Cybersecurity in oil and gas operations is vital to maintaining the safety of the nation’s energy supply. As National Cybersecurity Awareness Month draws to a close, it is important to remember safety and security threats are rapidly evolving with technology. AXPC members stand ready to respond to whatever cybersecurity threats may arise within their businesses.
As we’ve said before, safety is the most important priority for the oil and gas industry, both on and off operational sites. Sensitive data and high-tech equipment used by operators are potential targets for bad actors wishing to harm the company, steal valuable data, or attack the security of our nation’s energy supply.
Cybersecurity begins with employees. In 2014, 100 percent of XTO Energy’s employees and contractors completed cybersecurity training on how to identify and respond to potential cybersecurity threats. Tips and tools such as email screening, phishing tests, general security awareness were key parts of training, enabling employees to be the first line of defense for potential threats.
The data used in operations is priceless to our members’ businesses. Our members rely on extensive data to monitor safety equipment, analyze seismic and geological data, and ensure oil and gas reserve estimates are accurate. Some areas of the upstream business also require highly automated equipment, increasing the need for cybersecurity not just in software but in hardware.
Many of our members ensure their cybersecurity practices align with the framework outlined by the U.S. Department of Commerce’s National Institute of Standards and Technology Cybersecurity Framework. This Framework allows operators to mitigate risk and ensure data and systems are protected. Our members will also use third-party auditors to evaluate their cybersecurity infrastructure and ensure the continued safety and security of their systems.
Devon Energy’s board directly oversees cybersecurity risks in the company. Through its Audit Committee, board members are able to assess and adapt cybersecurity policies. In fact, the chairman of Devon’s Audit Committee completed the National Association of Corporate Directors Cyber-Risk Oversight Program and earned Carnegie Mellon’s Community Emergency Response Team Certificate in Cybersecurity. Many of our members now employ Information Security Directors, who oversee company cybersecurity programs, and work with law enforcement to identify and mitigate risks.
Senior Vice President and Chief Information Officer of QEP Resources, Jamie Cutler, correctly noted that cybersecurity discussions and concerns are here to stay:
“Framing a conversation around cybersecurity is an evolving task. With cyber breaches becoming a regular news item and boards under pressure to ensure their cyber-security programs are sound; expect this conversation to be a regular part of your board audit committee meeting.”
Technology continues to be increasingly integrated into all aspects of our member’s operations, it increases efficiency, cuts costs, and enables innovation. Technology also makes operators more vulnerable to ever-evolving cyberthreats that aim to impair American businesses. By planning for and possessing the tools to mitigate these threats, AXPC members can continue to protect their employees, their operations, and American energy supplies.