Many segments of the oil and gas industry, including industrial oil fields, pipelines and refineries, have benefited from internet of things (IoT) technology that has improved productivity and lowered costs. The technology, however, has also left the sector vulnerable to potentially debilitating cyberattacks.
While the industry has worked to improve cybersecurity, the primary focus has been on protecting their corporate—rather than operational—programs and data, according to a Deloitte report on cyberrisk in the oil and gas industry. Any number of scenarios could cause damage to operations, such as hijacking a process control system to increase production to potentially unsafe levels. Lack of employee awareness is also a threat, as cyberattacks can result from malware introduced by employees.
Oil and gas companies are advised to assess the controls they have in place, identify vulnerabilities and initiate improvements. A team of business, operations, engineering and IT security personnel should inventory company assets and facilities and rank them in terms of criticality, determine if the assets and facilities have exploitable vulnerabilities, and assess the maturity of controls in place to manage these threats.