US Offshore O&G needs cybersecurity solutions

July 9, 2015 – The oil and gas industry is defined by capital intensive equipment and distributed assets that produce high-volume data streams which are essential to provide an uninterrupted supply of energy. As the concept of digital oilfields grows, technologies like control systems on the go and big data will become more prominent and the previously isolated and insecure networks will now be integrated into the business networks exposing these critical networks to cybersecurity vulnerabilities. These factors are amplifying the importance of cybersecurity.

Recent analysis from Frost & Sullivan, Cybersecurity in the US Oil and Gas Industry, finds that the proportion of the annual budget spent on cybersecurity ranged from 5 to 10 percent in 2014. This is expected to double within the next two to three years. Implementation will depend on the oil and gas industry’s capability to suitably integrate the ITand operational technology (OT) worlds.

Most oil and gas companies have a plethora of architectures across real-time operations and rely on layered security as the main design protocol. However, these architectures are often designed according to local practices or dictated by vendor preferences. With a majority of the drilling and production rigs located in remote areas, especially in the offshore fields, cybersecurity is a key concern in the digitalized oil and gas industry. Protection of company assets and shareholder value coupled with the imminent implications of advanced persistent threats are the factors driving implementation of cybersecurity. 

“Offshore platforms are primary targets from an economic and political perspective and cybersecurity solutions will have to be seamlessly integrated into these systems without causing disruptions or delays,” said Frost & Sullivan Industrial Automation & Process Control Senior Research Analyst Sonia Francisco. “Digital oilfields require cybersecurity solutions that can maintain the reliability of data as well as determine its accuracy.”

However, the lack of a cybersecurity-focused workforce, the existence of multiple networks and disparate communication channels, and diversified assets make it difficult to identify a network boundary. Furthermore, endpoint security is complex to manage without disrupting applications, especially while using remote access services. Low awareness on available solutions, insufficient priority given to cybersecurity risks and the fact that a majority of the regulations in the oil and gas industry are voluntary has encouraged some players to put off investing in cybersecurity solutions.

Nevertheless, the industry at large is looking to protect its assets. Cybersecurity vendors will initially have to take a hybrid approach, which incorporates both siloed and integrated security. As such, managed security services and cybersecurity contractors will be important, especially for smaller companies that are looking to outsource for greater cost effectiveness.

“Tools such as risk management, network segmentation, change control, 2-factor authentication and security intelligence will not only identify anomalies and assess the risk potential of the network, but also create value for the user,” noted Francisco. “As oil and gas companies gradually take a standardized and centralized approach to cybersecurity, a single solution platform that can be customized to meet user needs will be in demand.”

About Frost & Sullivan

Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today's market participants.