The September 2019 strike on Saudi oil production facilities and the subsequent market response suggest that a new era of infrastructure risk management has arrived for the oil industry. To manage the emerging threat landscape, asset owners in the petroleum industry should consider borrowing best practices from military strategy. Adopting a systematic, strategy-linked approach to assessing threats to petroleum value chains can help build the robust processes that an asset owner must have in order to vet the diverse risks posed to an asset portfolio in today’s evolving threat environment.
Regardless of what expert analysis eventually reveals about the actors behind the strike on Saudi oil assets, the incident starkly demonstrates that the same digital technology that helped the oil industry emerge profitably from price declines of recent years also threatens its physical assets. Digital technology has leveled the physical security playing field. At a cost of less than $20,000, state and nonstate actors alike can now access the technology necessary to destroy or impair equipment critical to the global crude oil supply chain. A buyer with a credit card and an Amazon account, a drone pilot with a week of training, and a technician with undergraduate-level STEM training can now arm a destructive device and launch it toward a target.
Consider the math. A top-performing agricultural drone, priced at just $10,000 on the market, can carry a 10-kilogram payload at 8 meters per second for up to 10 minutes. This is sufficient to deliver a mounted anti-materiel rifle or 10 kilograms of explosives nearly 5 kilometers from the launch point on a one-way trip.
The old financial and logistical barriers to attacking assets and inflicting market-moving damage on the world stage are gone. Regardless of the specific entities responsible for the Khurais and Abqaiq attacks, the rise of technology has made it easier than ever to target energy infrastructure in pursuit of political or economic ends. In response, oil companies should build the capabilities and establish the processes necessary to identify and mitigate facilities risks at a much-elevated level of sophistication. The results of such risk management analyses should receive board-level visibility and inform portfolio-level decisions by directors on strategic steering and corporate exposure.
The attack on Saudi oil-producing facilities comes at a time marked by three important geopolitical and market trends:
Historically, the importance of the oil industry to the GDPs of oil-producing nations and the importance of supply surety to their oil-consuming counterparts acted as a guarantee of state-sanctioned military action in response to politically motivated attacks on oil infrastructure. But the rise of nonstate actors and proxy warfare on the global stage has altered this equation. Picking a target for military retaliation is difficult when the perpetrators blend in with the civilian population after an attack. In response to the decline of effective supply-chain security assurances by governments, oil companies must act on their own behalf—not by developing offensive capabilities, but by reassessing the calculus they have used in the past to prioritize and harden physical assets.
Few nations have the flexible oil production capacity or stored reserves necessary to restore market equilibrium quickly in the wake of a major crude supply disruption. OPEC spare capacity, a measure of system slack in the global balance of oil supply and demand, was already relatively low before the September 2019 strikes. While prestrike OPEC spare capacity was making progress toward average post-2000 levels, average spare capacity over the four quarters before the attacks remained approximately 30% below the long-term average (See Exhibit 1.)
The market’s response in the wake of the attacks is telling. The impacts on Brent and WTI prices were similar; evidently, the rise of onshore shale production capacity in North America has not created a short-term buffer for crude supply disruptions. This is largely due to market complications such as egress constraints and stepped break-even costs by basin.
Global crude markets remain highly correlated. Directional price changes are driven by the same fundamental supply–demand equilibrium, while index spreads are driven by differing costs of logistics and conversion or dilution. Increasingly, the rise of globalization means that local conflicts affecting local supply curves translate into market disruptions felt around the world. Now, more than ever, it is in the collective interest of the oil industry’s asset owners to act cooperatively to enhance crude infrastructure security.
The ultimate impact of today’s rising global tensions is unclear, but an international pullback from multilateralism seems to be underway. This trend is significant because only when nations cooperate can the complex international contractual agreements common in the energy sector come to fruition and remain effective. Since 2000, the number of global conflicts has risen by 37% even though the number of interstate conflicts has remained low. (See Exhibit 2.) The type of conflicts trending up most significantly—civil wars with third-party participants—appears likely to affect the energy industry, since foreign fighters seem less likely than local combatants to be concerned about preserving critical infrastructure. The parallel decline of international multilateralism means that conditions are not conducive to effective conflict resolution.
The World Economic Forum’s 2019 Global Risks Report states that recent trends away from multilateralism run the risk of “creating blind spots, undermining global stability, and limiting the capacity to respond to cross-border challenges.” In such a climate, oil companies should prioritize taking a fresh look at their approach to physical asset risk mitigation so they can properly evaluate the security of their valuable capital assets.
The rising threat to petroleum industry assets should serve as a call to action for oil companies worldwide. But what actions should they take? For answers, competitors should adopt best practices from military strategy and planning.
The S3 framework for risk mitigation can serve as the stem from which an asset owner’s security solutions grow. The three components of the S3 approach are scenario design and analysis, simulation, and strategic solutions. (See Exhibit 3.) Although many asset owners already engage in some or all of these practices, revisiting their rigor, frequency, and integration is sure to provide benefits.
Companies should adapt long-established scenario analysis practices within the petroleum industry to help companies mitigate the ever-evolving threats facing petroleum industry infrastructure.
Scenario analysis should become an input into the governance and budgeting of the physical security of an oil company’s infrastructure, including all major infrastructure associated with the company’s end-to-end value chain. Annually, at a minimum, the company should assign scenario design responsibilities not to crude asset managers, but to experts in conventional and insurgent military tactics. Accessing such expertise is typically best achieved on a contractual basis to ensure proficiency; the most important selection criterion for this critical skill is recent real-world threat management expertise in hot spots around the globe. Access to the right top talent in this area can spell the difference between success and failure in ensuring scenario realism. The fast pace of change that enables potential threats to capitalize quickly on new digital technology calls for the participation of specialist expertise into asset risk scenario design and analysis.
The high-profile nature of infrastructure threat analysis and the implications of getting it wrong dictate that board-level directors should have an opportunity to provide framing guidance on scenario design and to provide feedback on the resulting scenario analysis. Involvement across the S3 framework enables a company’s board of directors to responsibly steer and safeguard the long-term performance of assets and operations under their purview.
Just as a rig team practices emergency procedures to mitigate risk in the event of a real-world catastrophe, an oil company should put its desktop scenario design and analysis into real-world practice through simulation. And just as scenario design and analysis benefit from unconventional participants, so does the simulation element of the S3 risk mitigation framework.
Responsibility for pressure-testing the results and probabilities used in scenario analysis should fall to a “red team” dedicated to employing both conventional and insurgent tactics against energy infrastructure. The results of these activities and incursions should be closely monitored for safety and neutrally refereed by a disinterested third party. A red-team approach to simulation ensures the continuous injection of fresh thinking into the roster of infrastructure threats evaluated, and the inclusion of a neutral referee ensures fair and accurate assessment of the outcomes of simulation pressure tests. Realistic and evolving simulations are essential to validating the design and analysis of desktop risk mitigation scenarios.
Results from red-team simulations give corporate executives a key opportunity to gain insights into the strengths and susceptibilities of their infrastructure assets. Companies must establish a clear path for transmitting simulation results directly to senior leadership rather than risking the dilution of simulation results as they slowly filter upward through midlevel managers. The board of directors that originally endorsed threat scenarios for pressure testing by simulation should be the ultimate recipient of simulation results. A sober review of these results empowers senior leadership to proceed to the next step of the S3 framework: developing and prioritizing strategic solutions in response to infrastructure risks.
As an asset owner’s board of directors reviews the results of scenario analyses and simulations, the board’s primary challenge shifts to identifying and prioritizing actionable solutions to mitigate asset-specific risks along the petroleum value chain.
Companies must be proactive rather than reactive. They cannot simply wait for regulators or legislative bodies to dictate industry-wide safeguards in response to each new attack. To act effectively, asset owners can employ an event-driven infrastructure threat risk assessment framework that juxtaposes the likelihood that an attack will occur with the P&L impact of a successful attack and with the threatened infrastructure’s importance to overall corporate strategy. (See Exhibit 4.)
If this risk assessment framework is to succeed, solution development must be robustly informed. In the absence of changes to traditional scenario analysis and simulation borrowed from the best practices of military strategists, a company’s roster of potential infrastructure threat events may remain only partially populated, and the probability assumptions for these events are likely to be insufficiently pressure-tested. In contrast, robust deployment of the full S3 risk mitigation framework delivers proper inputs to an event-driven infrastructure threat risk assessment. It also establishes a critical link to strategy that supports difficult prioritization decisions related to resourcing the physical security of an oil company’s infrastructure.
At this point in the S3 framework cycle, an asset owner’s board of directors faces a series of important decisions. Simulation-vetted scenario analysis culminates in a list of asset-specific strengths, susceptibilities, and implied threat outcomes. With this data in hand, an asset owner’s directors have the information they need to make critical decisions about tailoring governance and budgeting of infrastructure physical security to mitigate the risks to a company’s assets. If the board concludes that a specific asset is exposed to risks that are uneconomic to mitigate, or that a company’s portfolio of asset risk exposure exceeds corporate risk tolerances, it can make portfolio-shaping strategic decisions to steer portfolio-level risk back within tolerances through acquisition or divestiture.
A changing world increasingly places our global energy infrastructure in the crosshairs of violent state and nonstate actors. In response to this rapidly evolving threat environment, petroleum industry asset owners that adopt the S3 framework should view that framework as offering an opportunity for continuous improvement of infrastructure security, consistently factoring in the latest infrastructure threats and corresponding risk mitigators.
At many points along the S3 framework’s cycle, an outside-in view can offer distinct advantages to asset owners. Both scenario design and analysis benefit from continuous injections of new thinking about potential threats. Simulation roles such as red teams and referees best serve asset owners when they bring a strong independent voice that is beholden to the corporate interests of the board of directors rather than to the interests of individual assets. S3-framework-enabled decisions related to portfolio strategy and the triage of limited mitigation resources across an energy infrastructure portfolio often benefit from neutral facilitators who have experience supporting similar processes across the energy industry.
Implemented properly, the S3 framework and its foundations in military strategy can help asset owners along the entire petroleum value chain minimize market disruptions and safeguard the critical infrastructure on which our society has come to depend.