Skip to main content

Staying ahead of the attack curve

Published by , Editorial Assistant
World Pipelines,

Sadik Al-Abdulla, Chief Product Officer, Onapsis, USA, discusses building a cybersecurity posture to accelerate the shift to alternative energy.

The McKinsey Institute predicts that renewable energy sources will generate 60% of the world’s electricity by 2035, and it’s highly possible this percentage will increase. With the Russian-Ukrainian war creating unstable supply and demand costs for oil and gas companies across the globe, experts believe the shift to alternative energy will accelerate as countries seek energy security. Oil and gas giant BP reports that the demand for oil and gas will peak and begin a rapid decline sooner than previously anticipated. This global need for sourcing renewable energy is pressuring oil and gas companies to make new investments, including new partnerships and acquisitions that can help them reduce emissions.

At the same time, many across the industry are accelerating their digital transformation projects and modernising their systems. However, the increase in cyberattacks against the utilities sector threatens to compromise their business continuity. In fact, S&P Global found that cyberattacks targeting energy infrastructure soared to an all-time high in 2022. With cybercriminals looking to jeopardise the industry’s ability to maintain a stable energy supply, and coupled with the highly regulated nature of the sector, pipeline and utilities companies must be equipped to defend against emerging attack vectors.

From a cyber perspective, there are two significant characteristics to the pipeline and utilities environment. The first consists of operations technology (OT) threats, which have increasingly been focal to security strategies in recent years. The second are unique cyber considerations, which have been underemphasised, but are of increasingly critical importance.

Regarding cyber, these companies have dramatically enhanced dependence on enterprise resource planning (ERP) platforms. The most important application in critical infrastructure is an organisation’s core ERP software, which houses its most valuable data and is foundational to many day-to-day functions.

There are several steps that oil and gas companies can take to ensure business continuity and adhere to regulations. Here are some of the key components to a winning cybersecurity strategy.

Obtain a view of the ERP application ecosystem

One of the most common pain points for pipeline companies is a lack of visibility into their ERP landscape and corresponding risks. ERP software is the operational engine of every oil and gas company, containing comprehensive reporting on oil production, critical payroll and financial information, and other sensitive data that allows them to operate on a daily basis. Yet, due to their sophistication, high value, and increasing connectivity, their risk profile and attack surface have grown immensely.

Despite their importance and vulnerability, many ERP systems fall into a blind spot and are left unprotected against external attacks and internal misuse, often because they aren’t in the scope of conventional vulnerability management tools. Security teams must shine a light on the risks threatening their ERP landscape to properly mitigate them. With deep visibility into the vulnerabilities of ERP systems, organisations can also streamline their cloud migration projects, while modernising their IT environment.

Make the right cybersecurity investments

A cybersecurity programme can’t succeed without having the right tools in place. When considering technology investments, security teams should seek out tools that can directly protect systems that matter most. Vulnerability management tools that specifically solve for flaws in ERP software can help teams continuously monitor their users, vulnerabilities within the application layer, and any suspicious activity, while better understanding their attack surface.

Security teams should also look into ERP vulnerability management tools that provide strategic threat intelligence, including automated descriptions of each cyber threat, its level of risk, the potential business impact, and recommendations for response. This can help streamline the time-consuming patch management process, while providing teams with the context they need to prioritise vulnerabilities based on their level of importance and quickly mitigate critical security flaws.

Prepare for the unavoidable cyberattack

Implementing the right cybersecurity tools is only the first step to achieving true cyber resiliency. Unfortunately, cyberattacks can happen even with the strongest tools in place, disrupting business continuity in an instant. Security teams must be well-equipped to react in the face of a cyberattack with a strategic incident response plan centred around their company’s business systems. When developing a playbook, it’s important to keep in mind that a cyberattack against an ERP system requires a deeper level of consideration than the average malware incident, as it is far more sensitive and complex. Security teams must ensure that their incident response plan is well-designed and thoroughly tested ahead of time to avoid a last-minute scramble if an attack does occur.

Stay ahead of the attack curve

While oil and gas companies will remain a lucrative target for cybercriminals, this doesn’t mean companies have to suffer the consequences of a cyberattack. With deep visibility into the ERP landscape, robust ERP vulnerability management tools, and a strategic incident response plan, oil and gas companies can ensure their operations are secure and that digital transformation projects are running smoothly.


Read the latest issue of World Pipelines magazine for pipeline news, project stories, industry insight and technical articles.

World Pipelines’ May 2023 issue

The May 2023 issue of World Pipelines includes a special section on pipeline design and operation in extreme environments. Also featured are technical articles on field joint coatings, pipeline steels, and safety and risk management for pipeline networks.

Read the article online at:

You might also like


Embed article link: (copy the HTML code below):


This article has been tagged under the following:

US pipeline news Pipeline cybersecurity news Renewables news