Security for the Oil, Gas, and Energy Sector: An Operational Guide

The oil, gas, and energy sector has a security footprint unlike almost any other industry. Operations span some of the world’s highest-risk environments, from Nigeria’s Niger Delta to Iraqi Kurdistan, from Kazakhstan’s remote steppe to offshore platforms in the Gulf of Guinea. The workforce is international, rotational, and highly predictable in its movement patterns. The infrastructure is both economically critical and politically significant. And the sector’s wealth profile makes its executives a defined target for kidnapping and extortion in markets where those methodologies are active.

This guide covers the security planning requirements across the primary energy sector operating environments.

Nigeria: the Niger Delta

Nigeria’s Niger Delta remains the most studied and highest-risk onshore oil and gas operating environment globally. The threat picture has multiple layers:

Kidnap for ransom. Expatriate oil workers have been a consistent kidnapping target since the mid-2000s. The methodology involves surveillance of known oil company personnel in Port Harcourt, boat-based interdiction on creek routes, and in some cases insider facilitation. Ransom negotiations in Nigeria’s Delta typically involve sums in the range of USD 100,000 to 500,000. Many cases are not reported to protect ransom negotiation and insurance positions.

Militant group activity. The Movement for the Emancipation of the Niger Delta (MEND) and its successor organisations, including the Niger Delta Avengers (NDA), have demonstrated sustained capability to attack production infrastructure, including pipelines and flow stations. Production disruption is both an economic and a safety risk. Security planning for any Delta operation must account for the possibility that a security incident is connected to a broader production disruption operation rather than a standalone criminal act.

Local community relations. Operations without a functioning community engagement programme face a higher targeted security risk. Communities that perceive oil operations as extractive without local benefit have provided intelligence to militant groups and facilitated access in documented cases. Community relations is a component of the security programme, not a separate CSR function.

Source: OSAC Nigeria Country Security Report 2024. Control Risks: Nigeria Security Outlook 2025. Council on Foreign Relations: Nigeria’s Niger Delta Security.

Angola, Mozambique, and Southern African offshore

Angola’s offshore sector (Block 0, Block 15, Block 32 – Cabinda, Luanda offshore) operates at a materially lower kidnap risk than Nigeria’s Delta. Port Harcourt’s urban kidnap environment is more dangerous than Luanda for expatriate workers on the ground, but Luanda itself has an elevated opportunistic crime risk.

Mozambique’s LNG development (Cabo Delgado province) has been severely disrupted since 2017 by the Ansar al-Sunna insurgency (locally referred to as Al-Shabaab, distinct from the Somali organisation). In 2021, the attack on Palma – a Total-supported LNG project town – resulted in multiple deaths and the temporary suspension of TotalEnergies’ operations. The insurgency remains active. Any operational planning for Cabo Delgado requires specific, current intelligence rather than a general Mozambique risk assessment.

Kazakhstan and Central Asia

Kazakhstan’s oil sector (Tengizchevroil’s Tengiz field, the Kashagan field consortium) operates in a geographically remote environment with a different threat profile from West Africa. The primary risks are:

FIFO workforce management. Tengiz and Kashagan operate large rotating workforces with predictable arrival/departure schedules. The predictability of these rotations creates a potential surveillance exploitation window that a security programme must address.

Labour relations and industrial action. Kazakhstan’s oil sector has documented history of labour unrest, including the 2011 Zhanaozen oil strike that resulted in significant violence. Industrial relations risk should be a component of the security assessment for any major Kazakhstan operation.

Cross-border context. Kazakhstan borders Russia, China, Uzbekistan, Kyrgyzstan, and Turkmenistan. The geopolitical context post-2022 (sanctions, rerouted supply chains, the repositioning of the Caspian Pipeline Consortium) affects the regulatory and security environment for international operators.

Middle East energy security

The Gulf states present a relatively stable operating environment for oil and gas operations compared to West and East Africa or Central Asia. The specific considerations:

UAE and Saudi Arabia have well-resourced security services and relatively low crime rates. The primary security considerations for energy executives are: compliance with the local security licensing framework (SIRA in UAE, Ministry of Interior in Saudi Arabia), communications security for sensitive business discussions (the UAE Cybercrime Law imposes significant restrictions), and awareness of the political and commercial intelligence environment.

Iraq presents a far more complex picture. The Kurdistan Region of Iraq (KRI) hosts significant energy investment (oil exports, gas flaring reduction projects) and has a markedly lower security risk than southern Iraq and Baghdad. However, the KRI is not without risk: Iranian military strikes have targeted Erbil in 2022 and 2024, and the political relationship between the KRI and Baghdad creates regulatory uncertainty. Any operational presence in Iraq outside the KRI requires specialist security planning.

For the Middle East close protection operating framework including UAE and Saudi Arabia specific requirements, see our close protection Middle East guide.

Offshore platforms and duty of care

Offshore platforms create a specific duty of care challenge: in the event of a medical emergency, trauma incident, or security incident on an offshore installation, evacuation to definitive medical care takes time that can be measured in hours, not minutes.

A platform-based security and emergency response programme must account for:

On-platform medical capability. The platform’s medical team and equipment must be capable of managing the most likely serious medical emergencies for the time it takes to evacuate to shore. For platforms more than an hour from a definitive trauma centre, this standard is higher than for nearshore operations.

Evacuation planning. Helicopter evacuation, lifeboat deployment, and standby vessel protocols should all be tested, not just documented. The personnel responsible for executing evacuation procedures should have practised them.

ISPS Code compliance. International Ship and Port Facility Security Code compliance is the baseline for covered installations. It is not a complete security framework – it establishes minimum requirements for physical security and access control – but compliance is mandatory and inspected.

Armed response. In high-risk offshore environments (Gulf of Guinea, Red Sea transit), armed protection is deployed under the IMO’s guidance on privately contracted armed security personnel (PCASP). For the maritime security framework, see our maritime security guide.

Energy conference security

Major energy sector conferences – CERAWeek (Houston), ADIPEC (Abu Dhabi), Gastech, ONS (Stavanger) – concentrate high-profile executives from politically sensitive markets in a predictable, publicly announced environment. Corporate espionage targeting at these events is documented: the concentration of decision-makers in a hotel environment, with informal networking over several days, creates opportunities for social engineering, room-entry technical surveillance, and targeted information collection.

Security planning for conference attendance should include: hotel room sweep capability for senior delegates, communications security discipline for sensitive discussions, awareness of who else from competitor companies or politically exposed organisations is attending, and a social engineering awareness briefing for all delegates attending.

For the technical surveillance countermeasures applicable in hotel environments, see our TSCM guide. For the digital security disciplines relevant to international conference attendance, see our executive digital security guide. For security planning across the full lifecycle of major energy and infrastructure construction projects in high-risk environments, see our guide to security for construction and infrastructure projects. For the specific security requirements of remote and off-grid exploration or production operations – mine awareness, MEDEVAC planning, satellite communications, and community conflict management – see our remote operations security guide. For the security operating environment in Kazakhstan’s major energy markets – including KNB surveillance, FIFO predictability risk at TCO and Kashagan, the January 2022 civil unrest, and the legal and commercial risk framework – see our close protection in Central Asia guide. For the specific security challenges of the mining and extractive industries – community conflict, the Voluntary Principles framework, artisanal mining dynamics, junior explorer risk, and the Marikana labour security lessons – see our mining and extractive industries security guide. For the distinct security framework applicable to renewable energy infrastructure – wind and solar construction phase security, cable and copper theft protection, environmental protest and direct action management, IP theft of energy technology, and grid CNI regulatory requirements – see our renewable energy infrastructure security guide. For the specific security challenges of offshore oil and gas platforms – Gulf of Guinea piracy and crew abduction risk, North Sea drone and infrastructure targeting threat, ISPS Code and OIM authority framework, helicopter transfer manifest security, contractor vetting gaps, and MEDEVAC from beyond SAR helicopter range – see our offshore oil and gas platform security guide.

Source: OSAC Nigeria Country Security Report 2024. Control Risks: Africa Risk Outlook 2025. TotalEnergies Palma incident report and Control Risks assessment (2021). IMO: ISPS Code (2003, as amended). IMO MSC-FAL.1/Circ.3: Privately Contracted Armed Security Personnel (PCASP) Guidelines 2020. Kazakhstan Oil and Gas Security Assessment, OSAC 2024.

For cargo theft patterns in energy sector supply chains – TAPA FSR/TSR standards, GPS jamming and spoofing countermeasures, organised retail crime in distribution, and pharmaceutical cold chain integrity – see our security for supply chain and logistics operations guide.