A future of operational resilience for the oil and gas industry, by Owen Miles, VP Solutions Engineering EMEA, Restrata.

Controlling risk factors

Bohai 2, Piper Alpha, Deepwater Horizon – while rare, disastrous incidents within the oil and gas industry remain in the public consciousness.

For the layman, procuring natural resources comes with an expected degree of extreme risk.

For the industry and the security and operational experts that support it, risk mitigation is a constant effort.

While infrastructure failures remain the most obvious threat, the truth is that the risks posed to the sector are always evolving, growing more numerous and volatile.

In efforts to increase the resilience of natural resource operations, the oil and gas industry needs to recognise that innovative technological solutions provide the best chance to effectively protect people, assets and operations.

Risks facing the oil and gas industries

Businesses across the oil and gas industry face threats from all angles.

They must treat each risk with the same level of diligence, proactive monitoring and crisis management.

Climate and nature hazards – rigs and refineries situated in resource-rich regions face threats from increasingly extreme conditions.

Whether it’s tsunamis, rising water levels, earthquakes or forest fires, the stability of these operations depends on the ability to respond swiftly to these events to mitigate damage.

This is not only about ensuring physical infrastructure is secure and can withstand such incidents; it’s also about providing sufficient warning for people to reach safety.

Geopolitical volatility – political division, at global and local levels, increases the personal threat of protests.

A longstanding area of contention for many public groups, attacks on oil and gas companies and workers are unfortunately a common course of action.

These can range from vandalism to kidnapping and even death.

Considering the intrinsic nature of these resources in global geopolitical power struggles and policy changes, the oil and gas industry fully understands that a level of individual risk through personal targeting is always a situation that must be closely monitored and mitigated as much as possible.

The industry has the utmost duty of care to reduce the threats on individuals within their organisation, particularly when working in politically unstable and isolated regions.

Operational hazards – operational hazards leave the oil and gas industry in a permanent state of alert.

In the event of an incident, emergency or crisis onboard a rig, refinery, drilling or processing plant, emergency efforts to contain the incident as fast as possible bring about a pressurised situation – the scope of protection immediately widens, leaving all but the most prepared organisations with the task of keeping track of all workers and assets across the site and mitigating the crisis.

When people’s lives are at stake, businesses must operate with a ‘no holds barred’ commitment to worker safety.

Operational resilience – there are also risks associated with current resilience systems used across the oil and gas industry.

Fragmented or siloed systems, common across organisation’s HR, security and safety functions, hide inefficiencies which inhibit a timely, effective incident, emergency or crisis response.

Without a single view of people, assets and risk, monitoring for threats is near impossible, communication is slower than it should be and oversights and errors become far more likely.

Equally, the use of multiple systems often results in data overload, where threat information is compounded without an accurate and efficient overview of risk exposure.

Often, businesses recognise these gaps only when it is too late.  

Clear steps for the oil and gas industry

While aggressive M&A in the resilience sector has promised more comprehensive, ‘one-stop’ resilience solutions, they have failed to be effectively consolidated.

The reality is that businesses are integrating individual products and not synergising them across platforms, meaning although they may look and feel the same, actionable insights between functionalities are too limited.

This dynamic fails to provide a singular view of the risk landscape, leaving businesses dangerously (and incorrectly) reassured yet, in reality, vulnerable.

There are some obvious steps that companies across the oil and gas industry need to take to defend their business and people against the barrage of risks they face.

Prioritise solutions unification

It’s clear from those in the business of keeping businesses safe that cohesion between data sources enables better decision-making.

All businesses, especially risk-driven sectors, need a greater level of interplay between platform functionalities to form a one, single view of their organisation – and everything in it.

They require an accurate, real-time digital twin.

From here, they can make decisions knowing full well they have a complete picture of the risks they face, which at once provides speed and assurance.

The key to success here lies in harmony across their systems, where core security functions work together even if individual components and tools retain some unique features.

Establishing a resilience platform that extends beyond a surface-level fix and instead unifies deep technological functionality, is vital to ensuring better business response.

Leverage a new wave of technology

Despite fears around AI application, it has changed the game for operational resilience.

AI-powered platforms are more than capable of aggregating and analysing data from sources far quicker than manual efforts can.

From here, they can be used to provide a unified view of potential threats across physical and digital domains.

These systems particularly excel at pattern recognition and predictive analytics, which help organisations anticipate and prepare for various security scenarios, diversifying preparedness efforts.

Similarly, machine learning algorithms process data from disparate security systems, identifying correlations and potential threats that might be missed by human analysts.

For example, AI systems can correlate physical access logs with network activity data to identify potential insider threats or combine weather data with supply chain information to predict and mitigate potential disruptions.

This isn’t to say that machine learning replaces human workers, rather, it’s the most significant tool revolution in their arsenal for a decade.

AI implementation still requires diligence.

AI should serve as an integrating force that automates manual processes and allows human security personnel to focus on strategic decision-making and response coordination.

Preparedness now, safety in the future

Having the right solution but not understanding the right approach is one way an organisation’s assurance in security eventually lets them down.

Organisations must develop integration strategies that prioritise operational use cases rather than technical features.

This means focusing on how security systems support real-world response scenarios rather than simply connecting systems for the sake of integration – sometimes, less is more.

Implementation should then follow a phased approach, starting with critical functions and gradually expanding outwards.

Training and skills development play crucial roles in this transformation.

Security personnel must understand the complexities of security systems to make the best use of them.

Specifically, they need to know the functions of each capabilities and how these different, components interact and support each other during incident, emergency or crisis response.

This knowledge will underpin the effective application of security tools and better coordination during incident response.

Giving oil and gas 360-degree defence

Establishing clear protocols for incident, emergency and crisis response – supported by robust resilience platforms – that account for both physical (natural and man-made) and cyber-threats will ensure safety and security is in an optimum state.

Crucially, these protocols need to be regularly tested and continuously monitored as threats emerge and existing threats transform.

Simulated scenarios at regular intervals can bring confidence to this dynamic.

The worst time to find out your resilience and security systems are not up to the task is during an incident, emergency or crisis.

The oil and gas industry must assess current resilience practices and run diligent tests to measure their efficacy in responding to all manner of threats.

From here, they must seek a greater degree of visibility from disparate data sources, synergised into a singular view of their entire risk landscape.

Then, and only then, can they gain assurance in their ability to respond effectively.

This article was originally published in the May edition of Security Journal UK. To read your FREE digital edition, click here.