By Velda Addison, Hart Energy

It’s no secret that cyber attacks are a threat today as technology takes on a growing role in daily operations and routines.

Even toymakers are vulnerable. Vtech, which specializes in electronic toys, confirmed this week that hackers accessed data from nearly 5 million of its customers via an app store customer database and server that allows parents to use a smartphone app to chat with their children using a Vtech tablet.

It’s probably safe to say that if children’s toys aren’t safe from cyber criminals, then multibillion-dollar and multimillion-dollar corporations—oil and gas companies included—surely aren’t off the list.

DNV GL examined cyber security in a recently released study for the Lysne Committee, focusing on operations on the Norwegian Continental Shelf. The organization said Norwegian intelligence authorities are warning of an increase in digital threats aimed at the industry.

Good news is that most companies are actively managing their information security.

International survey results released Nov. 30 by the DNV GL showed that 58% of the 1,100 business professionals surveyed are managing their information security. What is troubling, however, is that the survey showed that only 27% are setting concrete goals.

Cyber attacks are happening more frequently, becoming more sophisticated, and according to DNV GL, they are becoming more difficult to detect and guard against.

“Headline cyber security incidents are rare, but a lot of lesser attacks go undetected or unreported as many organizations do not know that someone has broken into their systems,” said Petter Myrvang, head of the security and information risk for DNV GL - Oil & Gas. “The first line of attack is often the office environment of an oil and gas company, working through to the production network and process control and safety systems.”

DNV GL identified the top 10 most pressing cyber security vulnerabilities for companies operating offshore Norway. Although the study targeted Norwegian operations, oil and gas companies elsewhere could be facing the same issues.

Here is the list, as provided by DNV GL:

  1. Lack of cyber security awareness and training among employees
  2. Remote work during operations and maintenance
  3. Using standard IT products with known vulnerabilities in the production environment
  4. A limited cyber security culture among vendors, suppliers and contractors
  5. Insufficient separation of data networks
  6. The use of mobile devices and storage units including smartphones
  7. Data networks between on- and offshore facilities
  8. Insufficient physical security of data rooms, cabinets, etc.
  9. Vulnerable software
  10. Outdated and ageing control systems in facilities

“Companies must create a culture for reducing digital vulnerabilities in the same way as there is a culture for preventing fires and explosions,” DNV GL said in the study. “Awareness-creating work must be prioritized both within the sector and in the general public. Schools must focus on behavior when using digital media.”

The organization suggested companies tackle cyber security the same what they address safety risks using the bow-tie model to better identify potential weak areas and work to prevent attacks while also developing a game plan to quickly recover from an attack. The advice is well worth heeding.

Velda Addison can be reached at