The U.S energy industry became the second most vulnerable to cyber-attacks in 2016, according to Deloitte University Press’ Protecting the Connected Barrels report.
While oil and gas security in facilities are important, there is a growing need to improve strategies against online threats. Almost 75% of oil and gas companies fell victim to at least one digital attack in the previous year, the report showed.
Despite the relatively high number of cyber-attacks on oil and gas firms, these affected companies have downplayed the impact of such attacks. The report noted that the companies do not consider them as a major risk, going as far as to label them under other threats, such as civil war, labor disputes, and weather problems.
On the other hand, energy companies may have pushed for digitalization at a pace that does not prioritize cybersecurity. Paul Zonneveld, Deloitte global energy and resources risk advisory leader, said that the industry has listed oil and gas digitalization as their top priority. However, the sector has become a primary target because “interconnectedness has outpaced its cyber maturity,” according to Zonneveld.
Risks and Recommendations
Companies should conduct training drills on responding to cyber-attacks, which can be done through digital gaming or simulations. These exercises are particularly important for incidents that might take place in remote facilities, according to the report.
It also considered production operations as the most vulnerable to attacks due to its legacy asset base that was “not built for cybersecurity”.
Cybersecurity has become more relevant than ever for the U.S. energy sector, as their constant push for digitalization inadvertently attracts wrongdoers to exploit any security loopholes. Oil and gas companies should improve their security measures to reduce or avoid the risk of cyber-attacks.