First Published: The Leading Edge, September 2022
Leon Hamilton and Marianne Rauch discuss the issues around secure data storage and access in a post-COVID world.
The digitization of the oil and gas industry creates potentially detrimental opportunities for terrorists, criminals, insiders, and activists to exploit. Due to the COVID-19 pandemic, working remotely has become the norm, and remote collaboration has been enabled by such Internet-based applications as Microsoft Teams, Zoom, and others. Remote employees may be more casual with cybersecurity, which further increases the risk of cyberattacks. Successful cyberattacks against oil and gas assets or operations have the capacity to cripple economies, disrupt power grids, and initiate political or public unrest and chaos. Cybersecurity defense should be as central to our organizational culture as turning on our workplace computer. We discuss the most likely weak points in our systems and possible solutions.
Like many other industries, oil and gas has been transitioning rapidly toward becoming a viable participant in the cyber ecosystem. The industry has large data sets suitable for machine learning applications and require considerable computer resources for preparation and analysis. Cloud services such as Google Cloud are available and integrated to achieve scalability, business continuity, and reduced IT costs. The digitization of oil and gas creates opportunities for cyber terrorists, criminals, insiders, and activists (Progoulakis et al., 2021). Due to the COVID-19 pandemic, the last few years have been challenging as many offices were closed and workers were sent home, but work still had to meet established performance metrics. Working remotely has become the norm, and collaboration has been enabled via such applications as Microsoft Teams, Zoom, and others. This growing dependence on the Internet results in cybersecurity challenges, economic risks, and possible data breaches or increased exposure to hacking operations (Eling et al., 2022). Cybercriminals know that remote employees are more casual with cybersecurity and susceptible to attack because these criminals collect, analyze, evaluate, bundle, and sell data reflecting individuals’ online activities and use them to predict and modify end-user behaviors (Zuboff, 2019), which negatively impacts the safety of operations and exposes organizations to cyberattacks (Atstaja et al., 2021).
These attacks are not restricted to competitors who might want to exploit technological infrastructures or access proprietary information. Successful cyberattacks against oil and gas assets or operations have the capacity to cripple economies, disrupt power grids, and initiate political or public unrest and chaos (Atrews, 2020). For example, last year the Colonial Pipeline was compromised by cybercriminals, resulting in the president of the United States declaring a state of emergency as the disruption negatively affected the airline industry and populations Leon Hamilton1 and Marianne Rauch2experienced fuel loss in many southeastern U.S. states. Cybercriminals shut down 5500 miles of pipeline that resourced 45% of the East Coast populace resulting in fuel shortages (U.S. House of Representatives, 2021). To compensate for the inoperative pipeline, 13,000 midsized fuel tankers provided daily oil transport, resulting in increased fuel prices and significant declines in economic growth (Schachinger, 2021).
Recently, successful cyberattacks on European oil transport and storage companies have negatively impacted oil unloading and loading and supply chains within the European Union, which has led to disruption of energy sectors and economies in Germany, Belgium, and the Netherlands (Beer, 2022). The seriousness of the problem led to the World Economic Forum’s Cyber Resilience in Oil and Gas initiative. Through this initiative, 18 global oil and gas organizations foster and share best practices and collectively align cyber resilience efforts within member organizations in a unified effort to mitigate cyberattacks (Jones, 2022; World Economic Forum, 2022). This combined effort to combat cybercrime — a problem expected to cost US$10.5 trillion globally by 2025 (Morgan, 2020) — illuminates the severity of the threat facing the industry.
Download the full article using the link at the top of this page.