Could Trump Take Pointers from ExxonMobil's Tillerson on Cybersecurity?
For the oil and gas industry specifically, Ghazi sees additional guidelines for things such as health, safety and environmental issues for exploration and production, but not mandated, specific, stamped regulations for public oil and gas companies.
Ghazi said that enterprise risk management should drive cybersecurity efforts, not frameworks and standards.
“The frameworks and standards that are in place are really about compliance, not security,” Ghazi said.
In terms of technology, a few emerging start-ups are specifically targeting oil and gas security, particularly rigs, in the dawn of connected objects and remote operations, Lux Research analyst Colleen Kennedy told Rigzone. However, being the new company in the security market is difficult.
“Instead, we think positively of start-ups that increase visibility to rig operations,” Kennedy commented.
Technologies that can catch anomalies or alert personnel to abnormal activity quicker are likely to be successful. Lux also has seen a lot of interest in redundancy options for connected devices due to increasing threats.
The greatest risks for oil and gas cyberattacks will occur at enterprises that are under severe financial pressure and have abandoned or mothballed facilities, or cannot maintain the resources to protect their assets. Because of the decline in oil prices in recent years, there will be firms in economic distress that may need assistance from the government to secure their assets, Stewart Kantor, CEO and co-founder of wireless telecommunications provider Full Spectrum, told Rigzone.
“It could be potentially beneficial for these firms to have the ability to bring in government resources until these assets can be secured properly. Also, the recent presidential directive (PPD 41), offering assistance to firms under cyberattack, provides a quality option to support operators during a time where cyberthreats are active and cybersecurity options are being vetted.”
Cybersecurity Workforce Development Critical
The United States will need to develop its cybersecurity workforce to meet future cybersecurity needs, Ghazi said.
“In the oil and gas space, you’re going to have a loss of talent as workers age,” Ghazi said. “That loss, in conjunction with a lack of cybersecurity skills in the sector, makes the oil and gas sector vulnerable to attacks. Tools and technologies can help manage and operationalize cybersecurity, but these tools and technologies are not good at conducting risk assessment.”
Colleen Kennedy, analyst with Boston-based Lux Research, told Rigzone that training and awareness on cybersecurity appear to be a main focus recently among its oil and gas clients.
“Regardless of politics or government initiatives, protecting their physical and virtual assets is already important,” Kennedy stated.
View Full Article
WHAT DO YOU THINK?
Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.
Senior Editor | Rigzone