Will Low Oil Prices Prompt Cutbacks in Cybersecurity Spending?
The collapse in global oil prices has prompted companies across the industry, from operators to contractors, to sharply reduce capital (CAPEX) and operating expenditures. Are these reductions also affecting spending on cybersecurity?
Most industry experts and government authorities, including the Department of Homeland Security (DHS), U.S. Cyber Command and the National Security Agency (NSA) estimate that over 40 percent of the recent cyber-attacks in North America targeted the oil, energy and resources segments. Thus, it would be unwise and inappropriate to compromise some areas of security and safeguards, whether they address workplace safety, environmental impairment, pollution or cybersecurity, Glenn Legge, a partner at Legge, Farrow, Kimmitt, McGrath & Brown LLP, told Rigzone.
The oil and gas industry is exposed to cyberattacks through its use of Big Data, or data sets so large and complex that processing them with on-hand data management tools or traditional data processing applications in difficult. Big Data is managed by supervisory control and data acquisition, or SCADA systems, and industrial control systems, or ICS, according to a November 2014 presentation by Legge. Big Data is utilized throughout the energy sector for analysis, from real-time downhole data sensors that gather information on deepwater rigs, to the remote monitoring of onshore wells, as well as midstream and maritime transportation, refining and petrochemical.
Faced with pressure from shareholders to boost returns and reduce costs, the oil and gas industry is using IT to achieve operational efficiencies. The broad geographic distribution of oil and gas facilities also means that IT must be used to link facilities with headquarters.
Successful cyber-attacks have already affected major power grids, oil pipelines, gas infrastructure and the energy trading markets. Adversaries of oil and energy organizations seek financial gain, competitive advantage, intellectual property, valuable exploration data and the like. These adversaries include sophisticated foreign state-sponsored hackers, corporate cyber-spies and other malicious attackers intent on disrupting, spying and stealing.
“Everything that we do as a society is powered by energy and because of this these critical resources and the companies that control them need to remain vigilant about the cyber threat,” said Legge.
The spending cutbacks are the quickest way for companies not only to reduce margin, but pacify shareholders and maintain internal financial health. Despite the cuts, Legge said it’s difficult to imagine that a responsible energy company, particularly a publicly traded company, would make significant cuts in the critical areas of health, safety and environment (HSE).
“No matter how much you’re reducing CAPEX, most risk managers believe you have to maintain the fortress around HSE.”
The drop in oil prices and CAPEX reductions are indeed affecting business decisions including company staffing at many major oil and energy firms. However, the recent price drop in oil prices have a zero effect on the significant exposures to cyber-attack that these companies face, said Jeffrey Bernstein, managing director of T&M Protection Resources’ Information Security Advisory Division in New York City, in a statement to Rigzone. T&M, a global provider of security services that focus on the protection of people, property and information, has worked with dozens of oil and energy firms on cyber-security issues.
“Oil and energy companies are among the most profitable and operationally efficient businesses on the planet. Maintaining a heightened cyber security posture is one of the most critical components to remaining efficient in this high-stakes sector,” Bernstein noted. “In my experience, these firms understand this expansive and growing threat and the potential cost associated with falling victim to a successful cyber-breach. Because of this, while we will continue to see increased optimization and cost-cutting by the oil energy firms, we will also continue to see increases in cyber-security and protection budgets.”
Richard Mahler, director of Commercial Cyber Solutions at Lockheed Martin, told Rigzone that the oil and gas industry is well prepared to address the fluctuations in oil prices and incorporate those forecasts into the financial planning cycle.
“Given the critical necessity of cybersecurity to ensure the reliability, safety and security of operations across an enterprise, coupled with the ever increasing volume and impact of the threat landscape, we have not seen oil and gas companies cut their cybersecurity programs. They instead are focusing their efforts on other areas of operations, including capital programs, spending and services.”
To read the full article, please click here: https://www.rigzone.com/news/oil_gas/a/137655/Will_Low_Oil_Prices_Prompt_Cutbacks_in_Cybersecurity_Spending/?all=HG2