The oil and gas industry is “waking up” to the potential scale of threats posed by cybersecurity vulnerabilities of offshore infrastructure, according to risk management group DNV.

A combination of fast technological progress and new concerns around the security of energy installations in Europe after the damage to gas infrastructure last summer has brought focus on how companies and operators can assess and manage information technology-related risk.

“Investment is lagging in operational technology security,” Shaun Reardon, principal cybersecurity consultant at classification society DNV, told Upstream during the Offshore Europe 2023 conference in Aberdeen.

“Oil and gas operators are waking up to the scale of the cybersecurity threat.”

Since the Nord Stream incident in 2022 — when the Nord Stream 1 and 2 gas pipelines linking Russia to northern Germany in the Baltic Sea were damaged by a series of explosions — concerns about the security of energy assets have come to the fore.

Offshore facilities can be a prime target when it comes to cybersecurity vulnerability as well, highlighting that the risk may be less visible compared with the Nord Stream sabotage incident but equally disruptive, Reardon said.

Risks in this sphere include drones flying over facilities that could be carrying out surveillance activity, gathering data or jamming equipment to interfere with the functioning of the infrastructure.

“The industry should understand that affecting a single operation can have ripple effects across entire larger supply chains,” he said.

The energy sector skills shortage is adding to this vulnerability, as it “exacerbates the lack of in-house cybersecurity skills”.

Reardon said cybersecurity risk is a concern for investors. The scale of the threat is holding back lending, and improved regulation on cybersecurity could unlock new financing to the industry, he said.