While Big Data has helped oil and gas operators optimise operations, it has also exposed systems to cyberttacks. Leo Simonovich, director of Global Cyber Strategy and Product Development at Siemens talks about why companies need to strengthen their cyber defence
Could you give me an idea as to how important cybersecurity is to the oil and gas industry?
It is a top issue of the day. This wasn’t the case a few years ago, but the number of cyberattacks continues to grow – including both known and unknown attacks. And we know that operational technology has become a growing target, now comprising 30% of all cyberattacks. In this region, 50% of all cyberattacks are directed against the oil and gas industry. So it has a major impact on productivity, uptime, efficiency and safety.
What is your opinion of the recent Stuxnet virus attack on Aramco?
What I say to customers is that the probability of a cyberattack is almost 100%. The only question is what are they going to do about it. On an average, the oil and gas player experiences two to three major cyberattacks a year. Above all, we believe in holistic cybersecurity – the need to prevent and respond to attacks.
Siemens as a major industrial enterprise caters to a lot of segments – Big Data being a part of the offering. Does the onus also fall on you to combine that with cyber defence systems?
For Siemens, cybersecurity is a strong part of our vision for digitalisation and intelligent infrastructure. We recognise that using a risk-based approach to managing cybersecurity is important. Connectivity to be able to achieve operational excellence, which is a key part of digitalisation, is also important. But that connectivity also enables you to have situational awareness. And the lower the level you can go into the asset, or equipment, the greater transparency you will have, and the more precise you can be in employing countermeasures.
A flipside to digitalisation is also that it is making systems vulnerable to cyberattacks, as the one witnessed by Aramco recently. What is your opinion on this and how would you convince your client to adopt cybersecurity measures?
Yes, it is a key concern. Smarter infrastructure that takes advantage of software and the ‘Internet of Things’ can provide more points of entry for cyber attackers. I advise our customers to take a risk-based approach to build connectivity in blocks. Make sure you are connecting securely. We understand that at the top of the environment, it is not just about connecting two control centres, but also connecting those with pipelines and offshore facilities to be able to perform remote monitoring, automation and optimisation, securely. We have designed systems to address all of that. We call these systems ‘blueprints.’
At a time when the oil and gas industry is heavily cutting down on CAPEX, how would you convince your clients to adopt cyber defence measures?
If you look at the industry, one area where budgets have not stayed flat, or have even risen, is around cybersecurity. That means we don’t have to convince our customers that cybersecurity is an important issue they need to address. They already know this. They just need to understand what is mission critical.