Cyber vigilance “should be second nature”
In recent years, cybersecurity has increasingly become a top priority for the oil & gas industry. Increasing efforts in digital transformation and connectivity within systems opens up vulnerabilities to cyberattacks. Understanding the current cyber risk landscape and the threats new technologies bring is critical for planning the long-term success of reliable and resilient operations.
To stay ahead of cyberattacks and vulnerabilities in this rapidly evolving industry, oil and gas players must make sure cyber-risk mitigation progresses at the same pace as innovation.
“Cyber vigilance is not just important in workplaces,” claims Syed Mohsin Almohdzar, Head Business Cybersecurity – Downstream at PETRONAS. “In this current day and age, it should be second nature to us.” He asserts. The integration of cybersecurity into the oil and gas industry should come as naturally as safeguarding access to personal digital items, such as online banking accounts”.
“The PETRONAS roadmap and framework for cybersecurity is heavily supported by its top level management, and the commitment to prevent such cyber risks has been shared with every part of the organisation. Managing cybersecurity is the group’s joint responsibility, and the cybersecurity department within PETRONAS is being continuously enhanced to increase our technical capabilities.” He says.
Don’t try to outsmart the hackers
Cyberattacks seem to be getting increasingly sophisticated – and sometimes with devastating effects. Owners and operators must take adequate steps to proactively secure critical industrial controls and systems.
As hackers are becoming more savvy, how can companies keep up with their changing tactics? In a survey conducted by Asian Downstream Insights, 80% of respondents surveyed said that they were not adequately prepared for risks in the digital sphere. But Almohdzar is unfazed, and firmly believes that PETRONAS’ cybersecurity roadmap is heading in the right direction.
“One good approach to this is not trying to outsmart the cyberattacks” says Almohdzar. “Instead, consider that every employee and business partner has access to company data, and it’s crucial to safeguard this access from being compromised. Think about it as not losing the ‘key’ to the shop – an organisation is only as good as its weakest link.”
Education is key
Cybersecurity is an ongoing process, and it can be a challenge for operators to keep ahead of the learning curve when it comes to new technologies and threats. This comes especially as the oil & gas industry struggles to find its balance between embracing digitalisation, and figuring out what works best. Cyber-vigilant organizations are those that build, maintain, and proactively monitor their cyber defense.
Education within the industry could play a defining role in a seamless integration for the industry, but Almohdzar cautions against a direct, ‘schooling’ approach.
“This may not necessarily be effective,” he says. “What organisations should do is include evidence of good relationships between digitalisation and improving business processes.”
“These are tough times for all of us… While surviving, we have an opportunity to reflect on our current ways of working, identifying gaps for improvement and planning for agile delivery.” he claims.
An eye on tomorrow
In the wake of a global pandemic, the future may be uncertain – but digitalisation is definitely here to stay, and as one of the main drivers for industry, no less. Fostering a strong cyber resilience will reduce risks across the industry and enable digitization & automation to continue to improve efficiency and enhance reliability in a competitive market.
“Vertical integration in the oil and gas business can provide resilience to the volatility that we see in the global market today. Companies can strike a profitability balance in different situations where oil and gas prices rise and fall” describes Almohdzar. “This would also be advantageous to managing cybersecurity, as this would reduce the possible discrimination of standards within different areas of oil and gas. The best practices for cybersecurity must be applied to all sectors, it doesn’t matter if it’s upstream, midstream, downstream, or even new energy”.
Awareness of cyber risks needs to become a priority for everyone not only within the organization, but also for external partners.
When hackers attempt to gain entry, organizations need to respond appropriately to not only fend off the intrusion, but also learn from it, so that they can adjust their business and technology environment accordingly. Boards need to challenge management’s assessment of the organization’s cyber posture and critically review cyber crisis management capabilities that have been put in place.
It is up to industry leaders to chart the course to a stable and secure future.
**All views expressed in this article are personal