The rising threat of cyberattacks and data breaches requires industry operators to implement comprehensive, long-term strategies using all available technologies, with focus on system lifecycle and supply chain management, Steven Kenny tells OGN

In the face of growing cybersecurity risks and attack vectors, operators in critical industries such as oil and gas have the herculean task of reinforcing their infrastructure, including security systems and surveillance networks, to address the increasing threats of cyberattacks and prevent potential breaches.

These risks can range from a loss of data integrity and availability to incidents that pose a real-life threat to people and physical infrastructure.

This is the case throughout the Middle East, and it remains a priority as the region is forecast to provide almost 60 per cent of the world’s oil exports by 2050, while countries such as Egypt plan to increase natural gas production in the face of growing demand.

To put this into perspective, a cyberattack on an oil producer like Saudi Aramco, the world’s largest, that forces production to halt for even one day could cause immediate global oil supply disruptions, sharp price spikes, and market instability.

The energy needs new standards in cyber resilience

A one-week shutdown would have far-reaching consequences, with oil prices potentially soaring above $100 per barrel, straining energy-dependent economies, inflating global transportation and manufacturing costs, and increasing geopolitical tensions.

Such a scenario would likely prompt releases from strategic petroleum reserves, but these would only offer temporary relief.

Additionally, an attack of this scale would highlight critical vulnerabilities in global energy infrastructure, intensifying cybersecurity concerns and potentially accelerating investment in both energy security and renewable alternatives.

"The global impact is far-reaching, making it crucial that these risks are addressed proactively," Steven Kenny, Architect and Engineering Program Manager – EMEA at Axis Communications, tells OGN energy magazine.

Cyber resilience is not achieved by relying on a simple software package installed on endpoint devices.

The global state of cyberattacks and the potential for data breaches demands a thorough response and strategy from industry operators.

"That response must encompass all technologies and solutions available, purpose-built and with an eye towards long-term ownership and a full view of the system’s supply chain and lifecycle. By taking this approach, operators can mitigate the possibility of an incident taking place," says Kenny.

CYBERSECURITY IN SMART SURVEILLANCE

Digital transformation and the proliferation of IoT (Internet of Things) technology means businesses’ security systems are not the same as they were twenty years ago.

Today’s surveillance devices can communicate with one another, process and store information at the edge, and form part of a network dedicated to monitoring and protecting people, equipment, and sites.

That said, because of this capability, that network becomes a target for cybercriminals and needs to be resilient against attacks.

Manufacturers of security and network surveillance products have responded to this need by reshaping their product development strategies.

Cybersecurity now serves as the foundation and is considered at the most fundamental level: The microprocessor and operating system (OS).

Businesses cannot afford for cybersecurity to be an afterthought, as a lack of secure development processes can lead to software releases with exploitable vulnerabilities.

Using a security development model to guide software development, one that includes risk assessment, threat modelling, code analysis, and vulnerability scanning, manufacturers can meet the increasing awareness of security considerations across all industries, reduce the potential for security-related business risks, and create the potential for cost reduction through early threat detection and resolution.

NO WEAK LINKS IN THE CHAIN

Much like in the oil and gas industry, supply chain oversight and management are critical components of modern security and surveillance.

A lack of transparency when it comes to information, equipment, facilities, software, and devices can lead to a compromised product, thus compromising the cyber posture and integrity of the business.

The answer is for operators to look beyond the operational benefits they unlock with new technology and focus on the cyber maturity of the businesses within their supply chain.

Some areas to consider throughout the evaluation process include the processes and policies in place (for example, ISO27001, which is recognised worldwide), and features and tools that are used to mitigate the risk of products being the root cause of an attack.

These features include signed firmware and secure boot, which ensure the product has not been compromised before it’s even deployed, as well as the ability to proactively manage firmware updates efficiently.

It is important to note that what is secure today may not be secure tomorrow. Considering the expected usage duration of products and the risks posed by outdated firmware, oil and gas operators need to take a long-term view towards their hardware, effectively overseeing both ends of the lifecycle of devices.

DEVICE MANAGEMENT & BEST PRACTICES

Given the size and scale of oil and gas operations across the Middle East, operators have a sizable task when it comes to managing their entire surveillance network ecosystem.

This is the case not only in terms of using that network to monitor for any physical threats to infrastructure, or to ensure health and safety protocols are being adhered to, but also the devices that compromise that network and their configuration.

The answer lies with device management software, which enables operators to keep a full, real-time inventory of all devices – cameras, encoders, access control points, audio speakers, and others – and their key information including model number, IP and MAC address, certificate status, and versions of the software each one is running.

In this way, operators can implement consistent management policies and practices and ensure all devices remain up to date and secure against any known vulnerabilities.

The use of device management software also ties into the greater practices of cybersecurity due diligence and best practices.

Operators should always verify that all connected devices are running the latest software version, configure user privilege levels across the network to prevent unauthorised access and improper use, and promote cyber hygiene and awareness among personnel.

Today, technology plays a bigger role in the oil and gas industry than ever before.

Likewise, cybersecurity has become more critical, and nowhere is that truer than with network security and surveillance.

By prioritising cybersecurity during the procurement process, working with trusted vendors, and taking a proactive stance towards risks, operators can best secure themselves and set a new standard in industry resilience.

By Abdulaziz Khattak