Cybersecurity is not a one and done job.
Creating a successful cybersecurity program requires education, user buy-in and ongoing vigilance to harden a company’s cyber defenses, experts said during the Fortifying Offshore for Cyber Resilience executive dialogue May 2 at the Offshore Technology Conference in Houston.

Once end users are on board with the necessity of cybersecurity precautions, the experts said, they are far more likely to spend the extra time — and even aggravation — associated with tasks such as routine password changes and multifactor authentication than trying to find workarounds.
And sometimes gaining traction in the fight for cybersecurity requires baby steps.
Industry workers don’t question the need to “wear a hardhat and crazy heavy-duty boots” when they go on a rig because they are educated about the potential repercussions of not doing so, Lior Frenkel, CEO Waterfall Security Solutions, said.
The same frame of mind should apply to cyber safety.
“The problem here is that people are not educated about this cyber risk yet. Because when you understand the risk, you say, ‘Okay, it'll take me 10% more time or 10% more money, but it's for a good reason because these bad things won't happen,’” Frenkel said. “The most important thing is to find ways to educate and make people understand and appreciate the risk personally and for the company.”
Brian Boetig, senior managing director at FTI Consulting and former director of the FBI’s National Cyber Investigative Joint Task Force, said safety is fully ingrained in a factory’s setting. Cyber awareness should be equally embedded in the digital world.
Currently, too many people are likely to take shortcuts, he said, such as taping passwords to the underside of keyboards.
“Shortcuts kill, and shortcuts are a way to alleviate processes that were put in place to secure,” he said. About “90% of cybersecurity is really just the very, very basic stuff,” such as password changes, multifactor authentication and keeping passwords in a secure place.
Further, he said, the end user has to understand the importance of security over convenience — not convenience over security.
The focus should be on “getting the cybersecurity standards to that point that people don't question it and complain about it, like they just put on the hard hat and they put on the steel toe boots.”
And the ramifications of a cyberattack can be large for personnel, said Harvey Perriott, regional director for the federal Cybersecurity & Infrastructure Security Agency.
“If something negative were to happen, how is that going to affect the company? How is that going to affect the employees? You know, if the company, if we go out of business, guess what that means? You're out of a job. So that's why you are using multi-factor authentication,” he said. “Guess what? Your paycheck is in jeopardy. And I think it sounds crude and may come across as harsh, but it's that simple.”
Common sense
Perriott said the main threats the industry faces are criminals, nation-states and disgruntled employees.
Criminals are typically financially motivated and operate primarily via ransomware. They may not care whether that ransomware causes catastrophic damage because “‘oh well, I’m trying to make money,’” he said.
Frenkel said most cybersecurity is about good common sense: don’t give the appearance your company is an easy target.
“On the criminal side, if you look vulnerable, you’ll get hit first,” he said. “They’re here for the money. It’s their job. They want to do the least work to get their money. And so if they fail with you, they’ll look to others.”
When nation-states engage in cyberattacks, Boetig said, they might focus on data aggregation, disruption of service or lingering covertly in networks — unobtrusively vacuuming up intellectual property.
“Just understand, nation state attacks don't always mean disruption of service,” Boetig said. “Sometimes they're very, very quiet and go sometimes unnoticed.”
And even when a company understands the potential damage that can result from a successful attack, sometimes getting buy-in from companies to spend money on cybersecurity is a hard sell.
Sometimes, Frenkel said, companies understand the risks and costs of not being protected, but they’re more concerned about spending money on prevention and protection.
That can be particularly true when the spent money doesn’t bring in revenue.
But small steps can make all the difference. That means wading through the “whole big spaghetti” to focus on what’s most important to an organization.
Successfully securing a position often leads customers to expand the security efforts after they get “peace of mind that this part is now more secure.”
Baby steps, Frenkel said, are sometimes the only way to bring customers along the cybersecurity journey. But, Boetig cautioned, even when the systems start to become secure is no time to relax.
Cybersecurity is not a sure thing because threats are always mutating.
“The landscape changes so frequently” that companies need to invest in regular, routine updates, Boetig said. “It’s a process that requires constant maintenance and constant updating.”
Recommended Reading
Liberty Capitalizing on Power Generation as Completions Stay Flat
2025-01-31 - New Liberty Energy Inc. CEO Ron Gusek says company is ‘uniquely positioned’ to deliver modular units for data centers.
Diversified, Partners to Supply Electricity to Data Centers
2025-03-10 - Diversified Energy Co., FuelCell Energy Inc. and TESIAC will create an acquisition and development company focused on delivering reliable, cost efficient net-zero power from natural gas and captured coal mine methane.
Baker Hughes, Frontier Form CCS, Powergen Partnership
2025-03-03 - Baker Hughes will provide technology solutions to support the Sweetwater Carbon Storage Hub being developed by Frontier Infrastructure in Wyoming.
Enchanted Rock’s Microgrids Pull Double Duty with Both Backup, Grid Support
2025-02-21 - Enchanted Rock’s natural gas-fired generators can start up with just a few seconds of notice to easily provide support for a stressed ERCOT grid.
VoltaGrid to Supply Vantage Data Centers with 1 GW of Powergen Capacity
2025-02-12 - Vantage Data Centers has tapped VoltaGrid for 1 gigawatt of power generation capacity across its North American hyperscale data center portfolio.
Comments
Add new comment
This conversation is moderated according to Hart Energy community rules. Please read the rules before joining the discussion. If you’re experiencing any technical problems, please contact our customer care team.