To clarify the significance of information security (IS) when operating in the oil & gas industry with today’s digital transformation scenario, the reporter of New Energy Magazine had a discussion with Ms. Chloe Bui – Operations Director of Vina Aspire, member of the Viet Nam IS Association (VNISA).
Reporter: In your opinion, how is the improvement of information technology (IT) and digital technology creating an impact on oil & gas (O&G) companies in the current stage, regarding benefits and potential hidden risks?
Ms. Chloe Bui: The oil & gas industry, with a global workforce of millions, is an important segment of the global economy. It powers families, businesses, and traffic systems, while also supporting commerce, technological & infrastructure development. Rapid advances in IT has fostered businesses’ improved performance, cost reduction, and enhancement of competitiveness, especially for O&G companies in the increasingly competitive and ever-changing business environment.
Technology allows businesses to control and optimize production operations. Data management and big data analytics systems provide better insights into drilling and production procedures, which can help optimize processes and reduce costs. The connectivity of sensors and smart devices through the Internet of Things (IoT) enables remote monitoring and control of equipment and systems. O&G companies can also leverage artificial intelligence (AI) to predict production and maintenance issues, reducing the risk of losses and unexpected down time. Storing data and applications on the cloud offers increased flexibility, scalability, and reduced risk of data loss. Blockchain technology can improve supply chain management, ensuring transparency and security in transactions. Digital information and engineering systems help integrate processes and optimize communication between departments.
With the increase in online access and connectivity, cybersecurity and data privacy have become top-level priorities & concerns. O&G companies must invest in security solutions to protect sensitive information and prevent cyberattacks.
Reporter: How important is the role of an IS strategy for the general development strategy of an O&G company’s?
Ms. Chloe Bui: O&G is a capital-intensive industry that requires significant investment in both physical and information resources. An IS strategy helps protect these resources from threats such as cyberattacks, data breaches, or industrial espionage. The O&G industry also faces significant environmental and safety risks due to incidents such as oil spills, explosions at production sites, and cybersecurity issues. An IS strategy ensures that environmental management & monitor systems are protected from attacks and risks of losing control.
Other than that, the O&G industry is subject to extensive safety regulations and standards. An IS strategy ensures that organizations can effectively meet their information security and risk management requirements. An IS incident can have a significantly negative impact on the reputation of an O&G company. An IS strategy safeguards sensitive information from breaches and that all operations comply with safety and security regulations.
It also provides the ability to assess and manage risks related to cybersecurity and information security. This enables organizations to quickly respond and recover from any security incidents. By protecting systems and data, an IS strategy improves the performance and stability of production and management procedures. Additionally, oil and gas companies often have crucial research and development activities, where an IS strategy will help guarantee IS for critical and sensitive projects that need to be closely guarded.
Reporter: Could you please provide some statistics on the current cybersecurity landscape for O&G companies in Vietnam? To what degree would a security breach cause damages to an O&G company?
Ms. Chloe Bui: One of the major incidents that has caused difficulty for the O&G industry is the ransomware attack aiming to blackmail the largest East Coast distributor of gasoline, diesel, and natural gas, Colonial Pipeline. The attack on Colonial’s IT network forced the company to shut down its pipe lines, leading to increased gas prices; in some states, consumers had to scramble for gas at the pumps. Notably, the Colonial Pipeline incident has been a catalyst for increased cybersecurity regulations in the industry. At the same time, it serves as a wake-up call for executives to establish an enterprise-wide cybersecurity strategy.
Ransomware has become a scourge for businesses worldwide, and attacks are anticipated to continue increasing in number and sophistication. In Vietnam, according to statistics from the Authority of Information Security (AIS), in October 2023 alone, the AIS issued warnings and guidance on handling 1,010 cyberattacks that caused incidents in information systems. That is a 17.9% increase compared to the same period in 2022. In November 2023, many O&G companies, electricity companies, and organizations in Vietnam were also hit by ransomware attacks, causing significant damage and disrupting operations. Recent cybersecurity incidents have also added to the challenges faced by O&G companies.
Consequently, a cybersecurity strategy plays a critical role in an O&G company’s development strategy because it is directly related to protecting critical information, maintaining reputation, and ensuring that operations continue in a safe and uninterrupted manner.
(“To overcome cybersecurity challenges, O&G companies need to pay special attention to IT, have strong support and commitment from the highest levels of leadership, and dedicate significant financial resources to IT investments on a regular, annual basis.” – IBM Security expert presents cybersecurity solutions at Vina Aspire Cyber Security Summit 2023: How to deploy an IS system in the O&G industry)
Reporter: In Vina Aspire’s experience, what are the challenges that prevent O&G companies from developing an appropriate IS strategy? Is cost a factor, and what are the solutions to these challenges?
Ms. Chloe Bui: The O&G industry is a highly international industry that uses a lot of modern technology; thus it involves many challenges when developing an appropriate IS strategy. One of the most common issues is that implementing security measures requires a significant financial investment, and balancing IS investments against other priorities, such as upgrading production infrastructure. Others may not fully understand or acknowledge the level of risk posed by cybersecurity threats. This could lead to a lack of awareness & determination regarding the importance of cybersecurity and implementing security measures.
Currently, many large O&G companies do not have an IT department but merge it into a department under the office function. This indicates a low level of interest in IT and IS. The policy regime and salary for IT staff are not commensurate, making it difficult to have specialized personnel in cybersecurity. These experts not only help build strategies but also help deploy and maintain effective security systems. Systems in the O&G industry are often large and complex, comprising a wide range of devices and diverse digital environments. Securing these systems can be challenging and requires a deep understanding of the specific operating environment. Moreover, the O&G industry is often subjected to a wide range of industry standards and regulations, adding pressure towards a fully-compliant IS system.
Building risk management and emergency response capabilities is especially challenging under increasingly sophisticated and diverse threats. Business models in the industry usually have a latency toward the pace of technological advancements, which can createIS concerns gaps in IS strategies. Furthermore, secure collaboration and information sharing among industry players are limited due to competition, image, reputation, and .
Reporter: Can you share some of the current IS solutions for O&G companies?
Ms. Chloe Bui: Some solutions that we would like to propose to O&G companies includes establishing a specialized IT department and budget allocation for purchasing and providing a decent income for IT staff; developing and implementing a cybersecurity policy that ensures all employees understand and follow suit; IS awareness training for users; training employees on cybersecurity measures and how to avoid online threats, including social engineering techniques (non-technical attacks).
By combining the above solutions, O&G companies can build a comprehensive cybersecurity strategy to protect their data and systems from online threats.
Reporter: Thank you!
Vina Aspire is a consulting company, providing IT solutions and services, network security, information security & safety in Vietnam. Vina Aspire’s team includes skilled, qualified, experienced and reputable experts and collaborators, along with major domestic and foreign investors and partners to join hands in building.
Businesses and organizations wishing to contact Vina Aspire Company with the following information:
Email: info@vina-aspire.com | Website: www.vina-aspire.com
Tel: +84 944 004 666 | Fax: +84 28 3535 0668
Vina Aspire – Vững bảo mật, trọn niềm tin