The second day of the Egypt Petroleum Show (EGYPS 2019), held on February 12, was enriched by an exclusive Safety in Energy Conference that discussed partnership as basis for employee and critical assets security; cyber-security threats in the value chain; best practices in contingency and security planning; and the future of oil and gas security in the region.
Partnerships for Employee and Critical Assets Security
Building effective partnerships and facilitating stakeholder engagement are important components for oil and gas companies to protect their employees and critical assets in their operating countries. A necessary practice for creating partnerships, before starting ground-level operations, is to engage local stakeholders, environments, and communities. “It is important to know who the people are, [and] what is going on the ground early. The idea is to be preventative and proactive versus being reactive to mitigate possible risks,” said Bruce Basaraba, Head of HSSE at Dana Gas.
Additionally, local communities need to “understand the reason you are there, that what you are doing is not just for the benefit of you and your customers, but it also benefits them,” said Sam Botros, Vice President and Chief Security Officer at Baker Hughes, a GE company (BHGE). Working with suppliers and with local governments is also effective if the company wants to maintain a consistent supply chain.
Cyber Security Threats in the Value Chain
All oil and gas companies must consider cyber security attacks and cyber security must be achieved along all value chain’s phases. Hassan Hafez, Egypt Country, IT Manager at Total, said that “the challenge is that most of the business stakeholders and the top management concentrate on how to deliver a successful digital transformation without giving enough attention to cyber security.” He also stressed that the team driving digitalization must be aware of cyber security measure alongside the digitalization shifts.
Commenting on preventative technology, especially on the company culture, Jay Abdallah, Global Director of Cybersecurity Solutions at Schneider Electric, pointed out to the importance of spreading the culture of “enablement”. Both proactive and reactive strategies are needed to mitigate risk, and although these may be time consuming and exorbitant financial investments, the cost of breach to a company is far more detrimental.
Interactive Roundtable on Contingency Plans and Crisis Management
Two merged roundtables led by Hossam Amr, Head of Security (Egypt, North, East Africa and Levant Cluster) at Schneider Electric in Egypt, and Richard Reed, Head of Corporate Crisis and Continuity Management at Saudi Aramco, discussed experiences and shared best practices on contingency plans, crisis management and critical emergency responses.
Hossam Amr mentioned the unrest experience occurred in Egypt in 2011. During the Egyptian revolution, “people were prevented from the ability to move to power supplies, and expats had to be evacuated”. That is why, developing effective contingency plans and sound security system can certainly minimize vulnerability.
Additionally, communication, flexibility, and training management need to be more aware, choosing a team who can handle the crisis pressures, and well-built business continuity plans are recommended best practices. Security experts and companies should engage the internal and external resources positively to strengthen protective measures in instances of a crisis.
When crafting contingency plans, proper risk assessment should occur first; understanding where the risk is, knowing where the critical assets are, and intentional team selection was cited. There are no set rules for dealing with dynamic security issues that may range from a geopolitical unrest to cyber-attacks. However, the contingency plans should have a structured approach and -methodology that maintain a degree of elasticity and not paralyze the organization.
Finally, relevant stakeholders should approach the formation of security plans, understanding how different internal and external elements are interrelated for a complete contingency and security plan.
The Future of Oil and Gas Security in Egypt, North Africa and the Mediterranean
Threats to the oil and gas industry include volatile landscapes, changing geopolitical conditions and increased sophisticated cyber security threats. That is why, the technology role in providing security to the entire value chain must be balanced to empower employees to face possible threats.
Security threats are increasing, hence CEOs and managers, as well as the company’s employees, must foster a protective security culture to mitigate risk. “Security is a process that must be put in place everywhere and must be implemented whether there is risk or not,” said Alfio Rapisarda, Senior Vice President for Security at Eni.
Additionally, panelists stressed the importance of engaging with the local governments. Localized attacks on pipelines, for instance, need the positive “intervention from us and the government”, said Amr Elsherbini, CEO Security Assistant and the Egyptian General Petroleum Corporation (EGPC).
Elsherbini cited experiences in Egypt wherein companies are actively working with governments, police, and military as they operate across the country. A balance must be struck between mitigation plans addressing physical ground level threats and cyber security threats.
Cyber security and technology advancements are critical for security concerns. While cyber security issues were managed by IT departments in the past, now it is approached in a more holistic way by companies. Understanding where the risk is coming from and what is being targeted is a priority. “Technology is a component of a wider solution, it enables people to focus more strategically and may be made to work in wider work setting,” said Botan Osman, Managing Director at Restrata.