| Top 10 cyber security vulnerabilities

Top 10 cyber security vulnerabilities

DNV-GL has conducted a study revealing the top ten biggest cyber security threats for companies operating offshore Norway.

The international DNV-GL survey of 1,100 business professionals found that the most serious cyber security vulnerabilities for operations on the Norwegian Continental Shelf comprised:

  • A lack of cyber security awareness and training among employees
  • Remote work during operations and maintenance
  • Using standard IT products with known vulnerabilities in the production environment
  • A limited cyber security culture among vendors, suppliers and contractors
  • Insufficient separation of data networks
  • The use of mobile devices and storage units including smartphones
  • Data networks between onshore and offshore facilities
  • Insufficient physical security of data rooms, cabinets, etc
  • Vulnerable software
  • Outdated and ageing control systems in facilities
Although the study focused on operations on the NCS, DNV GL stated that the issues are equally applicable to oil and gas companies anywhere in the world. This study follows the claim made by Eric Knapp, the global director of cyber security solutions and technology for Honeywell Process Solutions, earlier this month, who suggested that cyber attacks in the global upstream oil and gas industry are increasing and becoming more advanced.
"We have seen that there’s an increase in activity. We can extrapolate from that that globally there’s an increase ... Malware creation and the cyber threat as an entity is an organization. Malware changes and evolves … we’re seeing activity increase across the board," Knapp told Rigzone at an annual meeting for Honeywell users in the EMEA region held in Madrid.

Petter Myrvang, head of security and information risk at DNV-GL - Oil & Gas, said in an organization statement:

"Headline cyber security incidents are rare, but a lot of lesser attacks go undetected or unreported as many organizations do not know that someone has broken into their systems. The first line of attack is often the office environment of an oil and gas company, working through to the production network and process control and safety systems."

Over the past 30 years, the oil and gas sector has been the target of well-known cyber attacks. One of the most famous was launched against Saudi Aramco in 2012 by the terrorist organization, Cutting Sword of Justice. The group launched the attack to stop oil and gas production in Saudi Arabia’s largest exporter within the Organization of the Petroleum Exporting Countries (OPEC), according to a white paper by Lockheed Martin Corporation.