Oil and gas industry becomes key target for cyber criminals
ADIPEC 2017's Security in Energy Conference will focus on strategies to mitigate cyber-crime risks and deploy defence mechanisms to protect critical industry systems and infrastructure.
Organisers of the second annual Security in Energy Conference, to be held in Abu Dhabi in November, say that oil and gas has been exposed as a prime target for cyber criminals after the industry was singled out during international ransomware attacks.
Co-located with Abu Dhabi International Petroleum Exhibition and Conference (ADIPEC), Security in Energy Conference recognises the increasingly critical importance of IT systems to oil and gas operations, and follows two major ransomware attacks in the first half of 2017.
The second of these, the NotPetya attack at the end of June, appears to have specifically targeted oil and gas companies. According to analysis by Kaspersky Labs, just three business sectors accounted for around 80% of targets. Oil and gas accounted for around 25%, a close second to the finance sector, and just ahead of manufacturing.
“Cyber-crime is a serious problem for any business, but recent incidents raise concerns that oil and gas companies will be high-priority targets for attacks,” said Christopher Hudson, president, global energy, dmg events, which organises ADIPEC in partnership with Abu Dhabi National Oil Company (ADNOC).
“The Security in Energy Conference provides a robust discussion specific to the needs of this industry, helping companies ensure that strong defences are in place,” added Hudson.
Recent reports predict the Middle East cyber security market will grow from $11.38bn in 2017 to $22.14bn by 2022. ADIPEC’s Security in Energy Conference delivers the latest market intelligence in energy security protocols, and places a spotlight on the best innovations, security practices and crisis planning within the industry.
Specific conference sessions will cover key topics in cyber security, including ransomware; the Internet of Things (IoT); the convergence of operating technology and IT; security and compliance risks in cloud computing; risk management for supply chain and business continuity; and the use of big data and analytics.
Keynote addresses will focus on the balance between investment and risk, and the impact of regional collaboration on oil and gas security, with discussions to include both defensive and offensive approaches to security.
The conference programme is planned to offer immediate relevance to oil and gas. For example, there will be a significant discussion of threats to critical infrastructure, where attacks could cause widespread operational disruption and safety risks. It will offer insights into and front-line protection strategies, whether for new systems, or by retrofitting of existing industrial control systems to build secure and resilient operations.
There will also be a dedicated Security in Energy Zone within the ADIPEC exhibition halls.
“Illicit cyber activity is here to stay,” said Don Randall, former head of security and chief information security officer, Bank of England, who will be sharing his expertise during the conference. “But, understanding the motivation of the perpetrators, with appropriate responses and education, can substantially reduce the risk and harm,” remarked Randall.
The list of speakers will feature leading figures from organisations tasked with tackling cyber-crime in the Middle East, including Ahmed Alshemaly, director, Cyber Defense Centre, National Electronic Security Authority (NESA), UAE; Eng Ibrahim AlShamrani, executive director, operations, National Cyber Security Center, Ministry of Interior, Saudi Arabia; and Mohammed Bushlaibi, forensic analyst, Telecommunications Regulatory Authority (TRA), UAE. They will speak alongside renowned international experts.
According to Accenture’s High Performance Security 2016 Report, 96 cyber-attacks were reported over 12 months by the oil and gas company heads, while 55% of the oil and gas leaders say the need to fill cyber security gaps in end point or network security is their most pressing concern.
The Cisco 2017 Annual Cybersecurity Report estimates that the frequency of ransomware attacks is growing by around 350% each year. The tools to conduct an attack are easy to obtain and easy to use. Ransomware is even available as a software-as-a-service subscription.
While the number of attacks is increasing, there are concerns that some oil and gas companies have reduced their security budgets as they struggle to balance cost and risk at a time when finances are under pressure, leaving themselves dangerously exposed.
The Security in Energy Conference sessions will aim to bridge this awareness gap, emphasise the importance of building a solid defence platform against cyber-attacks and understanding the fallout of an attack and its implications to business.
"Cybercrime is a threat to the global economy,” said Sandip Patel, a UK-based lawyer and leading international expert on prosecuting cyber-crime cases in court, and one of the speakers at the Security in Energy Conference. “Some estimates cost it at more than $445bn, but the true cost is far greater as many countries do not report on this."
By co-locating security within ADIPEC, one of the world’s most important strategic gatherings for top global oil and gas executives, Security in Energy Conference ensures that the integrity of systems is part of a broader discussion of industry issues.
A company’s security protocols are generally in the capable hands of the CIO/CISO. However, in order for the protocols to be 100% understood and delivered, it is the priority of the entire organisation, from the top-down and bottom-up, to ensure a solid framework and delivery.
Bridging the vocabulary gap between security professionals and their CEOs and senior management teams is vital to ensure they are all aligned on the ever-present security risks to their organisation.
“Reducing cost and improving efficiency are important messages in oil and gas today, and many companies are investing in technology to reduce their costs,” said Hudson. “Keeping that technology safe and secure needs to be a number one priority. It needs to be as much a concern for the chief executive officer as it is for the chief information officer,” commented Hudson.
“Security in Energy Conference recognises that this is a core issue for a modern business, and cannot be pushed into a departmental silo,” concluded Hudson.
Held under the patronage of His Highness Sheikh Khalifa Bin Zayed Al Nahyan, President of the UAE, hosted by ADNOC, and organised by Global Energy Division of dmg events, ADIPEC is one of the world’s leading oil and gas events, and the largest in Africa and the Middle East.
ADIPEC will be held at Abu Dhabi National Exhibition Centre during 13-16 November 2017, with the Security in Energy Conference to be held during 14-15 November.