Cybersecurity Concerns in Offshore O&G logistics

Over the last 10 years, some industries have gone through a massive digitalization process. Industry 4.0, retail, and some of the supply chains have witnessed the emergence of unicorns all across the world in healthtech, legaltech, logitech and, of course, fintech.

For this and other reasons, the number of cyberattacks have also been increasing and for some reason, people think that these new “techs” are the most serious and the ONLY subjects of the attacks; however, this is not necessarily the case.

Being a digital company or using digital tools in your day-by-day operations does not make you an exclusive target for hackers. The only requirement is to have an email address, Dropbox or Facebook account to be hacked. You can be hacked even if you keep your logs or files on paper and put them in your desk drawer or a safe box. You just need the wrong person in the wrong mood to take a picture or photocopy your analog logs/files and leak them to your competition or an undesired reader. As the former FBI Director Robert Mueller said, “there are two kinds of companies (people): those that have been hacked and those that don't know they've been hacked.” Cybersecurity is the same security need that has always existed, just expanded into your technology infrastructure, no matter how robust such infrastructure is. Basically, “security in IT is like locking your house or car; it doesn’t stop the bad guys, but if it’s good enough they may move on to an easier target,” as Paul Herbka, a reputable cybersecurity professional, correctly stated.

The oil and gas industry has also started a digitalization process, mainly led by European companies. In Mexico, there are still no serious efforts to start walking this path. Some of the players in this industry, under the fear of being hacked once they use digital tools or move to a digital business model, have been adamant about not taking that leap of faith. However, in this rapidly changing world where money, goods and services run from one point to the next through systems based on or assisted by digital/internet-based tools and databases, this closed-mindedness will end sooner than later and they will have to address the need for digitalization and therefore cybersecurity.

But it’s not that they will have to spend huge amounts on a whole, complex, cybersecurity infrastructure from day one. Again, it is just a matter of culture and mindset. Emmanuel Goldstein put it simply: “Most hackers are young because young people tend to be adaptable. As long as you remain adaptable, you can always be a good hacker.” The point is to remain adaptable, resilient and stay proactive. Cyber and non-cyber threats will always pursue us but as long as we are leading the way, we will have the “high ground.” But this is a multiplier effect, meaning that if you lack one of the three components, the whole equation will sum up to zero. You must be adaptable to get digital. You must be resilient to cyber (and non-cyber) threats because they will happen whether you become digital or not. And you must be proactive to stay ahead (or at least keep up) within your industry; for example, by digitally transforming your company. 

But not everything is bad news. Most of the industries that have been leading the way into the digital world have found safe ways through it, even establishing standards and structures around it to protect their operations and sensitive information. One of these ways is good old cryptography. Used in the past century’s World Wars to send military information from one point to another and preventing the enemy from understanding the message even when it was able to intercept it, encryption is still a good defense against cyberattacks.

The financial industry has built a robust normativity around it with the PCI standard[1]. Since “no technology that’s connected to the internet is unhackable,” what if we encrypt it so that if it gets hacked, the hackers only get a bunch of useless characters instead of your sensitive information? Now, this technology is currently encrypting, hiding, or masking most of the credit card information in the world when you place an order on Amazon or any other marketplace. The same principle that helped spies to send and receive information could be an efficient solution to keep your company “safe” from information hacks.

There are ways to enjoy the benefits of digitalization in the offshore oil and gas logistics by using online platforms like NautechMX and, at the same time, keep the information on those platforms safe with cryptography.

For more info, please ask our team: info@nautech.com.mx.

References:

• The Cyber Priority. Uncover the state of cyber security in the energy sector in 2022 at: https://www.dnv.com/cybersecurity/cyber-insights/thecyberpriority.html
• https://hbr.org/sponsored/2021/08/oil-and-gas-companies-must-act-now-on-cybersecurity
• https://www.pcisecuritystandards.org/pci_security/
• https://www.statista.com/statistics/1133337/largest-fines-issued-gdpr/
• https://www.statista.com/statistics/221390/share-of-hacking-methods-across-organizations/

[1] See: https://www.pcisecuritystandards.org/pci_security/