and cyber security, classification of data and protection of IP becomes even more important as we become electronically attached to companies from different nation states. This is also not isolated to international/overseas operations. International companies are entering the U.S. market and the entire supply chain and third-party vendors have access and monitor for risk.
Rigzone: In terms of crisis management plans, do you see more oil and gas companies including cybersecurity in these plans? Is this something that’s still lacking in terms of the number of companies or the types of plans? Should oil and gas companies seek outside help in designing these plans, or are existing practices they’ve used in the past enough?
Senterfit: Actually the reverse, to a certain extent, many organizations are working to put in place contingency plans for an inevitable cyber security attack or compromise, and so we’re seeing the traditional incident response evolve into a complex set of response activities and preparedness plans involving legal, marketing and PR teams, regulatory and compliance, and cyber indecent response teams, but more importantly led, coordinated and managed by an overall incident commander. We’re helping our clients to design comprehensive incident response plans that go way beyond the typical cyber aspects. These plans are integrated into the companies’ business continuity and crisis management plans. We’re also helping some of the more advanced companies to implement real-time sentiment monitoring tools to measure the effectiveness of those plans during an incident or crisis.
Rigzone: Do you see more cooperation coming in 2015 in the oil and gas industry on lessons learned or strategies for dealing with cybersecurity?
Senterfit: In 2014 we saw the creation of the ONG-ISAC, (the Oil and Natural Gas Information Sharing and Analysis Center). It’s in the process of becoming operational with a view to cross company collaboration sharing of cyber security threat intelligence, including specific industry threats, directed campaigns and attribution information. The ONG-ISAC is a not for profit organization and is specifically being set up with the tools and staff to assess, share and action that cyber intelligence, and provide solid information about dealing with those threats back into the community. Many of the Critical Infrastructure sectors have established ISACs with Financial Services probably the most mature.
1234
View Full Article
WHAT DO YOU THINK?
Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.
- Falcon Oil Declares Commercial Flow Test Results for Shenandoah Well
- Macquarie Strategists Expect Brent Oil Price to Grind Higher
- Japan Failing to Meet Corporate Demand for Clean Power: Amazon
- Pennsylvania County Joins List of Local Govts Suing Big Oil over Climate
- UK Oil Regulator Publishes New Emissions Reduction Plan
- PetroChina Posts Higher Annual Profit on Higher Production
- US, SKorea Launch Task Force to Stop Illicit Refined Oil Flows into NKorea
- McDermott Settles Reficar Dispute
- Russian Navy Enters Warship-Crowded Red Sea Amid Houthi Attacks
- USA Commercial Crude Oil Inventories Increase
- New China Climate Chief Says Fossil Fuels Must Keep a Role
- Oil Demand Outpaces Expectations, Testing Calculus on Peak Crude
- House Passes Protecting American Energy Production Act
- TotalEnergies Restarts Production in Denmark's Biggest Gas Field
- USA Oil and Gas Job Figures Jump
- Republican Lawmakers Say IEA Has Abandoned Energy Security Mission
- Blockchain Demands Attention in Oil and Gas
- Houthis Warn Saudi Arabia of Retaliation If It Backs USA Attacks
- Macquarie Sees USA Oil Production Exiting 2024 at 14MM Barrels Per Day
- Summer Pump Prices Set to Hit $4 a Gallon Just as Americans Hit the Road
- New China Climate Chief Says Fossil Fuels Must Keep a Role
- Chinese Mega Company Makes Major Oilfield Discovery
- VIDEO: Missile Attack Kills Crew Transiting Gulf of Aden
- Norway Regulator Blasts Proposal to Halt New Oil and Gas Permits
- Chinese Mega Company Makes Another Major Oilfield Discovery
- What Is the Biggest Risk to Offshore Oil and Gas Personnel in 2024?
- Vessel Sinks in Red Sea After Missile Strike
- Exxon Rights in Stabroek Do Not Apply to Hess Merger with Chevron: Hess
- Equinor Makes Discovery in North Sea
- Analysts Reveal Latest Oil Price Outlook Following OPEC+ Cut Extension