The energy sector must dodge the cybersecurity bullet

Short Url

Last week, the world awoke to the news that oil facilities in the Netherlands, Belgium and Germany were under cyberattack.

The attack on Oiltanking in Germany, SEA-Invest in Belgium, and Evos in Holland affected terminals with oil storage and transport around the world.

Reports indicated that the attack was ransomware, where hackers scramble data and make computer systems inoperable until they receive their demands.

We all remember how the Colonial Pipeline in the US was hit by a similar attack in 2021, which affected oil and gas supplies across the country, with some states even declaring emergencies.

These attacks are real and have proven capable of affecting energy supply systems across significant areas. They can also potentially disrupt critical infrastructure which delivers energy to a large base of customers.

With oil and gas prices at record highs, global energy systems is already overstretched, with minimal spare capacity. We cannot afford another major disruption.

As cyberattacks become more sophisticated, combined with the increasing digitization across the energy industry, the entire oil and gas supply chain infrastructure could be exposed to risks with potential disruption of vital businesses.

The industry must act now to address key challenges and protect its infrastructure through the latest tools and processes to ensure minimal impact and disruption in the event of an attack.

Fortunately, the implementation of new legislation necessary to increase protection has accelerated due to these recent major attacks. US President Joe Biden recently signed an executive order to strengthen cybersecurity across the US federal government, shortly after the Colonial Pipeline attack.

The World Economic Forum, too, made several key recommendations to leaders across the world to help mitigate the risks in the industry. Establishing a cybersecurity governance model is a starting point; promoting a cybersecurity design culture in the workplace, implementing holistic risk management and defense mechanisms, and strengthening public-private collaboration between stakeholders in the industry are all key facets.

Saudi Arabia’s flagship oil company Saudi Aramco suffered from a cyberattack in 2012, which had a major impact on the company’s internal operations for several months. However, due to the resiliency of its IT network and business process, Aramco’s operations were not severely dented.

The key lesson is that no one is immune, and companies cannot afford to blink. Aramco, crucially, moved swiftly to update its operating procedures and deploy the latest tools to strengthen its infrastructure in the aftermath of the incident.

Additionally, having trained, motivated human resources equipped with the latest tools is another key component for the survival of the energy industry in this open cyber world we live in.

Saudi Aramco invested heavily to acquire top class experts and leaders among its workforce, leading the fight to protect its assets against cyberattacks.

The industry as a whole need to do the same, as such people will be the first level of defense during cyberattacks.

Cybersecurity opens rewarding job opportunities for young people in Saudi Arabia and in the industry as a whole. In the US alone, there were about 500,000 job postings for cybersecurity positions in 2021 with some jobs paying over $100,000 a year for fresh graduates. In fact, US News Magazine puts the job of information security analyst as the number one role in its report “The best Jobs in 2022.”

The energy industry needs to continue its efforts to use all available tools and seek the needed consultancy as it moves toward digital transformation and energy transition, in order to protect its assets and key infrastructure in an increasingly interconnected world.

• Fuad Al-Zayer is an independent energy consultant. He is former head of Data Services Division at OPEC and a former head of the JODI Global Initiative at the IEF.