Visure Solutions

Start Free Trial

Agile Product Development & Cybersecurity and Risk Challenges in the Oil, Gas & Energy Industry

Podcast December 13, 2022 10 AM PST

Table of Contents


Visure Solutions had the privilege to interview the well-known Geoffrey Cann for our Requirements Engineering Podcast. In this discussion, we covered many topics such as digital innovation and cybersecurity in asset development, with expertise provided by Cann himself. He also gave examples to illustrate these concepts more clearly for the listeners. Here are some key takeaways Cann shared throughout our conversation that you can learn from this interview:

  • How to design teams for Digital Innovation in the Oil & Gas Industries
  • How organizations have to adopt a hybrid development method, which includes agile and waterfall
  • The top risk management challenges in the Oil & Gas Industries, including cybersecurity; and how to mitigate those risks
  • Both the short and long-term challenges the oil and gas industry faces
  • and much more!

Who is Geoffrey Cann?

Geoffrey Cann is an author, speaker, and trainer of the Oil and Gas industry. Following an early career with Imperial Oil, he joined Deloitte. In his 29 years at Deloitte, he carried out several hundred consulting assignments worldwide. Eventually, he led many businesses, services, and industry programs. Today, he specializes in digital innovation, produces a weekly article and podcast on digital issues in energy, and teaches an executive course on digital awareness.

He published his first book, Bits, Bytes and Barrels: The Digital Transformation of Oil and Gas, in January 2019 in which he talks about digital innovation and cybersecurity risks in the Oil and Gas Industry. He is also a contributing author for Machine Learning and Data Science in the Oil and Gas Industry: Best Practices, Tools and Case Studies, released in March 2021. Geoffrey is the independent Director on the Board of Adappcity, a blockchain start-up, and is an advisor to several digital technology companies in such areas as artificial intelligence, blockchain, cloud computing, robotics, and the internet of things.

What is Digital Innovation?

Digital innovation refers to the use of digital technologies and processes to create new or improved products, services, or experiences. It involves taking advantage of advances in technology to develop innovative solutions that can help businesses stay ahead of their competition and remain competitive in an ever-changing market. Digital innovation requires a combination of creativity, technical know-how, and collaboration between teams within an organization. By leveraging modern tools such as machine learning, natural language processing, augmented reality, cloud computing, and artificial intelligence (AI), companies can gain a competitive edge by creating new experiences for customers and developing more efficient ways to conduct business operations.

Cann refers to digital innovation as the introduction of digitally-driven ways of working in an enterprise. According to Cann, there are three elements of digital innovation:

  • Digital Foundations – Organizations need to rethink the foundation of their company in order to embrace more digital tools that are compatible with cloud computing and ubiquitous network. This includes discussing the organization’s net worth, database, etc.
  • Capabilities – Organizations that succeed, try to automate their processes by only utilizing a few select capabilities such as big data, collecting and categorizing information, the internet of things (IoT), artificial intelligence, and robotics. A great example of this would be Tesla’s autonomous capabilities. 
  • Ways of Working – Where the requirements are at such an interesting angle that they touch on how work gets done in heavy industries. The waterfall method is typically followed in heavy industries whereas the technology industries are much more on the end of iterative cycles and rapid development cycles. 

Geoffrey believes that digital innovation is about embracing the above three things. He also believes that the first two are about the foundations and the capabilities, and thus, one can easily buy or outsource them. But if you want to think or be like a literal digital organization, you must change the ways of your work. Furthermore, since changes are an inseparable part of the world, you will also have to think about how to embrace those changes and your ways of working in order to stay ahead of the competition.

How would Cann describe these “Ways of Working” in the Oil and Gas Digital Innovative World?

The waterfall method, used for heavy industrial designs, has been perfected over the years. There are various tools and methods existing to support those learning it. And this is how most big industries work – energy companies, oils & gas companies, railroad companies; any company involved in heavy manufacturing or mining typically adopts this approach They tend to see great outcomes using this model but because it takes so much time commitment upfront without being able to adapt well to changes later on down the line. Therefore, in case there are some changes partway through the development cycle of your asset, the waterfall method does not allow you to go backward and rectify things in order to embrace the change. Once the asset moves beyond the designing phase and into the development or delivery phase, it can be super expensive to go back and make changes. 

The digital world is constantly changing, and it can be difficult to keep up. However, since the digital world relies heavily on software, it is easier to change and adapt as needed in a way that industries that don’t use technology cannot. This births a lot of challenges in the heavy industry as it is not clear whether to stay on the waterfall approach or move to agile iterative models. Cann used boilers as an example. He stated that it would not be logical to use agile when one thinks “Let’s organize our engineering teams and re-create boilers!”. It would make more sense to apply agile when creating an interface between the boilers and the users. 

Agile Vs Waterfall Approach In the Oil and Gas Industry

The oil and gas industry is known for its long-term projects, and when it comes to managing them, there are two main approaches: Agile methodology and Waterfall methodology. Both of these methodologies have their own advantages and disadvantages when it comes to oil and gas project management.

For instance, the Waterfall approach is more suitable for large projects with a clear scope that requires intense planning in advance. This approach works best when the activities involved in the project are well-defined and there isn’t much need to make changes during the course of operation.

On the other hand, Agile methodology works better for smaller projects with shorter timelines as it emphasizes flexibility and adaptability over detailed planning. In this approach, teams can move quickly and make changes as needed.

For Cann, it was once plausible for industrial companies to say that they could not digitize due to being in an agile environment, but Cann believes this is no longer the case. With computer technology becoming more and more affordable, we can now digitalize anything – even boilers. The digital capability that is attached to your physical asset makes it possible for digital innovations or iterative development. Therefore, the world would become more hybrid. It will not be one OR the other, but rather both Waterfall AND Agile.

What are the Top Risks Faced by the Oil and Gas Industry?

Many governments have strict policies regulating the oil and gas industry, yet there are surprisingly few cybersecurity guidelines or frameworks from either governmental or non-governmental organizations. Furthermore, some people in the industrial sector might tend to underestimate the importance of cybersecurity for fields such as Oil and Gas. They may reason that IoT devices used in operations (like sensors monitoring valves) wouldn’t be appealing targets for hackers in the same way a bank’s network would be. In an industry like Oil and Gas that has an integrated upstream and downstream supply chain, cyber risks and incidents can have a disastrous “domino effect.” Standards and frameworks can help reduce these threats.

Given that technology is always changing the business landscape, a well-known Oil and Gas company has been investing in technology and automation. In addition to this, they’ve put money into the Industrial Internet of Things (IIoT), which links their offices, rigs, and refineries – as well as its entire supply chain and retail locations all over the world. This smart investment is due to the fact that we now live in a connected world. This company’s suppliers are also in tune with its enterprise technology vision. Even though these relations and dependencies create terrific efficiencies, they might also present possible weaknesses.

Cann mentions that there are two kinds of cyber challenges:

  • Intentional Cyber Failures– Imagine a guy in a black hoodie in a dark basement typing furiously on his five-faced monster computer with that signature devilish smirk on his face. Those are intentional cyber attackers. These types of people deliberately try to do harm and are difficult to track since their motives could be anything from making money to causing chaos. Cyberattacks like this are one of the top concerns for businesses today.
  • Unintentional Cyber Failures – This is a far bigger challenge in the digital world. In this type, a person is not exactly a cyber actor or is not intentionally trying to create a cyber problem. But by their virtue or actions, they create a cyber incident. This can have several ramifications in your facility. 

Cybersecurity is a two-fold problem – external and internal. External cybersecurity threats are ones that can be quite harmful because we can see them happening to other people or businesses. However, the internal threats – even if they’re not malicious or intentional – are actually much worst and unfortunately, happen more often.

Another problem with the cyber world is that the more we roll out digital capabilities into the industrial lands, the bigger playground we create for the attackers to play. Simply put, the more we digitize the world, industrial and otherwise, the larger the surface area we give hackers to attack. In other words, there are more opportunities for cyberattacks.

Techniques to deal with Oil and Gas Cyber Risks:

There is a plethora of techniques the companies can follow to mitigate these cyber risks. According to Cann,

  • A good one is Ethical Hacking. Ethical Hacking is simulating a cyber attack in order to test an organization’s detection and recovery mechanisms. You would provide a malicious actor with a task or assignment, directed at revealing your company’s weak points, allowing you to plug the holes in your digital security. A trusted friend can help you carry out this process by playing the role of the hacker. 
  • Cann also suggests that, at the design level, cyber thinking be put in from the beginning. It’s like the old saying goes, “It’s better to be safe than sorry.” So, with this type of technique, you would bring in cyber experts during the designing process so they can help identify points of vulnerabilities. 
  • A professional requirements management tool, like Visure, is useful for risk management when it comes to cybersecurity. The tool would give you the right metrics needed to generate safety-based requirements during the design phase.

Other Challenges in the Oil and Gas Digital Transformation

One of the industry’s primary concerns is that the general planning cycle takes a long time. For example, companies will construct something and it’ll remain operational for two decades without requiring any modification. This lack of change creates big risks.

Another risk area would be designing assets that are not resilient to climate challenges. The Japanese Nuclear Explosion, for instance. The risk here is that the power supply was significantly damaged by the reactor explosion. 

Considering the risks is essential not only for those in the digital world but all industries. Forming creative solutions to these problems is how we can gracefully adapt to change over time. 

Cann gave the example of a fighter jet to explain his theory. Imagine a fighter jet that hasn’t changed in 20 years – what happens then? No military pilot would want to fly it because he/she would want the latest weaponry systems and radars. Therefore, we must keep that aircraft not only airworthy but also safe and productive with the latest technology over the years. Other industries tend to build things and then just leave them as-is. This isn’t an effective way to deal with infrastructure, especially when it comes to planned obsolescence. We have to think differently about how we manage our resources if we want to overcome this challenge. 

Environmental Risks as an Oil and Gas Industrial Challenge

Environmental risks are a major industrial challenge due to their potential consequences and the difficulty of controlling them. Environmental risks can arise from natural causes, such as floods or earthquakes, but they can also be caused by human activities. Such risks include air, soil and water pollution; contamination of agricultural products; damage to fragile ecosystems and biodiversity loss; global climate change; and depletion of non-renewable resources that may lead to resource scarcity. As environmental issues increase in scale and complexity, companies must take measures to mitigate these risks in order to protect their investments and reputation. 

Cann begins by discussing ESG, which stands for Environment, Social, and Governance. The ‘E’ environment is more important than the other two topics combined. This environment includes aspects such as air pollution, water contamination, and land destruction. Also included are impacts on wildlife and other problems that arise from industrialism. All of these things must be considered when designing anything relating to the industry. 

Let’s take oil and gas companies for instance. We are aware that oil and water have a well-known tendency not to mix, so oil companies often use water to transport oil underground. Water is also used in fracking, as well as in creating steam to heat oil reservoirs or extract oil. Finally, water is used to separate oil from Dromoland sandstone. 

Therefore, water is a large problem here. Not only is it expensive, but people are also quite sensitive to water because putting water underground can cause micro-tremors making it feel like an earthquake. So, you need to get the proper government permit, or else there will be chaos. 

Industrial Challenges and Requirements Management

Requirements are key in any industrial asset development. They need to be specific and appropriately time-managed so that the design phase can flow smoothly. Without accurate requirements management, millions of dollars and countless hours could easily be wasted. 

Cann took the example of an Oil Company in Alberto. Somehow the facility forgot to provision their settling pond. What could forgetting something as basic as a settling pond be if not a breakdown in the requirements? It means that the requirements process was somewhere broken.  Henceforth, requirements management and requirements tracing are absolutely vital. As the old saying goes, “Devil is in the details”, right?

Reasons for Such Breakdowns And Steps to Avoid Them

There is no specific reason for such issues. But the absence of an appropriate information planning infrastructure in the project where each of these requirements is developed, traced, and recorded can be an expensive mistake.

Another potential cause for failures or missed opportunities could be poor organization. When an organization juggles multiple contractors, stakeholders, or engineering firms, each with its own methods, things can become incompatible and slip through the cracks. 

Even if a company Infrastructure is available to break requirements documents into more manageable tasks for different teams, it can still be daunting. This is because there are often tight deadlines and an overwhelming number of documents and teams. When all these factors come together, they create a significant challenge. The lack of investment is what hinders development and deemphasizes the importance of requirements. 

And there is no “cure-all” kind of solution for this issue. Though some may debate it, regulations play an important role. They develop a set of rules for industries that organizations must follow in order to get their assets approved. 

Cann took the example of a horrific rail disaster that happened a few years ago. An oil-transporting train from a western oil base to the Canadian east coast stopped for the night in a small town. Sometime during the night, the brakes of the rail slipped and the train went down the hill into the town. The speed caused it to jump off the tracks when it hit a bend in the river and then exploded. In that incident, more than 40 people lost their lives. Later, the government found out that the rails being used to transport oil were single-walled and thereby prohibited their use in the railway system.

Oil and Gas Industrial Standards

ISO certifications for the oil and gas industry include:

  • ISO 9001: This international standard provides guidance on how to establish and run an effective quality control program. When followed, it can lead to better products and happier customers. Furthermore, the ISO 9001 standard is compatible with other management systems such as ISO 14001.
  • ISO 14001: ISO 14001 is an environmental management systems standard that benefits businesses by reducing their ecological impact and ensuring they’re legally compliant. This system helps you control the environmental aspects of your work, including maintaining records and implementing processes to prevent pollution.
  • ISO 50001: Adhering to ISO 50001 is an international standard for energy management in organizations. Its framework optimizes a company’s energy consumption. Being certified under ISO 50001 displays that you are up-to-date with compliance legislation, considered an industry leader, and dedicated to enhancing your energy management skills.
  • ISO 45001: The ISO 45001 standard is the leading safety measure for occupational health and safety. It helps to control factors in the workplace that could harm employees’ health and well-being, reducing the chances of accidents, injuries, or other harms occurring.
  • ISO 27001: Confidentiality, availability and legal compliance of information are ensured by ISO 27001. It’s the international standard for information security management systems. Vandalism, theft, and cyberattacks are some of the dangers that certification to this standard protects against. Nevertheless, ISO 27001 will not cover General Data Protection Regulation (GDPR).
  • PAS 2060: PAS 2060 is the only international standard for carbon neutrality. Many companies strive to become carbon neutral, and certification to PAS 2060 will help your company demonstrate this through measuring, reducing, offsetting, and documenting its progress. This standard builds upon the principles of ISO 14001.
  • ISO 55001: Companies with many expensive assets will find the management tips in ISO 55001 very helpful. It outlines a system for asset management that reduces risk and analyzes performance to help businesses expand.
  • ISO 37001: By implementing ISO 37001 into your company’s systems, you can help to prevent bribery and resolve any issues that may arise. This standard is an international one that builds off of other management system standards, such as ISO 9001.
  • ISO 22301: ISO 22301 is an international standard for business continuity management systems. It helps businesses recover from emergency events and provides a framework for preparing for, responding to, and recovering from incidents that disrupt usual business operations. It also establishes measures to prevent these interruptions.

Benefits of Oil and Gas Industry Regulations

Implementing industry regulations has several benefits. The most important of these is safety. Regulations ensure that facilities are designed and operated in such a way that minimizes the risk of accidents or disasters. Ensuring that companies follow guidelines, also reduces the cost of failure and repairs due to negligence or ignorance on the part of operators.

The various benefits of oil and gas industry standards include:

  • Enhanced Revenue – Your oil and gas company can profit more by using efficient workflows, asset management, and sustainable practices. 
  • Improved Efficiency – Quality Management Systems, such as ISO 9001, are designed to increase your efficiency by regulating the quality of your products or services. 
  • Guarantee Employee Safety – Adhering to occupational health and safety standards such as ISO 45001 protects your workers from potential injuries while handling raw materials. 
  • Boost Suppliers Relationships – By becoming certified under Oil and Gas ISO, you will help improve communication and relations with your suppliers. 
  • Better Use of Sustainable Practices – ISO 14001 and other environmental standards help you refine your company’s policies to planet-friendly practices, which is trending in the Oil and Gas Industry. 
  • Pinpoint Improvement Opportunities – Before you can become certified, you first need to take a close look at your business processes and identify ways to make them better. 
  • International Standards Compliance– Since ISO standards are recognized globally, your suppliers and customers will know that your company is committed to efficiency and streamlined operations.

Successful Vs Unsuccessful Oil and Gas Projects: What sets them apart?

The successful ones are hard to see as successful until they are known to be running for a while and meeting all their performance objectives. From the project sense, successful companies are the ones that meet the owners’ ultimate expectations sets like timely delivery, quality outcome, budget, and safety. 

In other words, a project is successful if it reaches its goals and benefits the client. Therefore, the success of any given project lies in its goals. To accurately measure a project’s success, we must have well-defined objectives to compare against clear criteria that show whether these goals were met.

Visure Requirements ALM Platform for Oil and Gas Industry:

Visure Requirements ALM Platform is an innovative software solution designed to help oil and gas companies manage their requirements throughout the entire product lifecycle. It provides a full-featured, easy-to-use interface that helps teams quickly identify, trace, and monitor changes in the requirements process. The platform also enables users to track compliance with Oil, Gas, and Energy Industrial Standards such as IEEE 1547-2018, FMEA, NERC Critical Infrastructure Position (CIP), and more.

Over the years, Visure has developed various customizable templates to keep all your requirements, best practices, and information centralized in the Oil and Gas Industry. Visure also helps with many essential requirements management practices such as end-to-end traceability, change management risk management bug and issue tracking test management, and more.

Visure’s Automated Checklist makes it easy to manage compliance without all the manual hassle keep a track of everything, so you can focus on what’s important. This way, you can base your design and improvement of your review process around these checklists, which are known to be more reliable.

In other words, by using our product, you’ll be able to increase productivity and alignment among team members. This is done through features such as end-to-end traceability, reusing requirements for different projects, and measuring the quality of requirements with AI – all automatically.

At Visure, we also understand how difficult it is for energy technological organizations to keep up with the digital age while also using legacy tools. That’s why we’ve made it a priority of ours to include easy-to-import and export features from legacy tools such as IBM DOORs as well as a simple migration feature.

Furthermore, with Visure you can utilize the best import and export features from MS Office Word & Excel. You can also promote collaboration across the supply chain by using ReqIF for Data Exchange- an international standard.

By accessing these features and integrations with top-tier industry solutions, you can save time by avoiding the need to manually rework requirements through multiple roundtrip interactions. This process is lossless and duplicates free. With our platform, you can verify that all requirements are met, no matter where they come from.

Visure also helps in simplifying the process of building complex and high-quality products in the Oil and Gas Industry with verified and validated requirements to help you comply with applicable regulatory requirements by combining risk analysis and requirements management in a single solution.

Utilizing Failure Mode and Effects Analysis (FMEA) allows you to precisely estimate the risk associated with FMEA metrics. Once you identify the risks with your risk analysis tools, you can import the results into Visure and link high-risk requirements to those onwards.

This platform helps organizations save time and money, while also ensuring their projects comply with industry standards. It provides a comprehensive suite of features that empower teams to quickly trace and monitor changes throughout the development process. Additionally, it helps ensure compliance with regulatory bodies and standards, allowing oil and gas companies to stay competitive in today’s market. Visure Requirements ALM Platform is an invaluable tool for any organization looking to streamline processes and ensure all project requirements are met.

Final Thoughts by Geoffrey Cann

According to Cann, it is very important when dealing with things such as energy transition, decarbonization, and the expenses we put into new assets like gas plants, nuclear facilities, solar & wind/other renewable resources, to build them better. A way to do that is using the new innovative tools in the market for stuff like tracing requirements all the way through the development cycle. Sophisticated requirements management is a useful solution to ensure that you don’t forget or miss anything only to find out things like “Ohh! We forgot the plumbing in the new home!”. 

Where Can You Find Out More About Geoffrey Cann?

You can find more about Geoffrey Cann on his website and subscribe to his weekly article series about Digital Transformation in the Oil and Gas Industry. You can also access Cann’s Podcast, ‘Digital Innovations in Oil and Gas, via iTunes, Amazon, Spotify, iHeart Radio, Stitcher, and YouTube. You can also find out the details about his publications – Bits, Bytes, and Barrels: Digital Transformation in Oil and Gas and Carbon, Capital, and The Cloud: A Playbook For Digital Oil and Gas.


In conclusion, regulations are essential for the safety and efficient operation of any industry. They ensure that companies comply with standards, reduce risks, and provide consumers with uniform products or services. Furthermore, proper requirements management is essential to ensure a successful project outcome. Successful companies meet their performance objectives on time and within budget while unsuccessful ones fail to do so. Therefore it is important for businesses to prioritize these processes when dealing with different projects such as energy transition and decarbonization. Finally, digital innovation tools can help organizations manage requirements more effectively in order to avoid costly mistakes.

Don’t forget to share this post!

IBM Rational Doors Software

The High Cost of Poor Requirements Management

June 06th, 2024

11 am EST | 5 pm CET | 8 am PST

Louis Arduin

Louis Arduin

Main Speaker

Impact & Solutions for Inefficient Requirements Management

Explore the significant impact that inefficient requirements management practices can have on project costs and timelines.