SPE Symposium: Cyber Security and Business Resilience for Oil and Gas
March 29 - 31, 2016 - Abu Dhabi AESociety of Petroleum Engineers
mramathany@spe.org
Phone:0097144575866
The threat from all forms of cyber disruption has grown continually over the last decade, and shows no sign of abating—rather, the rate of increase in the threat grows in both number of incidents, and sophistication. Threats range from rogue administrators with a grudge, inadvertent damage, through to professional and ruthlessly focused cyber-criminal gangs, and at the far end of the spectrum, well-funded and highly skilled state actors. As an example, three years ago threat intelligence identified 20 groups as being in the most serious and capable category. In 2014 that same assessment yielded over 50 groups with a similar level of capability. We now track more than 100 of these groups across 15 countries. The object of these attacks can be monetary, national economic gain, cyber-warfare to reduce rivals capabilities, and intentional sabotage. Impact on businesses includes monetary loss, commercial disadvantage and reputational damage. For process industries, impact can extend to environmental destruction and loss of life. For the oil and gas industry, there has been a traditional separation between Information Technology (IT) and Operational Technology (OT)—however, this distinction dissolved long ago, and IT is now integrated into virtually every aspect of OT. This creates new ways of working, and generation of new and useful data, but as a side-effect also generates complexity, and new vulnerabilities. Both OT and IT organisations need to increasingly understand the ‘other’ domain, and find new ways of working together. This theme examines the magnitude of the threat and how leading organisations are prioritising their efforts and planning to protect against an ever-growing cyber threats. These organisations are achieving through understanding their risks and managing them.