Study: Cyber security strategies limited

Oil and gas companies have strengthened management of information security, but many haven’t formalized related strategies, says DNV GL of Norway.

In a survey of 1,100 business professionals by the risk-management firm, 58% of respondents said they have adopted ad hoc management strategies for cyber security, and 27% have set concrete goals.

“Headline cyber security incidents are rare, but a lot of lesser attacks go undetected or unreported as many organizations do not know that someone has broken into their systems,” said Petter Myrvang, head of the security and information risk, DNV GL-Oil & Gas. “The first line of attack is often the office environment of an oil and gas company, working through to the production network and process control and safety systems.”

In a report to a committee appointed by the Norwegian Ministry of Justice and Public Security to assess the country’s digital vulnerabilities, DNV GL identified these top vulnerabilities of companies working offshore Norway

• Lack of cyber security awareness and training among employees.

• Remote work during operations and maintenance.

• Using standard information technology products with known vulnerabilities in the production environment.

• A limited cyber security culture among vendors, suppliers, and contractors.

• Insufficient separation of data networks.

• The use of mobile devices and storage units including smartphones.

• Data networks between on and offshore facilities.

• Insufficient physical security of data rooms, cabinets, etc.

• Vulnerable software.

• Outdated and aging control systems in facilities.

“While the study focused on operations on the Norwegian Continental Shelf, the issues are equally applicable to oil and gas operations anywhere in the world,” DNV GL said.

Did You Like this Article? Get All the Energy Industry News Delivered to Your Inbox

Subscribe to an email newsletter today at no cost and receive the latest news and information.

 Subscribe Now

Whitepapers

The Time is Right for Optimum Reliability: Capital-Intensive Industries and Asset Performance Management

Imagine a plant that is no longer at risk of a random shutdown. Imagine not worrying about losing...

Going Digital: The New Normal in Oil & Gas

In this whitepaper you will learn how Keystone Engineering, ONGC, and Saipem are using software t...

Maximizing Operational Excellence

In a recent survey conducted by PennEnergy Research, 70% of surveyed energy industry professional...

Leveraging the Power of Information in the Energy Industry

Information Governance is about more than compliance. It’s about using your information to drive ...