This November in Texas, an event will take place that few could have imagined twenty years ago: the 20th edition of the API 2025 Cybersecurity Conference for the Oil and Natural Gas Industry. The fact that this event has endured for so long is no coincidence. Its history runs parallel to the evolution of the threats it seeks to combat.
In 2005, when SCADA systems were only beginning to connect to the internet and talking about “cyber warfare” seemed exaggerated or even like a science fiction movie, this forum already brought together experts who, amid uncertainty, understood the strategic value of protecting industrial control systems. Today, the conference has become the meeting point where the energy industry learns, shares, and strengthens the defense of its most critical assets.
The 2025 edition, under the theme “Cyber Continuity: Oil and Gas Resilience in the Digital Era” seeks not only to update protocols or exchange best practices. Rather, it recognizes that refineries, offshore platforms, and processing plants are now digital infrastructures that move hydrocarbons. If a control system is compromised, it’s not only data that’s at risk: it’s the energy that powers cities, the supply chains that keep economies running, and the national security that could be tested.
The only OT conference in the sector
What distinguishes this event among the many cybersecurity conferences is its focus and consistency. Here, participants don’t discuss generic threats or present solutions for e-commerce or digital banking. Instead, they address the specific risks of the oil & gas environment, where ransomware can paralyze a liquefaction plant or a cyberattack can compromise an automated drilling system.
Another notable feature is its collaborative nature. The conference is organized through the voluntary work of active field professionals, not consultants or product promoters. The speakers face the same challenges daily that they analyze on stage.
In its 2025 edition, the event will feature over 60 presentations across three thematic tracks. Topics will include advanced persistent threats (APT) targeting the energy sector, the application of frameworks such as the NIST Cybersecurity Framework in OT environments, and practical cases showing the convergence between engineering, data, and security (Inspenet, 2025).
Over two days in The Woodlands, Texas, more than 750 participants will move between technical sessions, keynote speeches, and an exhibition area where specialized vendors will showcase tools designed for industrial protocols like Modbus or DNP3. There will also be demonstrations of network segmentation for environments where latency can mean the difference between safe operation and critical failure, along with threat intelligence platforms focused on state-sponsored actors who see energy infrastructure as a priority target (Energies Media, 2025).
The invisible community
It’s worth emphasizing that the true value of this conference lies in the spontaneous conversations that occur outside the stage. In hallways, over coffee, or during dinner, attendees share dilemmas rarely discussed elsewhere.
How can legacy systems be modernized without halting continuous processes? How can executives be convinced to invest in preventing attacks that may never happen? How can talent be retained when the tech sector offers higher salaries and more flexible environments?
These exchanges foster informal alliances and strengthen a support network among professionals facing the same risks. In addition, the opportunity to earn Continuing Professional Education (CPE) credits adds a practical incentive: those holding certifications like CISSP, GICSP, or GRID can renew them while learning from peers with direct, hands-on experience.
Twenty years after its first edition, and amid the most complex energy transition the oil and gas sector has ever faced, this conference holds to a vital truth: the energy that powers the world today is as vulnerable to a cyberattack as it is to a storm or an explosion. And the guardians of that digital energy gather each year to ensure the lights stay on.
Digital governance and IT/OT convergence
The central theme of the 2025 edition goes beyond technical aspects. It proposes a new way of understanding digital governance in the energy industry. The American Petroleum Institute (API), historically recognized for defining mechanical integrity and operational safety standards, has been broadening its focus to include cyber risk as part of operational integrity. This shift is already reflected in standards like API 1164, which addresses cybersecurity in hydrocarbon transport systems, and API 780, which covers insider threat management (API, 2021; Itegriti, 2020).
Let’s face reality: the certainty of a failed attack no longer exists, especially because refineries are now connected to corporate networks, supplier systems, IoT sensors, and cloud platforms. This, without a doubt, opens potential gateways for cyberattacks. Recent reports indicate that nearly 80% of intrusions in OT systems within the energy sector originate from indirect access through third parties (Inspenet, 2025). That’s why digital supply chain security has become a shared strategic concern.
Today, control engineers must understand cybersecurity, and digital defense specialists must know industrial protocols. This combination of skills is driving the creation of unified monitoring centers (industrial SOCs) that integrate threat intelligence, incident response, and red-teaming exercises focused on physical systems (Nankya, 2023).
Refineries and petrochemical plants are beginning to use machine learning, digital twins to model vulnerabilities, and simulators that replicate real attacks as part of advanced cyber resilience strategies (Nankya, 2023). However, technology alone doesn’t guarantee safety. An organizational culture that views cybersecurity as an ally of continuity rather than an operational burden is essential. The most mature companies already include cyber risk indicators in their performance dashboards, and executive committees, traditionally focused on HSE and production, are integrating digital security leaders into decision-making (Inspenet, 2025).
The API 2025 Vision captures this mindset: energy that’s safer not only physically or environmentally, but also digitally, where operational continuity depends on synergy between engineering, data, and cyber defense.
Conclusions
The 2025 API Cybersecurity Conference is highly significant. It’s no longer just about resisting attacks, it’s about integrating cybersecurity in the short term as a core component of business continuity (Kholidy, 2021). As one report states, “In an environment where refineries, platforms, and plants are fully interconnected, cyber risk becomes operational and strategic risk” (NIST SP 1800-23, 2019). Today, the most advanced organizations understand this and are integrating digital risk management into their structures alongside production and safety indicators.
Across different scenarios, the shared vision is to drive energy that is efficient, sustainable, and, in terms of security for the near future, digitally reliable. It means anticipating adversity, whether a cyberattack, physical disruption, or systemic failure, and maintaining operations through early detection, rapid recovery, and continuous resilience. The alliances formed at such gatherings strengthen the entire energy chain. In a world that is increasingly digital and fragmented, ensuring the continuity of oil and gas operations is as essential as maintaining the physical safety of a platform or a well.
Find out the highlights of API 2025 on Inspenet.
The 20th edition of the API 2025 Cybersecurity Conference brought together leaders from the oil and gas sector to share innovations, strategies, and key technologies in infrastructure protection.
References
- American Petroleum Institute. (2021, August 18). Third edition of API Standard 1164: Pipeline Control Systems Cybersecurity. https://www.api.org/news-policy-and-issues/news/2021/08/18/third-edition-of-api-standard-1164
- Hewitt, J., Wiggins, C., Penn, T., Bejtlich, A., & Knudson, K. (2019, November 12). The API 1164 framework and cybersecurity considerations for pipeline transportation and storage (Topic Paper 4-15). In National Petroleum Council Study on Oil and Natural Gas Transportation Infrastructure. U.S. Department of Energy. The Department of Energy’s Energy.gov
- Inspenet. (2025, October 26). Digital resilience and cybersecurity in the oil industry. Inspenet. https://inspenet.com/en/articulo/digital-resilience-in-the-oil-industry/
- Itegriti. (2020, August 26). Safeguarding production: OT cybersecurity for legacy and modern systems in oil & gas. Toro TXOne. https://www.txone.com/white-papers/safeguarding-production-oil-and-gas/
- McCarthy, J. (2019). Energy sector asset management: For electric utilities, oil & gas pipeline (NIST SP 1800-23). National Institute of Standards and Technology.
- Nankya, M. (2023). Securing industrial control systems: Components, cyber-defence and challenges. International Journal of Industrial Control Systems, … https://www.ncbi.nlm.nih.gov/articles/PMC10649322/
