Playbooks Supplements

Data-Driven Oil Fields 2017

Issue link:

Contents of this Issue


Page 29 of 39

JANUARY 2017 | DATA-DRIVEN OIL FIELDS | EPMAG.COM 28 CYBERSECURIT Y Digital Advancement Requires Joined Forces Digitalization in the oil and gas industry forces information technology and operational technology to work together when it comes to cybersecurity. By Petter Myrvang DNV GLÐOil & Gas D igital advancements enable the industry to meet targets related to cost-cutting, reliability, increased effi ciency, sustainability and safety. However, the fl ipside is that critical network segments in production sites are connected to networks, which increases vulnerability to cyberattacks. A study done by Symantec found that computer system invaders attacked 43% of global mining, oil and gas compa- nies at least once in 2014. And the Ponemon Institute found that cybercrime cost energy and utilities companies on aver- age $12.8 million in lost business and damaged equipment in 2015. 'Digitalization done right' There are signifi cant upsides if digitalization is done right throughout the entire value chain. It is a signifi cant driver for progress but it also creates digital vulnerabilities. If operators overlook or downplay this fl ipside, the chances are that busi- ness integrity and operation readiness are compromised by cyber threats. While operators are increasing their digital attack defenses, for example by implementing remote operations, cyber threats are multiplying and attackers are becoming more advanced. Oil and gas assets are exposed to new threats and vulnera- bilities as the industry explores new operational concepts. In a recent report from Tripwire, 82% of oil and gas respondents state that the number of successful cyberattacks has increased in the past 12 months. The same study shows that 72% of respondents answered that a single executive had security responsibility for both IT and OT environments. With this in mind, it is essential that digital advances are matched with progression in cybersecurity. Increase in domains overlap Cybersecurity involves protecting the availability, integrity and confi dentiality of critical information technology (IT) and operational technology (OT) systems. IT originates from the infrastructure and networks in the offi ce domain while OT refers to the industrial systems, networks and infrastruc- ture in the process control domain. Traditionally, IT systems were kept isolated from OT systems, and OT systems were operated and maintained on production sites. These days, critical network segments on the production site are increasingly connected to IT networks to enable remote operation, remote maintenance and analysis of production data. Traditionally operational systems were based on customized proprietary systems while such systems today are more and more based on "off-the-shelf " IT systems. This unites the two systems, with these two domains now increasingly overlapping. Different cultures Companies are experiencing challenges bringing the "worlds" of IT and OT together. Control systems are often purchased and operated at the borderline between these two cultures, and lack of communication and understanding between these en- vironments can result in digital vulnerabilities. Following are some examples of important challenges in- cluding organizational, priorities, perception of safety risk and change management. 1. Organizational. There is traditionally a physical distance between the IT and OT staff. The reason is simply that these two environments had tasks independent of the other domain. Many companies are now reducing the physical distance between these staff onshore, and some are more progressively merging the units. 2. Priorities. The OT personnel are concerned about hav- ing control of the production assets, with availability as the highest priority. The IT personnel, however, give support and services by managing information, with confi dentiality as the highest priority. The result is that when managing cybersecurity, IT and OT personnel tend to work toward different objectives. 3. Perception of safety risk. While safety risk is vital for all priorities in the OT environment, safety is often not an issue in IT. However, the latter's systems are increasingly

Articles in this issue

Links on this page

Archives of this issue

view archives of Playbooks Supplements - Data-Driven Oil Fields 2017