When I saw thick smoke coming out of my computer, I was mortified. If it was the hard drive that caught fire, all my precious files – from unfinished university essays to party pictures to music files – were gone forever.
That was in 1997. If only there was a way at the time to back up those files automatically…
I got lucky, though: the hard drive survived the incident and the files were safe. Fast-forward to 2003: a friend’s brand-new laptop was stolen from his apartment. He was much less upset about the stolen gadget than about losing all the pictures from his latest Paris trip stored in the laptop. If only there was a way at the time to back up those files automatically…
What’s this got to do with oil and gas? Bear with me.
Fast forward again, to 2017. Almost all of us are online now, often having our files backed up to cloud services by default, even without our knowledge. From consumers to huge corporations, we use the internet for pretty much everything, from exchanging instant messages, controlling air conditioners and tracking planes and ships to launching satellites into space. We, journalists, rely on the World Wide Web to research our stories, stay in touch with our sources and editors, and deliver the results of our work to our subscribers.
This online presence often makes life easier for individuals, not least by saving us a lot of time. And for companies, digitalisation means higher efficiency and much lower costs.
The flip side, of course, is our vulnerability to cyber attacks, be it so called “phishing” (tricking us into sharing sensitive information or installing malicious software to steal this information without our knowledge) or something much more sinister.
In recent years, hackers have stolen unfinished songs from Madonna’s unreleased album, got hold of private pictures of many celebrities and attacked Yahoo, LinkedIn and National Lottery accounts, to name a few. Those intrusions were downright annoying but pale in significance when set against the geopolitical use or suspected use of cyberattacks — a trigger for the breach between Saudi Arabia and its allies, and Qatar was the hacking or alleged hacking of Doha’s state news agency.
This week, Russia’s largest oil producer Rosneft and Denmark’s integrated transport, logistics, and oil company Maersk, and Russian steel producer Evraz became victims of a widespread cyber attack of as yet unidentified origin or motive.
The oil and gas industry has been somewhat slow in digitalising itself compared with some other sectors of the economy. “Technological breakthroughs and digitalisation” only become a focus in Rosneft’s long-promised development strategy, now due by the end of this year.
That said, the period of sharply lower oil prices since the middle of 2014 has forced firms to pay much more attention to the issue. Digitalisation allows oil and gas companies to generate more cash while investing less – through reducing head count, standardising operations and outsourcing some (or many) functions. Anything from book keeping to design engineering to well control can be done remotely.
And this is where the issue of cyber security takes centre stage. Any general knows that the longer the supply lines, the more vulnerable the troops are. And any chief executive should know that the longer and more complex the lines of digital communication and instruction, the more vulnerable are operations and profits.
And it is not as if there haven’t been warnings. It was 2012 when Saudi Aramco said 30,000 of its computer work stations had been hit by a malicious virus, Qatar’s Rasgas was hit by an infection, and Iran’s NIOC’s systems were plagued by a worm. Let’s not even venture into the realm of Stuxnet and the reputed US-Israeli cyber attack on Iran’s nuclear centrifuges.
“A breach or failure of our digital infrastructure due to intentional actions such as attacks on our cybersecurity, negligence or other reasons, could seriously disrupt our operations and could result in the loss or misuse of data or sensitive information, injury to people, disruption to our business, harm to the environment or our assets, legal or regulatory breaches and potentially legal liability,” says BP in the list of business risks in its annual report, echoing comments made by many other companies. “These could result in significant costs or reputational consequences.”
Rosneft said this week’s hacker attack did not disrupt its operations, thanks to “to the fact that the company has switched to a reserve control system”. Maersk also reported no operational disruptions despite shutting down “a number of systems to help contain the issue”, adding that it is “working on a technical recovery plan with key IT-partners and global cyber security agencies”.
All is well that ends well. But this week provided a timely reminder that with the profits of digitalisation comes exposure to concatenating risks, and the closest focus must be on cyber security.