Oil & Gas cybersecurity spending to hit $1.9bn

IQPC to host conference for energy sector to discuss region's security issues

Tags: BloombergBooz Allen HamiltonIDC Middle East and AfricaInternational Quality & Productivity Center (www.iqpc.com/)Oil & GasUnited Arab Emirates
  • E-Mail
Oil & Gas cybersecurity spending to hit $1.9bn The region's energy sector is increasingly coming under cyberattack.
By  Mark Sutton Published  February 16, 2016

Oil & Gas companies will spend almost $2 billion on cybersecurity worldwide by 2018, according to research from Bloomberg.

The company predicts that cyber defence spending will reach $1.9bn in the next two years, as organisations look to tackle threats such as DDoS attacks, data theft, malware and ransomware, and emerging threats to smart connected infrastructure, cities, transport networks, utilities and so on.

The Middle East has been one of the main targets for cyber attacks, according to the International Quality & Productivity Center (IQPC), which has released a whitepaper on the Middle East Cyber Security Landscape ahead of its 5th Annual Cyber Security for Energy & Utilities Conference set to take place from 24-27th April 2016 at The Westin Golf Resort in Abu Dhabi, UAE.

The region's oil & gas sector has suffered from a number of targeted cyber attacks in recent years, including the Laziok Trojan in March 2015 that specifically attempted to steal data from energy companies in the Middle East; and the August 2012 attack against Saudi Aramco.

IQPC said that the sector needs to develop comprehensive cyber security frameworks and systems to achieve a holistic, multi-layer approach to defend its critical assets and data centres, but that 70% of regional IT decision makers lack complete confidence in their company's cyber security policies and capabilities to defend them against emerging threats.

With increasingly connected infrastructure and Internet of Things systems, organisations need to take a co-ordinated, industry-wide approach to security, experts warn.

What we have traditionally seen in the Middle East is that people like to have their own little areas of structure. What really and truly needs to happen is for everybody to embrace IoT (Internet of Things) and not look for empire building in any shape or form. That's the whole thing about private-public partnership. Getting people to work together for the greater good is going to be the hardest thing," said Paul Black, IDC MEA and Turkey Director - Telecoms and Media.

There is also more need for government co-ordination of efforts and regulation of security in the oil & gas sector, IQPC said. ME governments are looking to encourage key sectors like energy and utilities to adhere to international best practice with regards to cybersecurity. For example, the UAE National Electronic Security Authority (NESA) draws on a number of guidelines from the internationally recognised ISO 27001 standards and insists that many companies in key sectors will have to adhere to these principles by end of 2016. The ISO Code of Practice for Information Security Management (ISO 27001/27002) is a security management framework. It outlines a set of high-level organisational policies, procedures and technical standards that a company needs to follow, based on the specific risks it faces, in order to properly analyse and manage its ICT security risks.

Currently, some organisations will simply choose to implement the standard of ISO 27001 in order to benefit from the best practice it contains, while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed. However, it seems that more ME governments are moving towards an obligatory model where companies in certain key industries will have to follow such guidelines in order to remain eligible for government contracts.

Governments in the region are also increasing investment in cybersecurity, with the UAE announcing in 2014 that it would double its homeland security budget to over $10bn, mainly with a focus on cybersecurity, and Egypt establishing the High Council for Cyber-Security (HCC), also in 2014.

"The answer lies in collective action. Cyber security is no single person, organisation or industry's problem - it is everyone's. Just as the risks are shared, so should the responsibility for addressing them. Through an alliance of pooled expertise, resources and budgets, we can begin to give the cyber security challenge the attention it demands," added John McConnell, senior executive advisor, Booz Allen Hamilton.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code