By: Tony Ridzyowski on November 30th, 2017


Oil and Gas Companies Are Cooperating to Improve Cybersecurity


dirty-industry-stack-factory-5.jpgAchieving comprehensive cybersecurity is becoming more and more difficult as oilfields become increasingly digitalized, but a new partnership represents a step in the right direction.

According to the Harvard Business Review, the oil and gas industry ranks in the top third of industries in terms of overall digitization. From increased oilfield efficiency and productivity to improved worker safety and more reliable capacity planning, the integration of digital technologies into oil and gas companies’ everyday operations has delivered the industry a host of benefits.

Unfortunately, this progress hasn’t come without its fair share of complications. As detailed in a study by Motorola Solutions, “Cyberattacks against oil and gas infrastructure will cost companies $1.87 billion by 2018.” This should hardly come as a surprise to the industry considering that 66% of oil and gas companies agree that digitization has significantly increased their cybersecurity risks.

As such, the recently announced partnership between cyber exposure company Tenable and global engineering and tech giant Siemens seems to have arrived at just the right time. Siemens has agreed to deliver Tenable’s new “Industrial Security” package, a service that is designed to help oil and gas companies secure and protect their most valuable operational technology (OT) assets.


The Scope of the Problem


The partnership’s area of focus is certainly not difficult to justify. According to the Ponemon Institute’s State of Cybersecurity in the Oil & Gas Industry report, 68% of oil and gas companies have recorded one cybersecurity breach in the past year. More often than not, these breaches led to either a loss of confidential information or an OT disruption.

The scope of the problem is likely even greater than the research suggests, as the Ponemon study estimates that around 46% of all cyberattacks on OT assets go undetected. This is largely because a mere 41% of oil and gas companies continuously monitor their OT infrastructure to guard against threats and attacks, resulting in a mere 35% of such companies rating their OT cyber-readiness as “high.”

Even a minor breach of OT security can have terrible results. Ten hours of oilfield downtime will likely cost a company more than $125,000. In worst case scenarios, a highly-skilled cybercriminal could even manipulate the OT on a rig to increase the likelihood of a deadly fire or explosion.


A Variety of Cybersecurity Solutions


It’s Tenable’s and Siemens’ hope that their new offering will help close what they call a “massive cyber exposure gap” by dramatically increasing visibility across oil and gas companies’ OT infrastructures.

As summarized by Power Engineering, “The partnership combines Tenable’s OT-dedicated passive vulnerability detection with Siemens’ knowledge of [oilfield] operations to help customers close the knowledge gap and protect all their critical assets.” This passive monitoring approach will not only enable oil and gas companies to manage their OT applications more precisely, it will also enable them predict future cybersecurity weak spots as their OT infrastructures evolve.

Ultimately, the goal for oil and gas companies must be to bring their OT and IT into better alignment in order to ensure comprehensive security for the entire “digital oilfield.” As things stand, only 33% of oil and gas companies believe that there is “full alignment” between their OT and IT cybersecurity operations, per the Ponemon study.

A Tenable-Siemens Industrial Security package may well be able to bolster a company’s OT security protocols, but in order to achieve full OT-IT alignment, oil and gas companies must turn to a networking specialist with over 25 years of experience in the petrochemical industry like Turn-key Technologies. We’re capable of providing critical network access to oilfield personnel and devices anytime, anywhere, all while ensuring the highest level of network security. As OT is integrated with the IoT (Internet of Things), that level of alignment and security will only become more critical.