Governance & Risk Management , Legacy Infrastructure Security , Operational Technology (OT)
Securing Oil and Gas: Legacy Systems and Modern Threats
Noble Drilling CISO on Managing Old and New Tech, Challenges and StrategiesManaging cybersecurity in the oil and gas industry involves unique challenges as firms rely on both legacy systems and modern technologies. Many devices in use were built decades ago without current security guidelines, making them vulnerable to cyberattacks, said Bemi Anjous, CISO at Noble Drilling.
Legacy systems often depend on obsolete software such as Windows 95, which is no longer supported. The key to mitigating these risks is effective asset inventory management and understanding the associated risks of each asset, Anjous said.
"It's common, because a lot of these devices are built up to 10 to 20 years ago, and back then when they were built, they weren't thinking of IT and OT security. They were thinking of engineering," he said. "Over time, that does evolve, and right now we're seeing the impact of the attacks coming through those security gaps."
In this video interview with Information Security Media Group at the Cyber Security for Critical Assets USA Summit in Houston, Anjous also discussed:
- Balancing the needs of legacy technologies with the constant emergence of new technologies;
- The importance of asset inventory management and risk assessment;
- The need for effective communication strategies between IT and OT teams.
In his role at Noble Drilling, Anjous bridges the gap between IT and OT by leveraging his engineering background. He has expertise in optimization and cost reduction, outsourcing management and shared services, OT/manufacturing security and compliance, and strategy and forecasting.