“Fact that 70% of oil and gas companies were hacked in past year must serve as a call to action.”
A survey of US oil and gas cybersecurity risk managers indicates that the deployment of cybersecurity measures in the industry isn’t keeping pace with the growth of digitalization in oil and gas operations.
In a study from the Ponemon Institute – The State of Cybersecurity in the Oil & Gas Industry: United States – just 35 per cent of respondents rated their organization’s operational technology (OT) cyber readiness as high.
The Ponemon Institute – which conducts independent research on privacy, data protection and information security policy – examined how oil and gas companies are addressing cybersecurity risks.
Its authors surveyed 377 individuals in the United States who are responsible for securing or overseeing cyber risk in the OT environment – including upstream, midstream and downstream applications.
With most respondents describing their organization as being in the early to middle stage of maturity with respect to their cyber readiness, 68 per cent of respondents said their operations have had at least one security compromise in the past year, resulting in the loss of confidential information or OT disruption.
Additional key findings related to readiness, risks and challenges include:
- 59 per cent believe there is a greater risk in the OT environment than the IT environment;
- 61 per cent said their organization has difficulty mitigating cyber risks across the oil and gas value chain;
- Only 41 per cent of respondents said they continually monitor OT infrastructure to prioritize threats and attacks;
- 65 per cent of respondents say the top cybersecurity threat is the negligent or careless insider and 15 per cent of respondents say it is the malicious or criminal insider – underscoring the need for advanced monitoring solutions and critical safety zones to identify atypical behavior among personnel;
- 61 per cent say their organization’s industrial control systems protection and security is inadequate.
With regard to solutions and security practices, the security technologies that are considered most effective aren’t extensively deployed.
“Cyber attacks in the oil and gas industry can have potentially devastating consequences for the economy and national security. We hope the findings of this research create a sense of urgency to make the appropriate investments in people, process and technologies to improve the industry’s cyber readiness,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute.
Technologies identified as very effective in mitigating cybersecurity risk include: user behavior analytics (63 per cent), hardened endpoints (62 per cent) and encryption of data in motion (62 per cent).
But within the next 12 months less than half of organizations represented say they will use encryption of data in motion (48 per cent of respondents), only 39 per cent will deploy hardened endpoints, and only 20 per cent will adopt user behavior analytics.
“The fact that nearly 70 per cent of oil and gas companies were hacked in the past year must serve as a call to action. As oil and gas producers use digitalization to become safer and more efficient, there is a clear need to bulk up defenses for operational technology, which is even more vulnerable to attacks than the IT environment. At Siemens, we’re able to draw on our deep experience managing cybersecurity across a global footprint. We help our customers assess risk, secure infrastructure and provide targeted cyber solutions for the operational environment, from the field to the control center and ultimately the enterprise,” said Judy Marks, CEO, Siemens USA.