IT Management In Oil & Gas - 2011 Sector Report


Published on

IT Management In Oil & Gas -

Oil & Gas IQ
2011 Sector Report

Learn more:

1 Comment
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

IT Management In Oil & Gas - 2011 Sector Report

  1. 1. IT Management In Oil & Gas 2011 Oil & Gas IQ Sector Report IT Management In Oil & Gas 2011 Oil & Gas IQ Sector Report
  2. 2. IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report "As of 2011, the amount of data mankind is able to store is at least 295 exabytes of information. Thats 315 times the number of grains of sand in the world." And how much of that information is flowing through the global oil and gas sector? In fifty years, humanity has gone from paper and punch cards to the real-time expanses of the digital oilfield. Efficient and secure management of data and information has never been more important and process critical. The business case is self-evident: in the 21st century oil and gas world, digital asset integrity is as important as that of physical assets. As a prelude to Oil and Gas iQs Data and Information Management Online Summit, wed like to share with you some of our work in the oil and gas IT sphere. Tim Haidar, Editor In Chief, Oil & Gas IQIn The Wake Of Stuxnet: The Importance Of ImprovingSCADA SystemsBy Tim Haidar, Editor In Chief, Oil & Gas IQ As an increasing number of organisations across the planet implement supervisory control and data acquisition (SCADA) systems in order to improve control, the threat of these being exploited continues to grow. For many firms, a key challenge is therefore ensuring that change is effectively managed with seamless upgrades and optimising the SCADA system to ensure that threats are countered with advanced security measures. The need to stay as up-to-date as possible was recently highlighted in China when a security researcher at NSS Labs disclosed a critical vulnerability in a popular SCADA software package used in China. However, according to the researcher in question, Dillon Beresford, he has also discovered similar holes in other SCADA applications used in the country, and says a lack of transparency within the nation on matters related to computer security may make it difficult to get these vulnerabilities addressed. He told Threatpost that the frailties discovered in the KingView HMI Human Machine Interface (HMI) software by Beijing-based firm Wellintech was just one of many others he has uncovered while testing Chinese SCADA software in the lab. Furthermore, he intends to disclose these holes after working with the software makers and Chinas Computer Emergency Response Team (CERT) to prepare patches for them. CONTD> IT Management In Oil & Gas 2011 Oil & Gas IQ Sector Report
  3. 3. In The Wake Of Stuxnet: The Importance Of Improving SCADASystemsBy Tim Haidar, Editor In Chief, Oil & Gas IQ <CONTD In his initial blog posting after discovering the hole, he said: "By disclosing the vulnerability to WellinTech, CN-CERT and US-CERT I am confident that I have done the right thing. I was only trying to help and assist with the issue affecting KingView. "I might have prevented a catastrophic event from taking place. As an example, one need not look too far into the past to reflect on what happened with Stuxnet, which was essentially a bundle of zero-day exploits inside a worm." Some of the key issues facing many firms is standardising security for SCADA systems and protocols, establishing secure SCADA systems in an integrated environment and implementing methods to counter security risks. This is clearly something which needs to be addressed as soon as possible, as far as Mr Beresford is concerned. He told Threatpost that he has been analysing Chinese SCADA software in his free time and described the KingView hole as a "heap overflow vulnerability" which exists in a software module that listens for and processes incoming log events from the HMI software, and is also used to create visual representations of data flows between different machine components. According to the expert, the heap overflow vulnerability exists in versions of the KingSoft software running on most supported versions of Microsoft Windows and would enable a remote attacker to take full control of a vulnerable system running the software. He was keen to stress that issues such as these can affect almost any organisation, particularly as many industry leaders are currently focusing on how they can build risk management processes into system changes and security policies and develop new security protocols and best practices to secure smart grids and SCADA systems from external attacks. Mr Beresford said he hopes that releasing data on the vulnerability prompts some action on the part of China CERT and Wellintech. On a broader scale, it may encourage organisations across the planet to consider how they can boost the security of their SCADA systems and have strategic planning processes in place before implementing changes to these systems. For these organisations, avoiding the kind of holes found in the KingView HMI will be top of the agenda as they seek to avoid unnecessary expenditure and maximise control. IT Management In Oil & Gas 2011 Oil & Gas IQ Sector Report
  4. 4. Terrorism 2.0 - Is Coffee Still More Important Than IT Security?By Tim Haidar, Editor In Chief, Oil & Gas IQ In April of 2009, the Wall Street Journal reported that the US National Power Grid had been infiltrated by cyber attackers and was vulnerable to future digital incursions. Amidst a barrage of media criticism and headlines like "Cybersecurity: Is the U.S. Government doing enough?" SCADA systems were firmly in the spotlight and the Obama administration ordered a "top-to- bottom review" of electronic infrastructure systems in the US. The 2009 invasion, was not by any means the first in regards to cyber security breaches affecting critical systems. As early as 1992, a disgruntled Chevron employee managed to disable emergency alert protocols spanning 22 states in the contiguous USA. In 2000, hackers in Russia managed to seize control of Gazproms entire natural gas pipeline network, and 2003 saw the Slammer and Blaster computer worms shutting down safety systems at Ohios Davis-BesseNuclear Power Stations for 5 hours, and contributing to a the blackout of the North-Eastern American that affected 55 million people in the US and Canada. It was after this combination of events that Americas first "Cybersecurity Czar", Richard Clarke, stated: "If you spend more on coffee than on IT security, then you will be hacked. Whats more, you deserve to be hacked.“ Fast-forward to July 2011 and the Stuxnet computer worm infected vital systems controlling the Iranian nuclear reactor at Bushehr and up to 12 million computers and many thousands of essential infrastructure systems across China. If there needed to be a wake up call for energy companies across the world as to the danger of SCADA system, Stuxnet was it. Just prior to the Stuxnet attacks, the US Senate started discussing the Protecting Cyberspace as a National Asset Act of 2010, whose advocates decried "the federal governments efforts to secure cyber networks" as "disjointed, understaffed, and underfinanced", stating that: "wecannot wait for a cyber 9/11."Senator Joel Lieberman of Connecticut professed that: "This bill was prompted by growing concerns that public and private sector networks have become increasingly vulnerable to attack from cyber warriors, spies, criminals and terrorists.“ While incidents like Stuxnet highlight the possibilities of a "Digital Armageddon", the probabilities of such an event are still remarkably slim. To date, not a single person has died as a result of cyberterrorism, and we must believe that the international terrorists motive is still to kill and maim and not cause digital disruption. While Terrorism 2.0 represents a huge threat in the Information Age, it is simply not as logistically feasible or impactful in the short-term as conventional terrorism for extremist purposes. Although an alleged "Al Qaeda Online" cell was discovered in 2003 to have SCADA systems information relating to dams in the US, there has been no solid evidence of a concerted attack plan then or since. Post-Stuxnet, the prevailing mood of preparation for imminent attack does seem to be prudent if not a little alarmist in nature. Be under no illusion, coffee is now a secondary consideration for oil and gas companies. IT Management In Oil & Gas 2011 Oil & Gas IQ Sector Report
  5. 5. Data Management Q & A - Just What Is Most Important?By Tim Haidar, Editor In Chief, Oil & Gas IQ As a prelude to Oil & Gas iQs Data Management For Oil & Gas Online Summit, we spoke to two past speakers, and one who will be presenting this July, about the biggest challenges they face in the industry at the moment. Mohamed El-Harras, Information Technology Division, Abu Dhabi Gas Development Company Q. In your opinion, what is the most significant data network management challenge facing operators in the oil and gas industry? Data & information management is facing many challenges: • Exponential data growth and terabyte-sized operation and project data sets • Aliening business needs and technology expenditures to ensure the appropriate level of performance, protection and availability • Removing dependency on individuals • Data and information Integration • Data Islands: that is to say, data that is available in silos and scoops • Dealing with too many data formats: AutoCAD, Micro station, Excel, Word, scanned images, paper media…etc. • Data retrieval: in other words, the lead time to bring ‘data to desktop’ Q. Could you tell me more about how data centralisation facilitates information consistency and accuracy across the entire organisation? Data centralisation facilitates data consistency and accuracy as It: • Eliminates data duplication • Offers a single source of truth for accurate data Q. In which area of data and information management would you say lays ADGDC’s strength? Data and information management offers the required information for solid decisions for all areas within the corporate sphere, especially within operations, maintenance, engineering and technical projects. CONTD> IT Management In Oil & Gas 2011 Oil & Gas IQ Sector Report
  6. 6. Data Management Q & A - Just What Is Most Important?By Tim Haidar, Editor In Chief, Oil & Gas IQ Sandeep Kundu, Geoscience Data Manager, Reliance Industries Q. In your opinion, what is the most significant data network management challenge facing operators in the oil and gas world? For any solution we need the synergy of technology, people and processes. In the area of data and knowledge management we have more than enough state of the art technology implemented in form of tools and products. The major challenge is to develop well defined processes and in having people who realise the importance of these processes and carry forward the task of putting these into proactive practice towards effective data and knowledge management. Q. Could you tell me more about how business intelligence (BI) benefits E&P information management and business decisions? Business success depends on good decisions, which in turn is driven by accurate and timely information. Business Intelligence is a critical component of an enterprise information management strategy. BI is nascent in the E&P business, and is seen largely as a game-changer that can significantly reduce resource engagement in making efficient and accurate decisions. Essentially, good BI helps E&P departments turn data into useful and meaningful information and then distribute the information to those who need it, when and where needed, so timely and better informed decisions can be made. BI allows E&P organisations to aggregate data from a variety of sources enabling better informed and timely decisions in the following areas: • Business performance and emerging opportunities. • Real-time access to operational activities and results. • Confidence in the quality of data in master stores • Ability to manage KPIs • Proactive response to positive and negative changes • More focus on analytics rather that data search and organisation • Improved compliance to regulatory authorities CONTD> IT Management In Oil & Gas 2011 Oil & Gas IQ Sector Report
  7. 7. Data Management Q & A - Just What Is Most Important?By Tim Haidar, Editor In Chief, Oil & Gas IQ < CONTD Q. Is there anything else you would like to be featured in the interview? Indeed, there are areas in BI that need special address: BI from structured data is well understood and tools to address their cause are in abundance. However, deriving BI from unstructured data is a major challenge. Unstructured data lies scattered across the company in silos. Their conversion into a structured catalogue in specificity to the business process design is critical in achieving a transactional ECMS (electronic document management system) on which BI tools can reside to enable better decision making. Sulaiman K. Al-Mazroua, Supervisor, IT/ Communications Operations Dept, Saudi Aramco Q. In your opinion, what is the most significant data network management challenge facing operators in the global oil and gas business? Every information technology organisation such as the business enabler in Saudi Aramco, faces a main challenge to meet business expectations. It requires high bandwidth through reliable and secure media, best-in-class applications and innovative solutions for the company to meet the world demand for oil and gas. The target is always high availability with continuous performance improvement. Q. Could you tell me how Saudi Aramco effectively manages their data networks and how that contributes to the overall performance of the organization? Managing a network with the level of heterogeneity and complexity of Saudi Aramco requires us to establish a customised approach that merges ISO, ITU-T and service provider models under one unified framework that works the best for Saudi Aramco. Also, tremendous efforts were put in place to align the organisation with ITIL recommendations and most importantly to evolve from system management to a business focused role. For that Saudi Aramco empowered its network management portfolio with a variety of tools - from high level service monitoring portals to deep packet inspection tools - in order to sustain high availability and a top performance network. IT Management In Oil & Gas 2011 Oil & Gas IQ Sector Report
  8. 8. Additional ResourcesINTERVIEW: Matthieu Lamy on Document Controllers AsA Fulcrum For Knowledge ManagementHosted By Tim Haidar, Editor In Chief, Oil & Gas IQ In this podcast with Oil and Gas IQ, Matthieu Lamy, Document Control Manager at Talengi tells us about the importance and evolution of the document manager, the place of document management systems in the oil and gas sector and where the document manager will be in the coming years.WHITE PAPER: The Importance of Data and DocumentManagement To The Oil and Gas IndustryBy Mohamed El Harras, Lead Engineer (Systems & Data Management) ADGAS In a world that is more and more saturated with structured and unstructured information and moving inexorably towards the digital oilfield, just how important is data and document management in the 21st century oil and gas sector? IT Management In Oil & Gas 2011 Oil & Gas IQ Sector Report
  9. 9. Gain maximum value from the increasing volumeof data generated by todays oil and gas business15 global data, knowledge and information management authorities from the world’s mostpioneering energy companies LIVE at your desktopThe oil and gas industry is a data-intensive business, and as the move towards the digital oilfieldaccelerates, companies are having to effectively deal with more and more information.This poses the challenge of what to do with this information, how to ensure it is placed at thefingertips of the right people at the right time in the right format to ensure the right outcomes.Over the past five years, Oil & Gas IQ has answered these questions by facilitating Data andInformation Management Summits around the world. In the process, it has developed a well-earned reputation as the industry’s leading facilitator of information on this subject.This experience has led to this brand new online event format which will allow us – for the firsttime – to unite the leaders in data and information management in one online event, allowing youto gain access to the most sought-after solutions to the challenges you face.These experts will cut through the clutter and share their insights into what’s really required tomake your information management strategy both successful and sustainable.Each of the presenters at this unique online event believe they have a story to tell, a lesson toshare, or a case study to highlight which can help you achieve one of these core objectives.So, if you combine this practical focus, with the level of expertise on offer, combined with anagenda which fits around your schedule – can you afford to miss this opportunity?This essential online event begins on July 18, and runs until August 1, 2011, and represents arevolutionary way of knowledge transfer and information exchange without you having to leaveyour desk - click here to find out how it all works. Get your EarlyRegister today to make sure you are able to claim the best possible rate. Bird discount NowWe look forward to seeing you online. Preview The Presentations >> Event Highlights How it Works Agenda ITEarly Bird Sale!! Management In Oil & Gas FAQ’s Pricing Isnt it time? Meet Your Speakers Register Today 2011 Oil & Gas IQ Sector Report
  10. 10. Gain maximum value from the increasing volumeof data generated by todays oil and gas businessThe HighlightsWe know there aren’t enough hours in the day as it is, so that’s why we have designed this unique eventto deliver the world’s leading data and information management strategies direct to your desk. That meansno travel, no time out of the office, no prohibitive costs, but most importantly, no disruption to your alreadybusy schedule.Among the highlights:• Understand the challenges and practical steps you can take to achieve best-practice in datamanagement across multiple countries from one of the core members of CHEVRON’s globalUpstream IT organisation• Benchmark your organisations information management and knowledge management frameworks asSHELLS head of Information Management and its head of Knowledge Management outline what asuccessful KM strategy needs to include from design to operation• Ensure your teams are able to retain ownership of data - even as more processes are automated - bylearning from the industry-leading experience of STATOILs leading Exploration Data Managementadvisor• Gain an essential insight into how you can design and implement a winning data and informationmanagement system by learning from international case studies from KUWAIT OIL COMPANY andSAUDI ARAMCO• Ensure you are up to date with the very latest efforts to standardize data andinformation management activities by hearing cutting-edge insights from Get your EarlyENERGISTICS, INTERNATIONAL ENERGY FORUM, CDA, and PIDX Bird discount Now• Discover how document management and data-information exchange can enhance your business with illustrative case studies from GDF SUEZ & TOTAL Preview The Expert Speaker Panel >> Event Highlights How it Works Agenda IT Management In Oil & Gas FAQ’s Early Bird Sale!! Isnt it time? Meet Your Speakers Pricing Register Today 2011 Oil & Gas IQ Sector Report
  11. 11. The Agenda – 15 Exclusive Interactive Sessions•Delivering best-practices in data and information exchange in KOC while ensuring knowledgemanagement excellence•Statoils global licensing project: Taking ownership of your data management•Creating the Data Foundation for the Digital Oil Field•Combining knowledge management with data and information management to ensure you retainexperience for the future workforce•Driving data management competency development in the oil and gas industry•Mastering information management: optimizing the handling of structured and unstructured data•SOA for G&G: How to provide collaborative workflow environments for upstream E&P•Developing and maintaining collaborative technologies using open data exchange standards for theupstream oil and natural gas industry•Optimizing data network management to enhance communication within the organization•A roadmap for document control and information management on major engineering projects in theenergy business•Overcoming the challenge of implementing enterprise warehouses in upstream oil and gas•Taking a global approach to data standardization: JODI, data transparency, and what it means foryou•Data management: Getting to grips with the legal issues Get your Early•All of us are smarter than any of us: What are we learning fromthe lessons of others? Bird discount Now•Increasing data and information management benefits through the use ofPIDX downstream standards Your Expert Speaker Line Up Event Highlights How it Works Agenda FAQ’s IT Management In Oil & Gas Early Bird Sale!! Isnt it time? Meet Your Speakers Pricing 2011 Oil & Gas IQ Sector Report Register Today