Client Confidential
Client Confidential
Client Confidential
Client Confidential
Producing guidance on cyber security best practice, including risk management
Conducting focused industry studies on cyber security risk
Facilitating a structured approach to information sharing, including risk information, incident reporting and supply chain risk information
Standardising approaches to common activities across the industry
Client Confidential
Client Confidential
The core objectiveof this study:
To bring insight to the UK Oil and Gas industry to support entitiesassisting the Oil & Gas industry to effectively balance themanagement of cyber security risk and business innovation, and,where possible, bring consistency to the approach to cybersecurity and supporting areas of investment.
Client Confidential
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Client Confidential
Cyber Security Landscape Cyber Security Roadmap Key Challenges
Defining the current state of cyber security within the UK O&G industry. This section is broken out across three areas of focus: • The Threat Context• The Regulatory Context• Cyber Defence
The cyber security roadmap defines a set of key activities and objectives that the industry, with support from the OGTC, is delivering in the short, medium and long term.
This section details the thematic challenges seen across the industry as well as proposing ways that the OGTC can support the UK Oil and Gas Industry in managing them.
Pages 9-17 Pages 18-23 Pages 24-33
Client Confidential
Client Confidential
Client Confidential
Client Confidential
Client Confidential
Client Confidential
•
•
•
•
Client Confidential
Client Confidential
Client Confidential
•
•
••
•
•
•
•
•
•
•
•
•
Client Confidential
Client Confidential
•
•
•
Client Confidential
Client Confidential
Client Confidential
Client Confidential
Client Confidential
Client Confidential
Understanding and managing cyber risk
Securing the supply chain
Sustaining a high-performing security
team
Keeping pace with the rate of business change
Organisations struggle to determine and quantify their exposure to cyber risks. Security leaders are restricted in their ability to report on exposure to influence senior stakeholders.
Supply chains are getting bigger, more complex, and more essential to critical business processes.This trajectory is increasing cyber risk in the supply chain whilst restricting organisations’ ability tomanage those risks.
Skill gaps are present across the industry and the pipeline for future talent is not strong enough tosupport the increasing demand for theseskills.
Security is struggling to keep pace with business initiatives aimed at delivering new digital technologies
1
2
3
4
Client Confidential
•
•
•
•
•
Client Confidential
•
•
•
•
•
•
•
•
•
Proposed Solution Firs t Steps
•
•
•
Client Confidential
•
•
•
•
Client Confidential
•
•
•
•
•
•
•
•
•
Proposed Solution Firs t Steps
•
Client Confidential
•
•
•
•
•
Client Confidential
•
•
•
•
•
•
Proposed Solution Firs t Steps
•
•
•
•
•
Client Confidential
•
•
•
•
Client Confidential
•
•
Proposed Solution Firs t Steps
•
•
•
•
Client Confidential
Client Confidential
Client Confidential
Client Confidential