Facing New Challenges in Downstream Industry
Published on : Saturday 03-10-2020
Connected technologies offer great advantages to the downstream industry, but also raise the exposure to cyber-attacks, cautions Dr Marcio Wagner da Silva.
The increasing connectivity and current business environment due to digital transformation increases exposure of the downstream industry to the concerns regarding cyber threats. Despite all the benefits of advances in technology, unfortunately, these developments have a dark side, as the malware has been getting increasingly sophisticated and harder to eliminate and/or prevent. Cyber-attacks is a real threat and cannot be ignored by the energy industry. Some references relate that the energy industry is the second preferred target of cyber criminals, and in recent years this has become a cause for great concern, mainly for the oil & gas production chain, where the concerned companies have included cyber-attacks as a major risk. Autonomous systems like drones and connected devices that are benefited by the IoT (Internet of Things) technologies are the main concerns when it comes to the risks posed by cyber-attacks.
Despite the new threats, the technology development and digital transformation in the downstream industry offers alternatives to keep under control the risks, allowing the players to enjoy the benefits of the connectivity to enlarge their competitiveness in the market.
Cyber threat growth in the downstream industry
Digital transformation has become a common topic in the last few years and has assumed a fundamental role in the business strategy of any industry, and it is no different in case of the downstream sector of oil and gas value chain. Nowadays, it’s practically impossible to imagine the future of the downstream sector without connected devices aiming at monitoring, in real time, the key parameters of the process units and equipment through sensors, artificial intelligence, etc., that requires data transmission through the internet. This scenario exposes these data to cyber criminals and the new technology developments tend to raise, even more, the refiners exposure to this threat.
The increasing use of Artificial Intelligence (AI) to improve the quality of the analysis carried out by humans and the continuous development of resources that tends to reduce the costs offer great opportunities, especially to optimise the repetitive tasks. Nowadays, many refiners are applying digital twin technologies to improve the performance and profitability of the refining hardware applying AI concepts.
The IoT technologies are other great enablers to the modern crude oil refining industry. Connected devices are capable to inform, in real time, key parameters like temperature, pressure, flow rate, etc., that allow a better monitoring capacity of the refining hardware and equipment, making processing the real time optimisation and reliability monitoring, avoiding or reducing production losses.
Due to these characteristics, the downstream sector offers interesting opportunities to the use of autonomous technologies. One of the most common uses of autonomous technologies nowadays is the use of drones to monitor the integrity issues and carry out inspection of the refining hardware. All of the quoted technologies offer great advantages to the refiners and tend to have this use enlarged in the next few years, but also raise the exposure of the downstream industry to cyber-attacks.
How to manage the cyber threat?
Despite the higher exposure, newer technologies allow a continuous monitoring of anomalies and any strange behaviour is considered a threat and the malicious data can be isolated. Furthermore, artificial intelligence can be a powerful tool to help the organisations to detect threats in real time avoiding prejudice to economical results and security. Of course, it is necessary to have an adequate investment in a robust system to achieve this goal.
The first step to manage the cyber threat is to be able to identify the risks and classify them, aiming to keep the organisation up to date with the most relevant threats. The use of a matrix to consider the probability and the impact of the risk is a powerful tool to adequate decision making system regarding cyber threats. Figure 1 presents an example of risks classification related to cybersecurity in the downstream industry.
Knowing the main risks in the first step, but it is necessary to understand and change the mind map, calling the organisation to the relevance of cybersecurity topics. As commented earlier, connected plants are the future and a reality in the industry, and this cannot be changed; but it is possible to be better prepared for the threats. We have available technologies to face this challenge, but it’s fundamental to adapt our management system in this sense – we need to develop and improve our sense of urgency for the IT security issues and this is a key step in the real digital transformation.
It’s always important to understand that the digital transformation is not only a technological phenomenon, but it requires a different mind-set, defining new strategies. Based on this concept it’s possible to build a robust strategy to control the industrial assets based on continuous risk assessment and clear security policies.
The training of the employees is another key factor to face the cybersecurity issues. Increasingly, continuous training and self-development are necessary; any operational system will present vulnerabilities and continuous learning and training is a fundamental part of the strategy to deal with this threat. Unfortunately, any good result depends on investments, but it’s important to be
capable to decide the best investment as the resources are always limited. Again, an adequate management system needs to be implanted to help the organisations to decide where the resources need to be applied. Modern management system needs to be based on two driving forces – the first, dedicated to maintain the reliability and sustainability of the current operations, and the second, focused to build the desired future creating, innovative ways to destroy the current business through disruptive thinking. Based on this management system, organisations can decide what the best investments are and the IT (Information Technology) security has a strategic character in the current and future scenarios.
As discussed above, connected technologies offer great advantages to the players of downstream industry, but at same time raise the exposure to cyber-attacks. Despite being a relatively new concern, it is necessary to have continuous monitoring to understand the main risks related to cybersecurity. That, and the agility to define how the risks will be faced as well as define adequate priorities related to capital investments in projects related to protection against cyber criminals as well as to keep the organisation up to date regarding the main threats.
1. Cann, J., Goydan, R., Bits, Bytes, and Barrels – The Digital Transformation of Oil and Gas.1st ed. MADCann Press., 2019.
2. Deloitte Company Report. Refining at Risk – Securing Downstream Assets from Cybersecurity Threats., 2017.
3. Rogers, D.L. The Digital Transformation Playbook: Rethink your Business for the Digital Age. 1st ed. Columbia University Press, 2016.
Dr Marcio Wagner da Silva is Process Engineer and Project Manager focusing on Crude Oil Refining Industry based in São José dos Campos, Brazil. A Bachelor in Chemical Engineering from University of Maringa (UEM), Brazil and PhD in Chemical Engineering from University of Campinas (UNICAMP), Brazil, Dr Wagner has extensive experience in research, design and construction to oil and gas industry including developing and coordinating projects to operational improvements and debottlenecking to bottom barrel units. Dr Marcio Wagner also has MBA in Project Management from Federal University of Rio de Janeiro (UFRJ) and is certified in Business from Getulio Vargas Foundation (FGV).