Sector CIP Instruments - Oil & Gas

 

Sector CIP Instruments - Oil & Gas 

 

 

This page provides an annotated list of Critical Infrastructure Protection (CIP) resources dedicated to the oil and gas sector. 

 

Cybersecurity and critical infrastructure protection are critically important for the oil and gas sector due to its heavy reliance on complex, interconnected IT & OT systems, including exploration, production, refining, and distribution. Any vulnerability in the cybersecurity of It or operational systems is likely to lead to severe disruptions with potentially significant financial losses, supply chain functioning and environmental damage. 

 

Oil and gas sector is still a critical component of a county's critical infrastructure with implications for the overall economic stability. Oil and gas industry also handles proprietary technologies, trade secrets, strategic plans etc. A cybersecurity breach may potentially compromise the safety controls of critical infrastructure, leading to accidents, spills, or other environmental disasters with devastating consequences. 

 

In our view, in achieving the objectives of SDG 7 stronger collaborative efforts among government agencies, private companies, and international organizations appear to be the key missing element for establishing comprehensive cybersecurity frameworks that protect the integrity and reliability of the oil and gas sector's critical infrastructure.

 

Organization Title Year  Type Description
US Department of Energy  ONG-C2M2-v1-1_cor.pdf (energy.gov) 2014 Model.

The model describes the Cyber Security Capability Maturity Model (C2M2) version the Oil & Natural Gas Cybersecurity Capability Maturity Model (ONG-C2M2). It allows owners and operators of components of oil & natural gas critical infrastructure to assess their cybersecurity capabilities and informs the prioritization of their actions and investments to improve cybersecurity. The model is a common tool that can be used consistently across the industry. 

 

The goal of the model and associated tools is to support ongoing development and measurement of cybersecurity capabilities within the oil and natural gas sector. 

 

The model can be used to: 

 

  1. Strengthen cybersecurity capabilities in the subsector 
  2. Enable subsector entities to effectively and consistently evaluate and benchmark cybersecurity capabilities 
  3. Share knowledge, best practices, and relevant references within the subsector, as a means to improve cybersecurity capabilities, and 
  4. Enable subsector entities to prioritize actions and investments to improve cybersecurity.

This paper provides the background on the C2M2, including the model architecture, an overview of the domains, and the model practices. 
World Economic Forum 

Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers

   2021

To help the energy industry improve its resilience against cyber risk, the World Economic Forum has convened over 40 senior executives to establish a blueprint for evaluating cyber risk across the oil and gas industry.

 

This white paper on oil and gas illuminates the industry’s best practices and create new solutions for corporate leaders to address cyber risk. It presents six principles to help boards at oil and gas companies govern this risk and strengthen their organization’s cyber resilience. Adopting them will support the industry in its efforts to continue delivering safe, affordable and low-carbon energy for decades to come. 

 

 

 

Tel Aviv University makes every effort to respect copyright. If you own copyright to the content contained
here and / or the use of such content is in your opinion infringing Contact the referral system >>
Tel Aviv University, P.O. Box 39040, Tel Aviv 6997801, Israel