Feb 23, 2018

Maintaining optimal security in the Oil, Gas and Energy Industries

Gavin Holme
5 min
Cyber-threats need to be secured against in the oil and gas industry
Security, both physical and cyber security, is a top priority for any organization, especially in light of the year-on-year rise in cybercrim...

Security, both physical and cyber security, is a top priority for any organization, especially in light of the year-on-year rise in cybercrime. However, for certain industries, not having the proper security measures in place can put more than just the company’s reputation on the line. The Oil, Gas, and Energy industries are prime examples of such verticals. There is high adoption of ICT and automation in the Energy, Oil and Gas industry, which has made their processes faster & leaner. However, it has also made them more susceptible to Cyber lead attack on the Physical and Industrial asset.

Cybersecurity in Energy, Oil and Gas Industry has seen very sophisticated attacks in recent years which led to the breach of corporate assets, public infrastructure, and safety paving way for disruption, loss of life, reputation loss, increase in the cost of energy, oil and gas prices.

Complex environments

The Oil, Gas and Energy sectors are reliant on complex networks of pipelines, power stations, power grids and refineries which include a number of valuable assets, some of which can be potentially dangerous if they fall in the wrong hands. From an Information Technology (IT) infrastructure point of view, the complexity only increases. Many of these networks and operations are IT driven; their processes, workflows and procedures dependant on IT systems in order to function and operate optimally.

Securing both physical infrastructure and protecting sensitive data is key.  Due to the complexity of these environments, security should be broken down into two components: traditional IT security and all it entails- coupled with industrial data, or cyber security. There is an overlap between the two, as industrial data is merged with IT data – information that is sensitive, highly confidential and must be protected at all costs.

The threats

The Oil, Gas and Energy industries are facing several threats .  Most Oil and Gas companies operate offshore in different countries for exploration, refining is known to us as Upstream and Midstream and hence are prone to attach from state and non-state actors operating in the region or globally. There is also a higher threat faced by these industries due to their reliance on the third party for a large portion of  work, given that  they work in remote locations . There is the enticement for terrorists and similar factions of disrupting, depleting or destroying the supply of critical government resources. Disruptions in Energy plants and its operations can sabotage critical Infrastructure functions like railways, airports, plant, smart cities, etc effecting the city, infrastructure and economy. 

Most Oil, Gas and Energy environments are fully digital or electronic today. From access control, to ventilation systems, to shaft lifts and pipeline shutdowns – virtually everything is automated. An attack on systems that control these processes can result in terrible disasters, such as trapped miners, loss of oxygen or gas explosions; all of which puts businesses and lives at risk. Protecting these systems becomes crucial to maintaining the integrity of an organisation.

Cyber security

The smarter organization gets with their technology adoption, security needs are heightened.  IT security measures are critical and need to cover all traditional bases. Everything from endpoint security to network and perimeter security, security within the data centres, advanced threat protection, Identity & Access Management, Application security, Security Intelligence & Monitoring of Operational Technology (OT), Internet of Things (IoT), SCADA and Industrial security along with IT.

These organizations should consider revisiting their investment in IP cameras; proper access controls which include biometrics, access permissions, ID validation and attendance verification systems; asset management systems, and much more. Ultimately, the security of an organisation is entirely dependent on how much it is willing to invest in top-to-bottom security measures – the higher the priority placed on security investments, the less risk for the business.

All of these measures should be implemented from a central point, for better management as well as to address compliance and regulatory requirements. There is a high level of risk and danger associated with these industries. Everything from health and safety practices, to transport and delivery compliances, to hazardous material handling and employee access rights must be factored into the security strategy. Managing these from a central point allows smoother transitioning between security functions, while giving security teams better track management and monitoring capabilities.

Also with high adaption of Internet of things organizations need to take their security and compliance into considerations. Apart from the Critical Infrastructure standard and specific industry standard for energy, oil and Gas like NIST, CIS, ISO27001/2, PCI DSS, IOT to have standard such as ISA, ISO, IEEE, Fieldbus, Ethernet to name a few.

Energy, Oil and Gas Industry have also formed consortiums forums for cyber security. Oil and Gas companies have formed forums since 2004 like Linking Oil and Gas Industry to Improve Cyber Security (LOGIIC),  a program undertaken by British Petroleum (BP), Shell, Total and Chevron for research and development in the field of cyber security. Similarly, Energy companies have formed a Forum for Incident Response and Security Team (FIRST) which is the coordination body for cyber incident response for Government and Private sectors in around 61 countries.

Although technology enabled, not all players in the Oil, Gas and Energy industries are abreast with implementation of technology.. Their focus is typically on delivering sustainable energy solutions to the government and private sectors, as safely as possible. Due to the complexities involved with compliancy, as well as the high level of technology and associated security risks, obtaining the services of a knowledgeable service provider can ensure that these organisations can focus on what they do best, while its assured that security is being prioritised by those with the experiences and skills to do so.

Organisations need to constantly review their cyber security plans and strategy in order to be prepared for any onslaught. Organisations in the Oil, Gas and Energy sectors should keep constant tabs on what is happening in the cyber-security and cyber-crime landscape – at all times. This will help them mitigate their risk and potentially avoid becoming targets.

Energy, Oil and Gas companies can leverage the insights and expertise of security service providers to ensure that they remain in the loop with current happenings. These partners are also able to help them to plan the best possible strategy which offers a 360° view of their security operations, in order to avoid common – and new – security pitfalls.

Gavin Holme is the Country Manager of Africa at Wipro Limited.

Share article

May 6, 2021

Global Offshore rebrands Enelift and invests in global hubs

Dominic Ellis
2 min
Enelift plans to augment existing solutions with robotics and remote operational and training technology

Global Offshore has rebranded Enelift and will invest "a seven-figure sum" in establishing new support hubs in Houston, Dubai, Singapore, Perth and the Caspian during the next six months.

The investment will cover oil, gas and renewables, mainly concentrating on manufacturing capability with associated R&D, as well as in stock held in the hubs.

The company’s flagship Hinge Lok technology provides aluminium, non-welded light weight transportation cradle for casing and tubing. Enelift now plans to enhance its offering by augmenting its existing solutions with robotics and remote operational and training technology, which will reduce manpower for handling offshore equipment that is transported and stored using the Hinge Lok system.

Enelift is partnering with "a Japanese robotics company" and the technology will be trialed with "a Norwegian operator on a Norwegian drilling rig", according to a statement.

Operating from its bases in Aberdeen, UK and Esbjerg, Enelift was founded by 35-year industry veteran and Managing Director Paul Brebner 10 years ago to offer the offshore energy industries safe, reliable and efficient storage and transportation of equipment.

The expansion plans are bolstered by the appointment of Jim Clark of the Craigendarroch Group to Chairman, and Adam Maitland to Non-Executive Director. Maitland is the Managing Director of Hutcheon Mearns IF, and brings his wealth of expertise in the field of corporate finance.

Brebner said Enelift may be a new name in the market, but the experience it brings is "industry renowned".

"Our solutions are underpinned by safety that enables inefficiencies and their associated costs to be eradicated – meaning operational personnel can focus doing what they do best, safely. We remain committed to providing the safest storage and transportation solutions for equipment in the sector as we grow our global operations," he said.

Clark said the market is changing and its solutions fully support customers’ economic and safety aspirations.

"We are very well placed to take full advantage of increasing opportunities in the Middle East, Africa, Far East and Americas. Safety is our absolute commitment to our customers and our support hubs will facilitate this. Aligning our identity to our entire offering ensures that we will drive our expansion through new products and global support sites across the rest of this year."


Share article