IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report

IT Management In Oil & Gas 2011 Oil & Gas IQ Sector Report

IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report

IT Management In Oil & Gas 2011 Oil & Gas IQ Sector Report

"As of 2011, the amount of data mankind is able to store is at least 295 exabytes of information. That's 315 times the number of grains of sand in the world."

And how much of that information is flowing through the global oil and gas sector? In fifty years, humanity has gone from paper and punch cards to the real-time expanses of the digital oilfield.

Efficient and secure management of data and information has never been more important and process critical. The business case is self-evident: in the 21st century oil and gas world, digital asset integrity is as important as that of physical assets.

As a prelude to Oil and Gas iQ's Data and Information Management Online Summit, we'd like to share with you some of our work in the oil and gas IT sphere.

Tim Haidar, Editor In Chief, Oil & Gas IQ

In The Wake Of Stuxnet: The Importance Of Improving SCADA Systems By Tim Haidar, Editor In Chief, Oil & Gas IQ

As an increasing number of organisations across the planet implement supervisory control and data acquisition (SCADA) systems in order to improve control, the threat of these being exploited continues to grow.

For many firms, a key challenge is therefore ensuring that change is effectively managed with seamless upgrades and optimising the SCADA system to ensure that threats are countered with advanced security measures.

The need to stay as up-to-date as possible was recently highlighted in China when a security researcher at NSS Labs disclosed a critical vulnerability in a popular SCADA software package used in China.

However, according to the researcher in question, Dillon Beresford, he has also discovered similar holes in other SCADA applications used in the country, and says a lack of transparency within the nation on matters related to computer security may make it difficult to get these vulnerabilities addressed.

He told Threatpost that the frailties discovered in the KingView HMI Human Machine Interface (HMI) software by Beijing-based firm Wellintech was just one of many others he has uncovered while testing Chinese SCADA software in the lab.

Furthermore, he intends to disclose these holes after working with the software makers and China's Computer Emergency Response Team (CERT) to prepare patches for them.

CONTD>

IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report

In The Wake Of Stuxnet: The Importance Of Improving SCADA Systems By Tim Haidar, Editor In Chief, Oil & Gas IQ

<CONTD

In his initial blog posting after discovering the hole, he said: "By disclosing the vulnerability to WellinTech, CN-CERT and US-CERT I am confident that I have done the right thing. I was only trying to help and assist with the issue affecting KingView.

"I might have prevented a catastrophic event from taking place. As an example, one need not look too far into the past to reflect on what happened with Stuxnet, which was essentially a bundle of zero-day exploits inside a worm."

Some of the key issues facing many firms is standardising security for SCADA systems and protocols, establishing secure SCADA systems in an integrated environment and implementing methods to counter security risks.

This is clearly something which needs to be addressed as soon as possible, as far as Mr Beresford is concerned.

He told Threatpost that he has been analysing Chinese SCADA software in his free time and described the KingView hole as a "heap overflow vulnerability" which exists in a software module that listens for and processes incoming log events from the HMI software, and is also used to create visual representations of data flows between different machine components.

According to the expert, the heap overflow vulnerability exists in versions of the KingSoft software running on most supported versions of Microsoft Windows and would enable a remote attacker to take full control of a vulnerable system running the software.

He was keen to stress that issues such as these can affect almost any organisation, particularly as many industry leaders are currently focusing on how they can build risk management processes into system changes and security policies and develop new security protocols and best practices to secure smart grids and SCADA systems from external attacks.

Mr Beresford said he hopes that releasing data on the vulnerability prompts some action on the part of China CERT and Wellintech.

On a broader scale, it may encourage organisations across the planet to consider how they can boost the security of their SCADA systems and have strategic planning processes in place before implementing changes to these systems.

For these organisations, avoiding the kind of holes found in the KingView HMI will be top of the agenda as they seek to avoid unnecessary expenditure and maximise control.

IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report

Terrorism 2.0 - Is Coffee Still More Important Than IT Security? By Tim Haidar, Editor In Chief, Oil & Gas IQ

In April of 2009, the Wall Street Journal reported that the US National Power Grid had been infiltrated by cyber attackers and was vulnerable to future digital incursions.

Amidst a barrage of media criticism and headlines like "Cybersecurity: Is the U.S. Government doing enough?" SCADA systems were firmly in the spotlight and the Obama administration ordered a "top-to- bottom review" of electronic infrastructure systems in the US.The 2009 invasion, was not by any means the first in regards to cyber security breaches affecting critical systems.

As early as 1992, a disgruntled Chevron employee managed to disable emergency alert protocols spanning 22 states in the contiguous USA. In 2000, hackers in Russia managed to seize control of Gazprom's entire natural gas pipeline network, and 2003 saw the Slammer and Blaster computer worms shutting down safety systems at Ohio's Davis-BesseNuclear Power Station's for 5 hours, and contributing to a the blackout of the North-Eastern American that affected 55 million people in the US and Canada.

It was after this combination of events that America's first "Cybersecurity Czar", Richard Clarke, stated: "If you spend more on coffee than on IT security, then you will be hacked. What's more, you deserve to be hacked.“

Fast-forward to July 2011 and the Stuxnet computer worm infected vital systems controlling the Iranian nuclear reactor at Bushehr and up to 12 million computers and many thousands of essential infrastructure systems across China. If there needed to be a wake up call for energy companies across the world as to the danger of SCADA system, Stuxnet was it.

Just prior to the Stuxnet attacks, the US Senate started discussing the Protecting Cyberspace as a National Asset Act of 2010, whose advocates decried "the federal government's efforts to secure cyber networks" as "disjointed, understaffed, and underfinanced", stating that: "wecannot wait for a cyber 9/11."Senator Joel Lieberman of Connecticut professed that: "This bill was prompted by growing concerns that public and private sector networks have become increasingly vulnerable to attack from cyber warriors, spies, criminals and terrorists.“

While incidents like Stuxnet highlight the possibilities of a "Digital Armageddon", the probabilities of such an event are still remarkably slim.

To date, not a single person has died as a result of cyberterrorism, and we must believe that the international terrorist's motive is still to kill and maim and not cause digital disruption.While Terrorism 2.0 represents a huge threat in the Information Age, it is simply not as logistically feasible or impactful in the short-term as conventional terrorism for extremist purposes. Although an alleged "Al Qaeda Online" cell was discovered in 2003 to have SCADA systems information relating to dams in the US, there has been no solid evidence of a concerted attack plan then or since.

Post-Stuxnet, the prevailing mood of preparation for imminent attack does seem to be prudent if not a little alarmist in nature. Be under no illusion, coffee is now a secondary consideration for oil and gas companies.

IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report

Data Management Q & A - Just What Is Most Important? By Tim Haidar, Editor In Chief, Oil & Gas IQ

As a prelude to Oil & Gas iQ's Data Management For Oil & Gas Online Summit, we spoke to two past speakers, and one who will be presenting this July, about the biggest challenges they face in the industry at the moment.

Mohamed El-Harras, Information Technology Division, Abu Dhabi Gas Development Company

Q. In your opinion, what is the most significant data network management challenge facing operators in the oil and gas industry?

Data & information management is facing many challenges:

• Exponential data growth and terabyte-sized operation and project data sets • Aliening business needs and technology expenditures to ensure the appropriate level of performance, protection and availability • Removing dependency on individuals • Data and information Integration • Data Islands: that is to say, data that is available in silos and scoops • Dealing with too many data formats: AutoCAD, Micro station, Excel, Word, scanned images, paper media…etc. • Data retrieval: in other words, the lead time to bring ‘data to desktop’

Q. Could you tell me more about how data centralisation facilitates information consistency and accuracy across the entire organisation?

Data centralisation facilitates data consistency and accuracy as It:• Eliminates data duplication • Offers a single source of truth for accurate data

Q. In which area of data and information management would you say lays ADGDC’s strength?

Data and information management offers the required information for solid decisions for all areas within the corporate sphere, especially within operations, maintenance, engineering and technical projects.

CONTD>

IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report

Data Management Q & A - Just What Is Most Important? By Tim Haidar, Editor In Chief, Oil & Gas IQ

Sandeep Kundu, Geoscience Data Manager, Reliance Industries

Q. In your opinion, what is the most significant data network management challenge facing operators in the oil and gas world?

For any solution we need the synergy of technology, people and processes. In the area of data and knowledge management we have more than enough state of the art technology implemented in form of tools and products.

The major challenge is to develop well defined processes and in having people who realise the importance of these processes and carry forward the task of putting these into proactive practice towards effective data and knowledge management.

Q. Could you tell me more about how business intelligence (BI) benefits E&P information management and business decisions?

Business success depends on good decisions, which in turn is driven by accurate and timely information. Business Intelligence is a critical component of an enterprise information management strategy. BI is nascent in the E&P business, and is seen largely as a game-changer that can significantly reduce resource engagement in making efficient and accurate decisions.

Essentially, good BI helps E&P departments turn data into useful and meaningful information and then distribute the information to those who need it, when and where needed, so timely and better informed decisions can be made.

BI allows E&P organisations to aggregate data from a variety of sources enabling better informed and timely decisions in the following areas:

• Business performance and emerging opportunities. • Real-time access to operational activities and results. • Confidence in the quality of data in master stores • Ability to manage KPIs• Proactive response to positive and negative changes • More focus on analytics rather that data search and organisation • Improved compliance to regulatory authorities

CONTD>

IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report

Data Management Q & A - Just What Is Most Important? By Tim Haidar, Editor In Chief, Oil & Gas IQ

< CONTD

Q. Is there anything else you would like to be featured in the interview?

Indeed, there are areas in BI that need special address:BI from structured data is well understood and tools to address their cause are in abundance. However, deriving BI from unstructured data is a major challenge. Unstructured data lies scattered across the company in silos. Their conversion into a structured catalogue in specificity to the business process design is critical in achieving a transactional ECMS (electronic document management system) on which BI tools can reside to enable better decision making.

Sulaiman K. Al-Mazroua, Supervisor, IT/ Communications Operations Dept, Saudi Aramco

Q. In your opinion, what is the most significant data network management challenge facing operators in the global oil and gas business?

Every information technology organisation such as the business enabler in Saudi Aramco, faces a main challenge to meet business expectations. It requires high bandwidth through reliable and secure media, best-in-class applications and innovative solutions for the company to meet the world demand for oil and gas. The target is always high availability with continuous performance improvement.

Q. Could you tell me how Saudi Aramco effectively manages their data networks and how that contributes to the overall performance of the organization?

Managing a network with the level of heterogeneity and complexity of Saudi Aramco requires us to establish a customised approach that merges ISO, ITU-T and service provider models under one unified framework that works the best for Saudi Aramco. Also, tremendous efforts were put in place to align the organisation with ITIL recommendations and most importantly to evolve from system management to a business focused role. For that Saudi Aramco empowered its network management portfolio with a variety of tools - from high level service monitoring portals to deep packet inspection tools - in order to sustain high availability and a top performance network.

IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report

INTERVIEW: Matthieu Lamy on Document Controllers As A Fulcrum For Knowledge Management Hosted By Tim Haidar, Editor In Chief, Oil & Gas IQ

WHITE PAPER: The Importance of Data and Document Management To The Oil and Gas Industry By Mohamed El Harras, Lead Engineer (Systems & Data Management) ADGAS

In this podcast with Oil and Gas IQ, Matthieu Lamy, Document Control Manager at Talengi tells us about the importance and evolution of the document manager, the place of document management systems in the oil and gas sector and where the document manager will be in the coming years.

In a world that is more and more saturated with structured and unstructured information and moving inexorably towards the digital oilfield, just how important is data and document management in the 21st century oil and gas sector?

Additional Resources

IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report

15 global data, knowledge and information management authorities from the world’s most pioneering energy companies LIVE at your desktop

The oil and gas industry is a data-intensive business, and as the move towards the digital oilfield accelerates, companies are having to effectively deal with more and more information.

This poses the challenge of what to do with this information, how to ensure it is placed at the fingertips of the right people at the right time in the right format to ensure the right outcomes.

Over the past five years, Oil & Gas IQ has answered these questions by facilitating Data and Information Management Summits around the world. In the process, it has developed a well- earned reputation as the industry’s leading facilitator of information on this subject.

This experience has led to this brand new online event format which will allow us – for the first time – to unite the leaders in data and information management in one online event, allowing you to gain access to the most sought-after solutions to the challenges you face.

These experts will cut through the clutter and share their insights into what’s really required to make your information management strategy both successful and sustainable.

Each of the presenters at this unique online event believe they have a story to tell, a lesson to share, or a case study to highlight which can help you achieve one of these core objectives.

So, if you combine this practical focus, with the level of expertise on offer, combined with an agenda which fits around your schedule – can you afford to miss this opportunity?

This essential online event begins on July 18, and runs until August 1, 2011, and represents a revolutionary way of knowledge transfer and information exchange without you having to leave your desk - click here to find out how it all works.

Register today to make sure you are able to claim the best possible rate.

We look forward to seeing you online.

Gain maximum value from the increasing volume of data generated by today's oil and gas business

Preview The Presentations >>

Get your Early Bird discount Now

Event Highlights How it Works Agenda

FAQ’s Pricing Isn't it time?

Meet Your Speakers Early Bird Sale!! Register Today

IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report

Gain maximum value from the increasing volume of data generated by today's oil and gas business

Preview The Expert Speaker Panel >>

Get your Early Bird discount Now

The Highlights

We know there aren’t enough hours in the day as it is, so that’s why we have designed this unique event to deliver the world’s leading data and information management strategies direct to your desk. That means no travel, no time out of the office, no prohibitive costs, but most importantly, no disruption to your already busy schedule.

Among the highlights:

• Understand the challenges and practical steps you can take to achieve best-practice in data management across multiple countries from one of the core members of CHEVRON’s global Upstream IT organisation

• Benchmark your organisation's information management and knowledge management frameworks as SHELL'S head of Information Management and its head of Knowledge Management outline what a successful KM strategy needs to include from design to operation

• Ensure your teams are able to retain ownership of data - even as more processes are automated - by learning from the industry-leading experience of STATOIL's leading Exploration Data Management advisor

• Gain an essential insight into how you can design and implement a winning data and information management system by learning from international case studies from KUWAIT OIL COMPANY and SAUDI ARAMCO

• Ensure you are up to date with the very latest efforts to standardize data and information management activities by hearing cutting-edge insights from ENERGISTICS, INTERNATIONAL ENERGY FORUM, CDA, and PIDX

• Discover how document management and data-information exchange can enhance your business with illustrative case studies from GDF SUEZ & TOTAL

Event Highlights How it Works Agenda

FAQ’s Early Bird Sale!! Isn't it time?

Meet Your Speakers Pricing Register Today

IT Management In Oil & Gas2011 Oil & Gas IQ Sector Report

The Agenda –

15 Exclusive Interactive Sessions

Your Expert Speaker Line Up

Event Highlights How it Works Agenda

FAQ’s Early Bird Sale!! Isn't it time?

Meet Your Speakers Pricing Register Today

Get your Early Bird discount Now

•Delivering best-practices in data and information exchange in KOC while ensuring knowledge management excellence

•Statoil's global licensing project: Taking ownership of your data management

•Creating the Data Foundation for the Digital Oil Field

•Combining knowledge management with data and information management to ensure you retain experience for the future workforce

•Driving data management competency development in the oil and gas industry

•Mastering information management: optimizing the handling of structured and unstructured data

•SOA for G&G: How to provide collaborative workflow environments for upstream E&P

•Developing and maintaining collaborative technologies using open data exchange standards for the upstream oil and natural gas industry

•Optimizing data network management to enhance communication within the organization

•A roadmap for document control and information management on major engineering projects in the energy business

•Overcoming the challenge of implementing enterprise warehouses in upstream oil and gas

•Taking a global approach to data standardization: JODI, data transparency, and what it means for you

•Data management: Getting to grips with the legal issues

•All of us are smarter than any of us: What are we learning from the lessons of others?

•Increasing data and information management benefits through the use of PIDX downstream standards