Consider a cyberattack that shuts down a major North American pipeline that supplies the east coast of the United States during one of the busiest business weeks of the year. Or, during one of the coldest spells in Western Europe’s recorded history, hackers gain access to gas distribution networks, cutting out heat to almost 100 million households. Alternatively, cyber thieves infiltrate an offshore rig’s computer system, causing damage.
Though these are all hypothetical worst-case scenarios tossed around by crisis management teams, the more frightening fact is that it is not a matter of if, but of when any of these scenarios will occur.
We are living in an era where digitization is accelerating at an exponential rate. As digital platforms link an ever-expanding virtual network of houses, automobiles, workplaces, factories, energy grids, and oil rigs, we witness an increase in the frequency of such attacks.
While online assaults are nothing new, what has changed is the magnitude of the danger and effect, which is directly connected to the extent of digital connection and the huge ecosystem changes brought about by digitization, decentralization, and energy transition. Our cyber enemies are increasingly nimble and skilled in their ability to inflict havoc from a safe distance.
How to Avoid Defensive Playing
The threat and risk picture in heavy asset sectors, particularly in the oil and gas industry, is evolving at breakneck pace, with growing complexity exacerbated by a loss of situational awareness.
Barring any movement on our side, we will be forced to close the gaps and play from a position of inferiority very soon. Rather than proactively addressing vulnerabilities and preventing assaults, we will take a defensive stance. Existing possibilities and capabilities inherent in sectors can avert this result, and we still have time to fully capitalize on them.
As one of the world’s most sophisticated and complex sectors undergoes a multidimensional transformation – from analog to digital, centralized to dispersed, and fossil-based to low-carbon – managing cyber risk and avoiding cyberthreats are rapidly becoming crucial to business value chains.
A century of experience deployed at light speed
The first group of strengths and possibilities stems from industrial firms’ decades of expertise operating high-profile, high-value, physically complicated assets and understanding how to maintain such infrastructure physically safe and secure.
This knowledge and expertise is ingrained in the industrial DNA and extends throughout the whole ecosystem. It will continue to serve an essential role as a stepping stone to industrial cybersecurity, but it is insufficient on its own.
Tomorrow’s defenses must combine industrial expertise with the strength of digital capabilities. What else can a company do to be cyber resilient if it already has industrial experience safeguarding huge physical assets, as well as cutting-edge digital platforms, security software, and teams of technology experts?
Wars, especially this new type of cyber war, are not won just via the use of brilliant military strategists, the finest trained warriors, and the most experienced special ops people. Secure supply lines, the strongest intelligence operations, loyal allies, and informed and active citizenry are required to win.
As a result, developing a varied, dynamic, sustainability-minded, security and safety-first culture is important not just for building cyber resilience but also for allowing industrial digitization. Running relevant, up-to-date, and engaging awareness campaigns helps to establish strong protective layers. Culture and awareness activities should not be viewed as little or trivial. They might be the deciding factor in our favor.
The growing importance of culture and awareness can assist us today and, more significantly, develop the organizational skills we will need in the future. We must prepare the board of directors to view the new risk landscape as the organization’s bottom line. We must provide domain experts and frontline remote employees with a better grasp of the new hybrid reality and related dangers in which our industries currently operate, as well as its ever-changing stakeholders and dependencies.
This is no easy task, but as the old saying goes, “the more you sweat in peace, the less you bleed in battle.”
We must put forth the effort to create a culture in which all tiers collaborate and share expertise and information. We must convert our security function from a centralized, inefficiently scaled one to a distributed defensive framework capable of supporting and protecting people, the environment, and assets.
Building a resilient future
There is a growing knowledge of the huge changes that are taking place, as well as the systemic hazards that they entail. The new risk landscape will necessitate a new strategy to security and safety, one that is more comprehensive and integrated, customized to the problems at hand.
The World Economic Forum has invited some of the world’s greatest experts and businesses to collaborate on how to handle our issues and capitalize on our possibilities. The white paper, Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers, attempts to set the stage by defining principles, using real-life examples, and providing implementation instructions.
The effectiveness of any such effort is reliant on organizational adoption, as well as the breadth, depth, and long-term viability of safety and security programs. In the future, and in order to play from a position of strength, industry leaders must seize the opportunity now and utilize it to establish clear expectations and goals for the security and safety of the digital industrial future.
A data-driven future inspired by centuries of industrial expertise and founded on a strong culture of safety, the environment, and vital assets. A future in which information and competency sharing are utilized to foster culture and enhance resilience.