The use of IT in the oil & gas industry is common for decades now. The industry has tested elements of the concepts of IIot and IT/OT integration and the solutions behind them. The awareness about the benefits they bring is becoming more widespread. Fact is that implementing the solutions behind these concepts makes implementing Cyber Security solutions not an option anymore. The benefits of IIoT and IT/OT integration in general outweigh the burden of implementing Cyber Security however.
After the awareness stage oil & gas companies are gradually moving to the implementation stage. Many of them are struggling however to initiate a Cyber Security program for the OT domain, because the program is different from the IT Cyber Security program and specific domain expertise is most often missing within the company and/or its IT service provider. OT Cyber Security programs have been developed by external companies such as Yokogawa. These programs contain the best practices and lessons learned from projects executed in the past.
The challenge for oil & gas companies now is which approach to take. Develop the required expertise itself or outsource to companies with the required expertise and potentially causing a conflict with the confidentiality policy of the company.
This paper explains what it means to outsource the OT cyber security and how the collaboration is handled between the service provider and the company.