石油和天然气网络安全费用可能高达200亿美元

据钻机地带网11月27日消息称，根据咨询公司BDO的一项调查，到2023年，石油和天然气公司将在网络安全方面投入200多亿美元。

BDO自然资源业务的全国负责人Clark Sackschewsky告诉钻机地带网：“尽管技术正在改变油气供应链的各个方面，但它也在创造企业需要应对的网络风险的新领域，否则，它们的数字转型计划就可能永远无法启动。”

Sackschewsky 引用BDO的《2019年数字化转型调查》指出，36%的自然资源公司将网络安全视为推进新数字倡议的主要挑战。

BDO美国和国际网络安全主管Gregory Garrett表示：“例如，工业控制系统正在实现自动化和创造新的效率，但它们也为操作技术的攻击打开了大门。数字工具与操作系统的整合意味着，网络攻击可以造成现实世界的物理后果，包括中断或破坏设备。”

Garrett还认为，网络攻击的破坏性潜力不仅仅是一个商业问题。

他说：“这是一个国家安全问题。网络安全投资不仅是石油和天然气行业的重点，也是整个国家的重点。”

Garrett指出，网络安全投资需求最大的特定领域包括:：

升级旧版安全系统

改进文化网络准备

促进整个供应链的信息共享和协作。

Garrett说：“网络安全投资必须覆盖所有这些领域，因为其中任何一个领域都可能成为公司网络防护的弱点，从而导致潜在的漏洞。例如，即使你的公司不是直接被攻击的目标，你供应商系统的漏洞也会暴露你。这意味着您的安全系数和供应商一样。”

Garrett补充说，石油和天然气公司供应链往往庞大且相互关联，这凸显了第三方网络风险管理对这些公司的重要性。

曹海斌 摘译自 钻机地带

原文如下：

Oil and Gas Cybersecurity Price Tag Could Top $20B

Oil and gas companies will spend more than $20 billion align="justify">“While technology is transforming all aspects of the oil and gas supply chain, it’s also creating new areas of cyber risk that companies need to contend with, or else risk their digital transformation initiatives never getting off the ground,” Clark Sackschewsky, national leader of BDO’s Natural Resources practice, told Rigzone.

Citing BDO’s 2019 Digital Transformation Survey, Sackschewsky pointed out that 36 percent of natural resources companies identified cybersecurity as their primary challenge to moving forward with a new digital initiative.

“For example, industrial control systems are enabling automation and creating new efficiencies, but they’re also opening the door to attacks align="justify">Garrett also opined that the destructive potential of a cyberattack is not just a business issue.

“It’s a national security issue,” he said. “Cybersecurity investment is not just a priority for the oil and gas industry but the entire nation.”

Garrett pointed out that specific areas in greatest need of cybersecurity investment include:

upgrading legacy security systems

Improving cultural cyber-preparedness

fostering information-sharing and collaboration across the supply chain.

“Cybersecurity investment must cover all these areas as any of them can be a weakness in a company’s cyber armor, opening them up to a potential breach,” Garrett said. “For instance, even if your company isn’t directly targeted, breaches in your suppliers’ systems could expose you. This means you’re align="justify">Garrett added that the frequently large, interconnected nature of oil and gas company supply chains underscore the importance of third-party cyber risk management for these firms.