Study: Cyber security strategies limited

Oil and gas companies have strengthened management of information security, but many haven’t formalized related strategies, says DNV GL of Norway.

In a survey of 1,100 business professionals by the risk-management firm, 58% of respondents said they have adopted ad hoc management strategies for cyber security, and 27% have set concrete goals.

“Headline cyber security incidents are rare, but a lot of lesser attacks go undetected or unreported as many organizations do not know that someone has broken into their systems,” said Petter Myrvang, head of the security and information risk, DNV GL-Oil & Gas. “The first line of attack is often the office environment of an oil and gas company, working through to the production network and process control and safety systems.”

In a report to a committee appointed by the Norwegian Ministry of Justice and Public Security to assess the country’s digital vulnerabilities, DNV GL identified these top vulnerabilities of companies working offshore Norway

• Lack of cyber security awareness and training among employees.

• Remote work during operations and maintenance.

• Using standard information technology products with known vulnerabilities in the production environment.

• A limited cyber security culture among vendors, suppliers, and contractors.

• Insufficient separation of data networks.

• The use of mobile devices and storage units including smartphones.

• Data networks between on and offshore facilities.

• Insufficient physical security of data rooms, cabinets, etc.

• Vulnerable software.

• Outdated and aging control systems in facilities.

“While the study focused on operations on the Norwegian Continental Shelf, the issues are equally applicable to oil and gas operations anywhere in the world,” DNV GL said.

Did You Like this Article? Get All the Energy Industry News Delivered to Your Inbox

Subscribe to an email newsletter today at no cost and receive the latest news and information.

 Subscribe Now


Making DDoS Mitigation Part of Your Incident Response Plan: Critical Steps and Best Practices

Like a new virulent strain of flu, the impact of a distributed denial of service (DDoS) attack is...

The Multi-Tax Challenge of Managing Excise Tax and Sales Tax

To be able to accurately calculate multiple tax types, companies must be prepared to continually ...

Operational Analytics in the Power Industry

Cloud computing, smart grids, and other technologies are changing transmission and distribution. ...

Maximizing Operational Excellence

In a recent survey conducted by PennEnergy Research, 70% of surveyed energy industry professional...