Securing Oil and Gas in a Converged World: Key Takeaways From SIA’s Vertical Insights Symposium

By SIA on June 25, 2026 |

The oil and gas sector remains a cornerstone of critical infrastructure—powering economies while facing an increasingly complex risk landscape. At the Security Industry Association (SIA) Vertical Insights Symposium on oil and gas security, industry leaders, technology experts and public-sector stakeholders explored how organizations are adapting to address the convergence of physical security, cybersecurity and operational technology (OT).

Across the expert-led panels, a clear message emerged: safeguarding modern energy operations requires a holistic, integrated approach—one that prioritizes collaboration, resilience and forward-looking technology strategies.

VIDEO: Vertical Insights Oil and Gas Security Symposium

The Expanding Threat Landscape

As oil and gas operations become more digitally connected, the attack surface has expanded dramatically.

“Information technology and operational technology are increasingly enmeshed, but our approach to them isn’t always as integrated,” noted Matt Drummond, special agent at the Federal Bureau of Investigation.

This lack of integration can create dangerous gaps. Speakers highlighted how OT environments—such as industrial control systems and supervisory control and data acquisition (SCADA) networks—often fall into a gray area of ownership between cybersecurity and physical security teams. These systems can become attractive targets for both cybercriminals and insider threats.

Recent incidents like ransomware attacks on critical infrastructure underscore the stakes. As Drummond emphasized, OT must be viewed as a potential vector for cyberattacks, not just a physical asset.

Legacy Infrastructure Meets Modern Risk

One of the most persistent challenges facing the sector is aging infrastructure. Many facilities rely on systems designed long before today’s threat environment—in fact, as Brooke Bastin, integration solutions specialist at ASSA ABLOY Door Security Solutions pointed out, the newest refinery in the United States was built about 40 years ago.

Outdated hardware and software—sometimes lacking basic security features like encryption or patching—create vulnerabilities that are difficult to address without disrupting operations, and “downtime is simply not an option” with critical infrastructure, as Nick Moyer, vertical market leader at SAGE Integration, said.

As a result, organizations must balance modernization with continuity—often pursuing phased upgrades rather than full “rip and replace” strategies.

Convergence: Breaking Down Silos

A dominant theme throughout the symposium was the need to dismantle organizational silos. Historically, IT, OT and physical security teams have operated independently—but that model is no longer viable.

“I’ve sat in meeting rooms where OT and physical security teams … had never met,” Bastin shared, highlighting the cultural barriers that still exist.

Speakers emphasized that effective security now depends on cross-functional collaboration, including shared visibility into systems, joint incident response planning and integrated platforms that unify data across domains.

Moyer summarized this shift succinctly: “Visibility drives collaboration … once all teams come together, those silos start to disappear.”

Similarly, Duncan Riley, CEO of EPIC iO Technologies, stressed the importance of a holistic environment where operational and security priorities are aligned.

The Rise of Data-Driven and Predictive Security

Another major trend highlighted at the symposium is the growing role of artificial intelligence (AI) and analytics in improving situational awareness and decision making.

“AI is helping industry move from just monitoring events to predicting and preventing them,” said Riley.

Advanced analytics can now:

  • Detect anomalies in real time
  • Reduce false alarms
  • Identify behavioral patterns that signal risk
  • Enable predictive maintenance and incident prevention

Joe Morgan, segment development manager, critical infrastructure at Axis Communications, described how AI enables “higher-precision anomaly detection” and provides early indicators of potential issues.

These capabilities are particularly valuable in large, distributed environments where human monitoring alone is insufficient.

Resilience Over Response

While prevention remains a priority, “the shift is from response to resilience, “as Andy Thompson, chair of the American Fuel and Petrochemical Manufacturers Security Committee, said, highlighting the importance of ensuring operations can continue despite disruptions.

Modern resilience strategies extend beyond physical redundancy to include:

  • Cyber resilience (e.g., network segmentation, zero-trust architectures)
  • Distributed control systems and microgrids
  • Backup and recovery capabilities for OT systems
  • AI-enabled forecasting and risk modeling

Morgan noted that resilience now encompasses “cyber resilience, OT networks, AI-driven anomaly detection and cloud-enabled recovery,” reflecting a broader, more integrated approach.

Securing Remote and High-Risk Environments

The industry is shifting toward identity-centric models grounded in zero-trust principles—where access is continuously verified based on context, behavior and authorization.

Access control strategies are also evolving rapidly, driven by both technological advancements and emerging threat vectors. Traditional methods—such as badges or keys—are increasingly seen as insufficient.

As Shayne Spears, end user business development manager, critical infrastructure at HID, explained, “A badge… that’s not an identity—it’s a token.”

Key trends include:

  • Mobile credentials and biometrics that tie access to individuals rather than objects
  • Dynamic access controls that adapt to role, time and location
  • Least-privilege access to reduce insider risk

This shift is especially critical in environments with remote or uncrewed sites, where traditional oversight is limited. In remote, harsh environments with limited connectivity, organizations are deploying:

  • Edge computing to process data locally
  • Hybrid architectures combining on-site and cloud capabilities
  • Exception-based monitoring that focuses on critical alerts
  • Integrated sensor ecosystems (video, access control, IoT)

Riley underscored the importance of scalable, resilient solutions tailored to field conditions.

Key Takeaways for Security Leaders

Throughout the symposium, several overarching principles emerged:

  • Integration is essential: Security systems must work together across IT, OT and physical domains.
  • Identity matters: Organizations must move to verified, contextual identity solutions.
  • Visibility drives better decisions: You can’t secure what you can’t see—unified data platforms are critical.
  • Resilience is the new benchmark: Organizations are judged not just on response, but on their ability to sustain operations and prevent incidents.
  • Collaboration is a force multiplier: Breaking down silos enables faster, more effective security teams.

As Bastin highlighted in closing, “Don’t meet your operational technology people for the first time after the boom.”

Looking Ahead

The oil and gas industry is at a pivotal moment. As threats grow more sophisticated and interconnected, security strategies must evolve accordingly.

Success will depend on organizations’ ability to unify people, processes and technology—creating adaptive, intelligence-driven systems capable of protecting critical operations in an increasingly uncertain world.

SIA’s next Vertical Insights Symposium will focus on standards and guidance shaping airport security. Registration and event archives are available at on the SIA website.

Want even more on this topic? You can watch the full symposium here.

In creating this blog, content from the Vertical Insights Oil and Gas Security Symposium was summarized using large language models and reviewed by human editors.