Presented by:
Editor's note: This article appears in the new E&P newsletter. Subscribe to the E&P newsletter here.
For many companies working in the oil and gas sector, operational risk management has been guided primarily by compliance with regulations. On the surface, this seems like a reasonable approach. After all, regulations are not arbitrary. They have been developed to address specific issues, and quite often the introduction of more stringent regulations is the result of incidents that reveal weaknesses in the status quo. Regulatory guidelines set expectations for established risks, but there are no such guidelines for emerging risks that arise as technology within the industry evolves.
After the Ocean Ranger semisubmersible sank on the Grand Banks offshore Newfoundland in 1982, the Canadian government reorganized to provide better oversight, emergency training became mandatory, rig designs were improved, and search and rescue equipment was upgraded. Similarly, the Piper Alpha disaster in the U.K. North Sea in 1988, which resulted in 167 people losing their lives, led to the U.K. Offshore Safety Act 1992, making companies responsible for securing the safety, health and welfare of offshore workers.
Regulations are developed methodically to address specific issues, and as they mature, they improve operational safety. Compliance is nonnegotiable, and companies invest in programs that meet regulatory requirements because it is a prerequisite for doing business. When there are no regulations in place, however, managing operational risk becomes more complicated. The expense is not required, so investment in risk management must be weighed in terms of cost and benefit. Instead of being the cost of doing business, risk management becomes an issue of return on investment.
The rapidly changing operating environment compounds the operational risk management challenge. Digitization is a case in point. Oil and gas companies have invested heavily in digitization to capture real-time data, which can be leveraged to facilitate operational insights. Knowing more about how equipment is operating not only enables faster and better decision-making, but it allows companies to better maintain physical assets.
Unfortunately, while improved data-gathering enhances the ability to manage assets and resources, it also broadens the interface between IT, which focuses on data, and operational technology (OT), the computing and communication systems that manage, monitor, and control physical devices and industrial operations. The increasing number of contact points between IT and OT being introduced by technologies that expand interconnectivity to improve operations creates a dramatically larger attack surface for potential hackers.
According to an IBM Security report, “X-Force Threat Intelligence Index 2020,” this breakdown of system segregation has opened the door to cyberattacks on industrial control systems, with the number of incidents increasing more than 2,000% from 2018 to 2019. In fact, in 2019 the number of events targeting OT assets was greater than the sum of the incidents recorded in the previous three years.
It is evident that cybersecurity has become a business imperative, but regulations lag behind the pace of change. Deterring cyberattacks and managing cybersecurity are critical, but the way forward is anything but clear for a lot of companies.
The best course of action in many cases is to obtain the support of engineering and risk management experts who can objectively evaluate the company’s status and work within its culture to develop solutions that support safer, more reliable assets and operations. That means assessing the regulatory landscape and ensuring the company is prepared for impending changes. It means asking probing questions about connectivity and data usage and introducing artificial intelligence and machine learning solutions.
There is much at stake in this “new normal,” and the conditions continue to change. How successfully a company manages its operational risk will be a key factor in determining its future profitability and growth.
RELATED CONTENT FROM ABS:
May 13, 2021: How to Deliver Data-driven Value to Offshore Operators
Nov. 13, 2020: Digital Predictive Analysis for Remaining Life of Offshore Assets
Recommended Reading
Appeals Court Rules in Favor of FERC-Permitted Indiana NatGas Line
2025-01-08 - “As night follows day, an environmental challenge follows the approval of a natural gas pipeline,” a Court of Appeals, D.C. Circuit panel said in ruling in favor of a Boardwalk Pipeline expansion project.
Exclusive: Arbo Monitoring Courts, Congress Amid Energy Policy Shifts
2024-12-09 - Chip Moldenhauer, CEO and founder of energy analytics company Arbo, gives insight into regulatory impacts the energy sector should watch for entering 2025, in this Hart Energy Exclusive interview.
Analysts: DOE’s LNG Study Will Result in Few Policy Changes
2024-12-18 - However, the Department of Energy’s most recent report will likely be used in lawsuits against ongoing and future LNG export facilities.
Manufacturers Urge FERC to Study Gas Pipeline Capacity Needs
2025-02-04 - Heavy industry is the first to be impacted when there is inadequate supply of natural gas, the Industrial Energy Consumers of America (IECA) argued in a letter to federal regulators.
TotalEnergies, FERC Reach Agreement in Long-Running Case
2025-01-10 - TotalEnergies will pay $5 million to settle a case where neither the company nor the government says they were wrong.
Comments
Add new comment
This conversation is moderated according to Hart Energy community rules. Please read the rules before joining the discussion. If you’re experiencing any technical problems, please contact our customer care team.