It is evident that the proper functioning of our critical infrastructures is a necessary pre-requisite for a
healthy economy and the well-being of our citizens.
In Cyprus, we have not experienced until today (at least we don’t know about it) any major cyberattack. We shouldn’t however sit back and relax. It only needs to happen once and the results could be
devastating. Unfortunately, if we have an incident, the recovery process is both lengthy and costly.
I am sure that the Telecomms Commissioner will explain the national plans of Cyprus with regard to
protecting our national infrastructures as well as the country’s response plans.
I want to focus a little bit on the oil&gas sector which is at its infancy here in Cyprus. Offshore oil&gas
exploration started in 2008 and is becoming more and more intense. As you all know we have licensed
5 Blocks in the Cyprus Exclusive Economic Zone and we have recently announced another licensing
round for 3 more Blocks. We are also moving to production as we are discussing the monetization of
the Aphrodite gas discovery with the Block 12 Contractor.
It has been reported that in 2015, the majority of oil and gas industry firms (more than 82%) were
targeted by cybercriminals. More than half (53%) of these companies state that they experienced an
overwhelming upsurge in attacks.
Cyber-attacks on oil&gas activities, if successful, could have severe effects not just on the industry but
also on the environment, public health and safety, and even national security.
Analysis has identified multiple points of vulnerability. These are attacks on the industry’s physical
infrastructure, the disabling of critical systems and the theft or corruption of information or the
prevention of its dissemination.
A 2014 report issued by the US Department of Homeland Security’s Industrial Control Systems Cyber
Emergency Response Team (ICS-CERT) suggested that we should combat these threats through
boundary protection, information flow enforcement, and remote-access control.
Inadequate boundary protection can create avenues that allow outside parties to interface with
systems and devices that directly support a company’s control processes. Insufficient control of
information flows, can allow attackers to establish unsanctioned and damaging communications, using
a company’s channels, ports, and services. And weak control over remote access, can create many entry
points for unauthorized interfacing with a company’s control-system devices and critical components.
The oil&gas companies operating in Cyprus must also invest in the development and application of new
protection methods to safeguard their operations in the entire value chain, that is corporate, upstream,
midstream and downstream activities.
Ladies and Gentlemen,
Bear in mind one thing: The greatest vulnerability is lack of understanding of the issue.
And I am sure that this Conference will increase our awareness about cyber threats, their effect and
how to protect ourselves by protecting our critical infrastructures, IT and OT.
In concluding, I wish to thank and congratulate the organizers for this initiative and wish you all fruitful
deliberations.
Thank you!
2/2