A drone strike on Saudi oil pipelines. A cyber-attack on an African national oil company. Two explosions on oil tankers in the Gulf of Oman. Security is critical to the integrity and continuity of any oil and gas or power and utility operation.
Disruptions are costly and deadly. The threats are becoming ever more dangerous and complex. For the first time ever, Africa Oil & Power hosts a special focus Energy Security, led by Energy & Natural Resource Security, Incorporated.
Africa Oil & Power’s CEO, Guillaume Doane, speaks with C. Derek Campbell, CEO of Energy & Natural Resource Security, on the importance of African governments and companies protecting their energy infrastructure and natural resource assets.
We are talking about doing the first-ever panel on Energy Security at Africa Oil & Power. You have been to all our Cape Town conferences in the past and you understand what we stand for. What do you want to achieve through a panel discussion on energy security in Africa?
Several things. Energy Security is inextricably tied to the narrative of “Africans leveraging their own natural resources for the benefit of Africans”.
One of the things that are going to make that a reality, is to include the protection of critical energy infrastructure and/or natural resource assets as a part of the development plan to leverage these assets for monetary purposes.
A challenge to this goal, for example, is that stakeholders take final investment decision (FID) on projects and security is only thought of in terms of risk to the capital – not a physical or cyber risk to the project.
When you talk to an investment house about de-risking a project, the first thing they talk about in an Africa project is squeezing the time horizon on investment to get a return on investment (ROI) over a three-year period rather than a ten-year period – for example. This approach guarantees the investor gets their projected returns; however, the operator is left to his own devices to manage and ensure a fruitful and fully functional project.
Whether he survives or not is immaterial to the investor. That puts projects at risk because Company X that wants to monetize crude asset Y is worried about paying off its investor and not about monetizing the asset writ large from an operational standpoint over the long term.
Right, it is a narrow view of risk and not understanding that the security of physical assets is being neglected.
Exactly. If you ask me what I want to have to happen, I want to educate Africans about the need to have proper physical, cyber, and technical security solutions in place for their Critical Energy Infrastructure and Natural Resource assets – not only to mitigate risk, but also to make sure they can achieve resiliency and maintain continuity of operations.
Throughout Africa today you have Oil & Gas and Power & Utility operations that are vulnerable to a multitude of risks. Today, many Nigerian oil & gas operators cannot fully monetize the assets they own, whether they are operating an oil well or a pipeline for example. Why? At the end of the day, they have vandalism, theft, terrorism, and criminal activity that impacts everything they do for all their operations. Without having the right physical, cyber, and technical risk-mitigation solutions in place, they cannot control that asset. It is just not achievable – thus impacting their bottom-line.
How do you get oilfield operators to understand the importance of balancing those interests?
First, you give global examples, of how assets are impacted by these physical, cyber, and technical threats – to include financial impacts. Second, you provide specifics about threats/attacks that have happened in their own backyard. Issues like the physical attack in Algeria on their gas plant, the physical theft that happens in Nigeria, the oil and gas assets taken out in South Sudan years ago. A ransomware attack in Angola a month ago. You start by providing real-life examples.
Do you feel that recent attacks and tensions in the Middle East have yet again brought security back into the forefront of people’s minds when making investment decisions?
Absolutely. More importantly, these events provide an understanding that risk-mitigation is more than just some security guards and an antivirus software protection package. There must be a holistic security component to your daily operations. The issue is about having an integrated surveillance and monitoring activity that lets a stakeholder detect, deter and respond to these acts that come against their asset, both in the physical and cyber realms – on and offshore.
If you look at energy and natural resource extraction activities in the U.S., this type of protection is at the forefront of how they develop and maintain all of their operations. In Africa, this is at best an afterthought.
Your company has always said that it is more than about just protecting your asset: it is about the continuity of operations. The question being, ‘How much is it worth to you to spend to ensure your operations are never interrupted?’
That is correct. That also impacts your insurance premiums as well as the money invested in the project – regardless of the project is greenfield or ongoing.
If you can deploy 21st-century risk mitigation solutions, the case can be made to the insurers to lower the premiums on your projects. The same case can be made to investors about giving operators better rates on capital raised for projects. Deploying the proper 21st-century security solutions improves the bottom line for Energy and Natural Resource operations, ensuring greater chances of project success for the African stakeholders who operate and maintain them.
Discussion about this post