Andreas Mellem, Manager IT and Cyber Security at BW Offshore.

BW Offshore receives approximately 4 million e-mails every month. More than 3.7 million of them are automatically blocked.

“A lot of nonsense, but also links to malware and security threats,” says Andreas Mellem, Manager IT and Cyber Security at BW Offshore, with reference to the vast amount of blocked e-mails.

At the online conference Security Talks 2020 Tuesday, Mellem gave insight into the IT security strategies for the global offshore company.

“IT operations in BW Offshore are complicated. We are organized with one global service desk, which serves as a single point of contact for IT support. But still, the 27 people in our IT department are well distributed between eight locations: Singapore, Oslo, Arendal, Aberdeen, Lagos, Gabon, Rio de Janeiro and Houston,” explained Mellem.

BW Offshore builds, operates and leases floating production, storage and offloading units, that is large ships for the oil and gas industry. The company is present in all major oil and gas regions and has 3,500 IT users in 30 locations onshore and offshore. This poses a lot of challenges.

“We have defined different scenarios for IT security breaches. The worst-case scenario is of course attacks on operational technology networks on offshore operating units, which could have severe consequences. To gain insight into vulnerabilities and strengths, we do penetration tests twice a year performed by a third party inside our offices. This is very useful and highly recommended”, says Mellem.

Like most companies, BW Offshore consider its employees to be the biggest security threat.

“To address this, we have mandatory cyber security training for all employees in a corporate e-learning portal. We also do Lunch and Learn sessions and generally encourage employees to speak up if they encounter something unusual of suspicious,” says Mellem.