PEMEX Integrates Open Source Software Into its Operation

After falling victim to a major ransomware attack in 2019, PEMEX is undertaking an effort to bolster its cybersecurity measures. The oil company has considered adopting open source software into its operations, a strategy that has proven effective in fortifying IT networks and systems. This security approach allows a wide range of developers within an organization to use, study, share and modify the software depending on specific needs, circumstances and threats, which can be significantly beneficial for big companies like PEMEX.

Since open source software provides access to the source code, multiple security experts can examine the code for potential exploitations, effectively improving vulnerability identification and remediation. Moreover, the collaborative nature of open source software fosters a rapid response to cyberthreats by bringing together a community of developers and experts focused on preventing them. Additionally, it can also be tailored to specific security requirements, reducing the attack surface by eliminating unnecessary code. 

"This technological tool is part of the government's strategy for Petróleos Mexicanos, and it is present in all areas of the oil company. This has given it the freedom to innovate, customize and adapt solutions to meet the company's needs," says Brenda Fierro Cervantes, IT Subdirector, PEMEX. Furthermore, Cervantes emphasizes that open source's collaborative and customizable design benefits PEMEX significantly, given that the oil industry often requires flexibility and adaptability for a company to thrive. 

Octavio Romero Oropeza, CEO, PEMEX, says that applying open source software into its security operations will offer the company’s IT department more freedom, independence and, more importantly, enhanced cybersecurity. Furthermore, this cybersecurity strategy can bring a significant cost reduction by effectively reducing vendor dependency for cybersecurity services. Additionally, an open source software strategy often allows unlimited installations and scalability without incurring additional costs, effectively incentivizing big companies to expand their operations without worrying about additional licensing expenses.

This newly adopted security strategy could help identify, prevent and combat the 100 billion cyberattacks that target the organization every year, as reported by PEMEX itself. The commitment to open source software seamlessly aligns with the republican austerity law, an integral part of PEMEX's Business Plan.

However, an open source software strategy can also come with specific challenges. The diversity of free software options can lead to excessive fragmentation, making it difficult to standardize security practices across an organization. Moreover, the customizable nature of open source software may expose organizations to an increasing number of insider threats, as it grants both visualization and modification access to multiple software developers and IT personnel.

Nevertheless, PEMEX remains confident that this approach will effectively enhance its resilience against increasingly sophisticated cyberattacks, effectively protecting confidential information previously exploited by cybercriminals looking for financial gain.