In 2019, the Tatweer Petroleum Information Technology (IT) Department executed a number of strategic initiatives and work programs to improve services and harden the Company’s Information and Operational Technology against Cyber threats.
Merging of Operational Technologies (OT), or Automation, into the Information Technology department governance model has leveraged better cyber protection across both the IT and OT domains. Key strategies of instituting the merging of IT and OT domains is central to a more robust, threat free service delivery.
The Company successfully migrated the user environment to Microsoft Windows 10, which was a significant undertaking in the preparation phase, thereby minimized applications dependencies, refreshed hardware, and enabled retirement of superfluous or less efficient applications. Furthermore, the IT department successfully integrated the Exploration and GDS functions into Tatweer Petroleum in 2019.
With the rapid growth of Tatweer Petroleum’s IT/OT footprint, expansion of mission critical systems minimizing risk from external cyber threats, and the need for high availability fault tolerance systems have grown substantially in 2019. Tatweer Petroleum’s IT department has hardened and instituted fault tolerance systems across the IT and OT domain based on risk-based assessments. Major capital projects include Enterprise Resource Planning (ERP) Oracle Reconfiguration project, Maximo maintenance management upgrade including Quality Health Safety and Environment (QHSE), Electronic Documents System (EDS), Enterprise Content Management (ECM), and Field Security Enhancement Project.
Meeting best practice in controlling cyber risk across operational networks meant upgrading the Open Automation System to more resilient “Data Diode” technology to improve the OT (Automation) Cyber Security. Moreover, Tatweer Petroleum automated cyber threat intelligence infrastructure from a signature based system to a heuristic, signature based, and subscription based system, and proceeded with the removal of USB and other privileges.
Agility, Governance and Resilience are key elements in providing IT/OT services. To this end, the IT Department progressed along the governance roadmap through a number of specific standards, policies, and procedures to meet the emerging Critical IT Infrastructure Protection (CIIP) compliance models and IGA preferred model of IT Infrastructure Library (ITIL). Additionally, the new NIST cyber governance standards were instituted on all Windows 10 clients and mobility management (phone) devices.
Cloud computing and the Kingdom’s cloud first agenda have introduced significant opportunities in the area of Data Science and Artificial Intelligence. These opportunities include efficient maintenance through an Artificial Intelligence (AI) model in the cloud, predictive maintenance to leverage lower total cost of ownership to the business, lowering unplanned down time and lost production.