Shah Sheikh features in the The Oil and Gas Year (TOGY), Abu Dhabi publication

After 10 years of producing industry-defining books and maps on the world’s emerging and established oil and gas markets, The Oil & Gas Year is again leading the way with publication of TOGY2016, Abu Dhabi. Abu Dhabi’s oil wealth has given it a GDP per capita of $109,000 and a healthy trade surplus. But in order for this to be sustained, the emirate’s government will have to combat its non-oil trade deficit and take long-term measures to ensure the economic diversification.

The emirate’s oil industry accounts for 55 percent of GDP and has plans to increase output from the 3 million barrels of oil per day produced in November 2014 to 3.5 million barrels by 2017. To do this, companies are investing heavily in new technologies to increase recovery rates in Abu Dhabi’s more mature onshore fields, including advanced drilling, digital oilfield systems and reservoir modelling. Offshore has seen construction of artificial islands that are more effective than traditional wellhead platforms to boost output from its major fields.

TOGY2016 - Abu Dhabi Publication

DECK: The number of targeted cyber attacks against large corporations globally reached unprecedented heights in year 2015 and the Middle East was certainly not immune due to the dynamic landscape of the region. With industrial technological advancement such as converged next generation SCADA systems, Digital Oilfields and Internet of Things (IoT); the rise in cyber security related breaches targeting in-secure by design legacy and new architectures are only going to increase.

TOGY met with leaders in the intersection between IT and Industrial Control Systems (ICS) Security in the UAE to discuss how and why oil and gas companies might be attacked and whether those within the industry are taking cyberattack threats seriously.

Shah H SHEIKH - Co-Founder / Senior Security Solutions Consultant DTS SOLUTION

The Oil and Gas Industry in the Middle East has experienced the aftermath of multiple cyber security breaches in 2012 which has triggered key strategic discussion points at board level, yet the industry is still moving at a slow pace when it comes to executing cyber security initiatives. We have seen organizations that are reactive and only take actions on such initiatives once they have been subject to a breach, not only increasing the cost of remediation but creating a culture that is reactive and impulsive on cyber security matters within the organization.

Achieving a high security maturity level by developing and executing a Cyber Security Management Systems (CSMS) within any Oil and Gas organization is not easy; there are no adequate security assurance agreements between the organization and contractors leading to an unknown vacuum in terms roles and responsibilities for Cyber Security within SCADA and process control networks.

The formation of National Electronic Security Authority (NESA) in the UAE has been without doubt the catalyst towards a safe cyber community. NESA Critical Infrastructure Information Protection (CIIP) and the National Information Assurance Framework (IAF) policies provide concise directives in achieving better governance, mitigation of cyber risks and compliance towards national and international cyber security standards.

Cyber security should be seen as an organization-wide challenge and not only the responsibility and accountability of IT, this is even more prevalent in the Oil and Gas Industry.