Petroleum Africa
Find us on: 
Sunday, March 16, 2014
With oil and gas companies worldwide, including in Africa, continuing to keep cyber attacks and a company’s cybersecurity level of protection a highly confidential matter, gauging how well or poorly the industry is protecting itself remains difficult in 2014. However, there are status indicators, none of which are favorable. For example, a recent year-ending event in Saudi Arabia, the ISA Automation Conference 2013 for Europe, the Middle East and Africa, did highlight the reality of “…increased cybersecurity attacks toward the (oil and gas industry),” suggesting that hackers are emboldened rather than discouraged.
Additionally, just prior to the December 2013 ISA conference was a significant industry event in Houston, where the globally well-known American Petroleum Institute (API) held its Cybersecurity Conference & Expo. While many companies are not entirely sure about hackers’ threats to their own organization, one speaker clearly named several, including financials, intellectual property (IP), corrupting systems and inflicting adverse effects on personnel and/or equipment. A key point made was that hackers, both ad hoc independents and those supported by various governments and military, have actually increased their size, strength and expertise.
In other words, if any companies were somehow lulled into thinking that a public-private partnership launched earlier last year by the US Energy Department was any panacea toward protecting the oil and gas industry, they were mistaken. To the contrary, subsequent conferences and public statements have made it clear that most companies are no safer than they were, whether on the African continent or elsewhere worldwide. However, one positive to emerge from the Energy Department’s initiative is the new Oil and Natural Gas Cybersecurity Capability Maturity Model. It draws on a maturity model’s reliance on best practices to pinpoint a company’s strengths and weaknesses.
As a result of ongoing cybersecurity news, E&P companies in Africa must recognize that at any time a cyber strike of wide-ranging magnitude may occur if they have still not taken practical, cost-effective steps to protect their people and equipment. Companies must conduct a four-part solution: risk assessment, protection, monitoring and diagnosis & response. Otherwise, a 2015 update of African oil and gas companies’ cybersecurity readiness will be summarized no differently than in 2014 except for upping the ante with possibly one or more major catastrophes taking place.
Although it may sound cliché, the answer to when companies should cyber-harden themselves is “the time is now” or the consequences may be very painful, costly, and difficult to put the corporate entity back on track. And the real bottom line on cybersecurity is that when companies continue to essentially avoid the issue, they may get hit by a cyber attack so explosive that the company finds itself precisely where it did not want to be: featured in ongoing negative news and repeatedly named as a negative example of cybersecurity malfeasance for years to come. E&P companies in Africa deserve a better outcome but they must take the initiative.
About the Author
Jim Fererro, has three decades of oil and gas experience, and is Senior VP of Houston-based Globologix
" alt="Sintana to Expand Asset Base in Namibia with Acquisition">
" alt="Luanda Gives Afentra Nod for Azule Acquisition">
" alt="TotalEnergies Increases Stake in ROC’s Giant Moho Field and Sells Mature Assets">
" alt="Africa’s $824 Billion Debt Burden and Opaque Resource-Backed Loans Hinder its Potential">
" alt="African Refiners Ponder Threats to Energy Security for Africa as Transition Takes Center Stage">
" alt="Invictus Inks Gas Sales MOU to Deliver Power to Eureka Gold Mine">
" alt="Globeleq Acquires the 25 MWp Winnergy Solar PV Plant in Egypt">
" alt="Sintana Completes Well Testing at Mopane 1-X in Namibia">
