Cybersecurity is important for high-profile companies in all industries. Explore why cybersecurity is critical in the oil and gas industry, including the potential risks the industry faces.
The energy sector, which includes the oil and gas industry, is vital to the United States’s economic growth and national security. In March 2023, the Office of Cybersecurity, Energy Security, and Emergency Response noted that the country's “critical infrastructure is facing an unprecedented level of cyber threat” [1]. Cybersecurity is also vital to keeping energy sources such as electrical, nuclear, oil, and gas running. For example, the US Department of Energy works with oil and gas operators to protect critical energy infrastructure from current and future threats.
What are the risks of cybersecurity in the oil and gas industry? Continue reading to explore the answers and learn more about how to start a cybersecurity career to help safeguard the critical infrastructure associated with this industry.
Like other industries, oil and gas production relies on computers for various operational procedures, including analyzing geographical data, executing drilling operations, safely operating wells, and transporting products for consumer use.
The oil and gas industry also relies on proprietary information for uninterrupted operations, including protecting industrial control systems. Protecting these assets is important because the sector provides critical energy infrastructure worldwide.
The oil and gas industry also contributes to a nation’s security, fueling economic growth and job creation and helping to keep people and society stable. However, gaps in the production and distribution of oil and gas can conversely threaten production and the lives of people who rely on the energy produced by oil and gas to survive.
The sector relies on complex systems for everything from extraction and refinement to transportation and delivery, increasing potential vulnerabilities at every touchpoint. The oil and gas industry in the US and worldwide has already experienced successful cyberattacks on companies, proving that cybersecurity issues threaten the industry.
Let’s look at a few examples to highlight the industry's risks.
In 2022, a cyberattack on northern European companies disrupted cargo movement from a significant refining hub in the Netherlands' Amsterdam-Rotterdam-Antwerp (ARA) region to 11 terminals in Germany. The attack came at a time when inventory was already low in Europe, and prices were reaching record highs, putting added pressure on oil and gas markets on the continent.
The ransomware attack was similar to one on an oil and gas company in the US a year earlier. The 2021 attack on Colonial Pipeline shut down 5,500 miles of pipeline as the company attempted to contain the attack. The shutdown led to fuel shortages along the East Coast. Joseph Blount Jr., the company’s CEO, later confirmed to the US Senate’s Homeland Security and Government Affairs Committee that Colonial Pipeline paid a $5 million ransom to regain control of the files held “hostage” by the cybercriminals who attacked its IT network [2].
professional certificate
Launch your career in Human Resources. In this program, you’ll learn in-demand skills for a career as an Human Resource Associate. No degree or prior experience needed. Coursera's 2024 Learners First Award Winner.
4.8
(2,005 ratings)
84,997 already enrolled
Beginner level
Average time: 5 month(s)
Learn at your own pace
Skills you'll build:
Employee Relations, Training development, Performance Management, Recruitment, Compliance strategy, Benefit types, Compensation strategy, Pay systems, Total rewards, Business Continuity, Employee Engagement, Learning Delivery Methods, Effective Training, Training Needs, Learning Models, Legal Compliance, Risk Management, Safety Compliance, Compliance Implementation, Employee Onboarding, Job Analysis, interviewing
The demand for skilled professionals continues growing and will likely continue rising to meet evolving threats. Depending on your interests and skills, you can find various cybersecurity-focused job options in the oil and gas industry. The following list offers a few cybersecurity career options to consider.
Average annual base salary: $118,972 [3]
Requirements: Typically, a bachelor’s degree in computer science, engineering, business, or information technology at a minimum
Cybersecurity engineers plan and build systems used to protect electronic information. You might identify potential threats to systems and software and implement potential fixes to protect against hacking, cyber threats, and other security issues.
Average annual base salary: $104,683 [4]
Requirements: Bachelor’s degree in computer science or information technology
A cybersecurity analyst monitors a company or organization’s IT infrastructure to evaluate threats that could penetrate the network. You might also investigate ways to build the company’s network security and protect it from possible attacks. This position is an entry-level job that can help you get experience in cybersecurity.
Average annual base salary: $79,673 [5]
Requirements: Typically, a bachelor’s degree in computer science or a similar area of study; some employers may accept a postsecondary certificate or associate’s degree
Network administrators install and maintain computer networks and computer systems for the oil and gas company they work for. You might upgrade and repair networks, evaluate system performance, or diagnose and fix problems.
Average annual base salary: $137,876 [6]
Requirements: Usually, a bachelor’s degree is a minimum requirement in engineering, computer science, or a similar subject
A cybersecurity architect designs the systems needed to prevent and defend against cyberattacks and other intrusions on a computer system. You can also test the system for vulnerabilities or supervise security teams. As a cybersecurity architect, you help safeguard the oil and gas industry from threats and implement robust cybersecurity frameworks.
Average annual base salary: $104,123 [7]
Requirements: Bachelor’s degree at a minimum in an area of study like engineering or computer science
A penetration tester simulates attacks on a computer system to test it for vulnerabilities and weaknesses. You might work for a company or organization to test out various parts of its systems and give feedback on issues that could become liabilities for the company or places where they may need to build security for more protection.
Average annual base salary: $78,368 [8]
Requirements: A bachelor’s degree in computer science, information security, or a similar subject
A data protection officer sets up the systems protecting a company or organization’s information. The position is required under the General Data Protection Regulation (GDPR) in the European Union but is also becoming more prevalent for companies based in the US. Given the amount of sensitive data that oil and gas companies handle, including data related to employees and the business itself, the sector has a growing need to protect its data.
Average annual base salary: $85,360 [9] Requirements: Bachelor’s degree in information technology, computer science, or a similar subject
An incident response manager oversees a team responding to cyberattacks and computer crimes by investigating breaches and countermeasures. You may also be responsible for preventative work, such as identifying weaknesses and suggesting ways to protect systems from vulnerabilities.
specialization
Get on the fast track to a career in cybersecurity. In this certificate program, you'll learn in-demand skills, and get AI training from Google experts. Learn at your own pace, no degree or experience required.
4.8
(39,136 ratings)
840,197 already enrolled
Beginner level
Average time: 6 month(s)
Learn at your own pace
Skills you'll build:
Python Programming, Security Information and Event Management (SIEM) tools, SQL, Linux, Intrusion Detection Systems (IDS), Packet Analyzer, Security Hardening, Network Security, Transmission Control Protocol / Internet Protocol (TCP/IP), Network Architecture, Cloud Networks, escalation, resume and portfolio preparation, stakeholder communication, Job preparedness, integrity and discretion, Cybersecurity, Information Security (INFOSEC), Ethics in cybersecurity, NIST Cybersecurity Framework (CSF), Historical Attacks, Computer Programming, Coding, PEP 8 style guide, NIST Risk Management Framework (RMF), Security Audits, Incident Response Playbooks, Authentication, vulnerability assessment, Cryptography, asset classification, threat analysis, Command line interface (CLI), Bash
Growing operations, increasing technology adoption, and a mix of remote assets and inadequate cybersecurity controls leave the oil and gas industry vulnerable to cyber criminals. If a cybersecurity career interests you, consider these essential qualifications:
Education: You will likely need a bachelor’s degree in a technology-focused major, such as electrical or computer engineering, industrial systems engineering, computer science, or multidisciplinary engineering technology. Some positions may also require an advanced degree.
Work experience and skills: It’s vital to build work experience and acquire skills for a career in cybersecurity. You may want to consider getting an internship or gaining experience in the computer science field before moving into a cybersecurity job.
Certifications: Certifications in a specific area can help you build demonstrable skills, potentially giving you a competitive edge. For example, you could pursue options like a Certified Information Systems Auditor (CISA) or a Certified Ethical Hacker (CEH).
Embracing evolving technologies and digitization leaves the oil and gas industry increasingly vulnerable to cyberattacks. Today’s bad actors want more than just data. They also want to wreak havoc on sensitive, critical infrastructure and gain physical control of the systems.
Continue learning about cybersecurity with courses on Coursera, many of which provide resume-boosting credentials and opportunities to build in-demand skills. For example, you could check out Foundations of Cybersecurity with Google to work towards a Google Cybersecurity Professional Certificate. The program covers topics such as understanding security ethics and learning about tools used by cybersecurity experts. You can also learn more about Cybersecurity Attack and Defense Fundamentals Specialization with EC-Council on Coursera, which reviews information security attacks and the different steps of a computer forensic investigation.
professional certificate
Launch your career in Human Resources. In this program, you’ll learn in-demand skills for a career as an Human Resource Associate. No degree or prior experience needed. Coursera's 2024 Learners First Award Winner.
4.8
(2,005 ratings)
84,997 already enrolled
Beginner level
Average time: 5 month(s)
Learn at your own pace
Skills you'll build:
Employee Relations, Training development, Performance Management, Recruitment, Compliance strategy, Benefit types, Compensation strategy, Pay systems, Total rewards, Business Continuity, Employee Engagement, Learning Delivery Methods, Effective Training, Training Needs, Learning Models, Legal Compliance, Risk Management, Safety Compliance, Compliance Implementation, Employee Onboarding, Job Analysis, interviewing
specialization
Get on the fast track to a career in cybersecurity. In this certificate program, you'll learn in-demand skills, and get AI training from Google experts. Learn at your own pace, no degree or experience required.
4.8
(39,136 ratings)
840,197 already enrolled
Beginner level
Average time: 6 month(s)
Learn at your own pace
Skills you'll build:
Python Programming, Security Information and Event Management (SIEM) tools, SQL, Linux, Intrusion Detection Systems (IDS), Packet Analyzer, Security Hardening, Network Security, Transmission Control Protocol / Internet Protocol (TCP/IP), Network Architecture, Cloud Networks, escalation, resume and portfolio preparation, stakeholder communication, Job preparedness, integrity and discretion, Cybersecurity, Information Security (INFOSEC), Ethics in cybersecurity, NIST Cybersecurity Framework (CSF), Historical Attacks, Computer Programming, Coding, PEP 8 style guide, NIST Risk Management Framework (RMF), Security Audits, Incident Response Playbooks, Authentication, vulnerability assessment, Cryptography, asset classification, threat analysis, Command line interface (CLI), Bash
Office of Cybersecurity, Energy Security, and Emergency Response. “2024 Cyber Baselines: Raising the Ceiling of Energy Cybersecurity, https://www.energy.gov/ceser/articles/2024-cyber-baselines-raising-ceiling-energy-cybersecurity.” Accessed April 25, 2024.
CNBC. “Colonial Pipeline paid $5 million ransom one day after cyberattack, CEO tells Senate, https://www.cnbc.com/2021/06/08/colonial-pipeline-ceo-testifies-on-first-hours-of-ransomware-attack.html.” Accessed April 25, 2024.
Glassdoor. “Cyber Security Engineer Salaries, https://www.glassdoor.com/Salaries/cyber-security-engineer-salary-SRCH_KO0,23.htm.” Accessed April 25, 2024.
Glassdoor “How much does a Cyber Security Analyst make?, https://www.glassdoor.com/Salaries/cyber-security-analyst-salary-SRCH_KO0,22.htm.” Accessed April 25, 2024.
Glassdoor. “How much does a Network Administrator make?, https://www.glassdoor.com/Salaries/network-administrator-salary-SRCH_KO0,21.htm.” Accessed April 25, 2024.
Glassdoor. “How much does a Cyber Security Architect make?, https://www.glassdoor.com/Salaries/cyber-security-architect-salary-SRCH_KO0,24.htm.” Accessed April 25, 2024.
Glassdoor. “How much does a Penetration Tester make?, https://www.glassdoor.com/Salaries/penetration-tester-salary-SRCH_KO0,18.htm.” Accessed April 25, 2024.
Glassdoor. “How much does a Data Protection Officer make?, https://www.glassdoor.com/Salaries/data-protection-officer-salary-SRCH_KO0,23.htm.” Accessed April 25, 2024.
Glassdoor. “How much does an Incident Report Manager make?, https://www.glassdoor.com/Salaries/incident-manager-salary-SRCH_KO0,16.htm.” Accessed April 25, 2024.
Editorial Team
Coursera’s editorial team is comprised of highly experienced professional editors, writers, and fact...
This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.