Protecting oil and gas critical infrastructure against cyber threats

DSC 0783Strategies to combat complex cyber and critical infrastructure security threats were the focus of a session at the ADIPEC Security in Energy conference on 14 November

In a keynote address, Don Randall, former head of security and chief information security officer, Bank if England, posed the question "Who is policing your IT? Is is the same person as the one who is managing and maintaining it, and possibly covering it up?" While the CIO (Chief Information Officer) and CISO (Chief Information Security Officer) should work in harmony, the two functions should be independent, he argued, whatever the type of organisation. He also advised that companies should have a single point of intelligence gathering, interpretation and response, and that attention should be given to geopolitical analysis.

He highlighted the need for collaboration and partnership between the public and private sector to tackle the cyber security threat. "Law enforcement bodies can't deal with this on their own, the enforcement agencies need to talk to each other, private companies need to talk to each other." Sharing information is critical, he said, adding "the key word is trust."

Educating staff on cyber and fraud could reduce the risk of fraud by 80 per cent, he said, advising "Share with your staff the basic philosophies and practices."

Cyber security should be a board level concern, he concluded.

Following on from Mr Randall's keynotes address, delegates heard from Mohamed Al Jneibi, representing the UAE's Global Defense Centre, Alfio Rapisarda, senior vice president of security, Eni, and Dr Zhang Jian, chief technology officer, CNPC.

The moderator, Irene Copruz, section head, planning and IT security, Western Region Municipality, said that data security is "very critical" because of the risk of exposure for "billions of dollars worth of information".

"The systems we use for our workers to work remotely are the same systems the hackers are using," she said.

Mr Al Jneibi said the UAE's oil and gas industry was the first priority for cyber security protocols and said the "convergence of both OT and IT was our area of concern".

Mr Rapisarda said that he had the "crazy idea" of putting IT and security together because "nobody was looking after why we are attacked or when we are attacked." He said this means of intelligence-gathering has proven to be "very effective, very efficient".

"We are embedded in the system and we are at board level," said Mr Rapisarda, reflecting Mr Randall's comments in regard to ensuring that cyber security leaders are represented at board level for all organisations.

Mr Rapisarda said that without taking into account all considerations, including geopolitical, financial, technical, industrial and environmental factors along with security, operators will only achieve "compliance without being effective". He also advocated cooperation between private and public sector players rather than "fighting one against the other". He said that this was not an option when dealing with cyber security threats.

Dr Zhang said that the challenges presented by CNPC working with the UAE were considerable because of ambitious targets, such as 70 per cent oil recovery. One of the main challenges is meeting human resources requirements, according to Dr Zhang. He stressed the importance of finding the right people and developing a strong talent pool.

"The first step to a more oil and gas-specific set of standards is to establish working groups with oil and gas," said Dr Zhang. He echoed the sentiments of Mr Randall and Mr Rapisarda when he said that private and public cooperation was essential.

Referring back to the need for a strong talent pool, Dr Zhang said that he had found that often government employees are "behind internationally recognised standards and need to catch up".

He added that working in the Middle East present its own challenges because "it is in a unique position geographically" and geopolitical events are a consideration for all cyber security systems.

A risk-based approach with a focus on cooperation and rapid integration was advocated by Dr Zhang to ensure public and private stakeholders are all engaged.

"Geopolitical instability makes cyber security more complicated," said Dr Zhang. "We always talk with local authorities in each of the countries where we operate."

Hits: 38

Rick Perry celebrates African oil and gas progress and urges the continent to use the US as an example

DSC 0692Rick Perry, US energy secretary addressed Africa Oil Week today on how the US, particularly in regard to the shale oil and gas revolution and developing wind power, can be an example of "freedom and security" for African countries

Hits: 39

Read more ...

"Clear path to commerciality" for Senegal oil

eric 1Eric Hathorn, exploration director, Cairn Energy, told delegates at Africa Oil Week that Senegal is making progress towards first oil by 2021-2023 with up to 1bn barrels of recoverable hydrocarbons

Hits: 42

Read more ...

Xodus wins two offshore Senegal contracts

The development of the oil and gas industry could transform the Senegalese economy. (Image Source: Pixabay)Abderdeen-based Xodus Group has won two contracts for conducting environmental and social impact assements (ESIA) for offshore blocks off the coast of Senegal

Hits: 55

Read more ...

Ophir Energy signs second exploration contract for Equatorial Guinea oil and gas acreage

Offshore Equatorial Guinea seismic results are very promising. (Image Source: Ben Sutherland/Flickr)Ophir Energy, in partnership with GEPetrol and the Ministry of Mines and Hydrocarbons, has signed an oil and gas exploration contract for an Equatorial Guinea offshore oil and gas block

Hits: 40

Read more ...

Alain Charles Publishing, University House, 11-13 Lower Grosvenor Place, London, SW1W 0EX, UK
T: +44 20 7834 7676, F: +44 20 7973 0076, W: www.alaincharles.com

twn Are you sure that you want to switch to desktop version?