OTC speaker: Oil companies should bulk up cybersecurity

As oil companies outfit offshore platforms and drilling rigs with more automated, interconnected devices such as sensors, they should pay more attention to keeping those systems protected from online attacks, a speaker said at the Offshore Technology Conference on Tuesday.

“People are out there looking to find things connected to the internet,” said John Jorgensen, director of cybersecurity and software at the American Bureau of Shipping, referring to the possibility that a hacker could exploit weakly protected computer controls through exposed internet connections. “We have actors who are looking to try to do things just because they can.”

Related: Energy industry’s control provide an alluring target for cyberattacks 

In a talk aimed at executives who have only just begun looking into the threats of the digital age, Jorgensen said oil companies should take a so-called risk-based approach to cybersecurity, which in part means ensuring security becomes a part of the corporate culture from the management on down.

Drillers, he said, should also establish offices to manage so-called industrial control systems, the automated devices that run critical functions on platforms and rigs, to start monitoring these systems closer to protect them  from cyber threats.

“The bad guys improve their procedures and techniques faster than we can,” he said. “We have the capability to learn but we have to maintain production while we’re doing it.”

Related: Put to the test, cybersecurity experts easily infiltrate energy companies’ networks