Overcoming Cybersecurity Threats

In the global energy industry’s highly charged cybersecurity environment, a couple of expressions readily apply: “ticking time bomb” and “elephant in the room.” From annoying SCADA (supervisory control and data acquisition) malfunctions to major oilfield catastrophes, every hour of every day, hackers are working feverishly on their next cyber attack. Yet, even for executives with some cyber awareness, the topic is still only tacitly acknowledged and rarely acted upon.

With hackers launching more than 40 percent of all attacks worldwide at the oil and gas industry’s critical technology infrastructure, the threat is very real. And nothing is off-limits, with SCADA systems being especially appealing for cyber destruction. Crippling cyber strikes include Saudi Aramco’s cyber intrusion by the Shamoon Wiper malware, as well as the Chinese military attacking a major SCADA vendor in Canada last year. Large and small, these targets contradict many companies’ thinking that “It can’t happen to us.”

Grouped into four tactics, strategies exist to systematically design, engineer, and put in place technological defenses that go beyond firewalls.

Risk Assessment

As recommended by API standard 1164, the first step should focus on evaluating the risks facing network and SCADA systems, which states “The operator shall conduct periodic risk and vulnerability assessments.” When conducted by technology experts, a risk/vulnerability study becomes the strategic road map for designing the network and SCADA system with (a) the most effective contingency planning and (b) prioritized counter measures. In conjunction, mandated periodic risk assessments should also be administered to provide critical documentation and recommendations for the plan’s evolution.

Protection

Virtually no oilfield company is completely unprotected from cyber attacks. However, most consider firewalls and access controls sufficient protection. Hardware and software firewalls do shield companies from known cyber vulnerabilities when existing defenses are already in place. However, firewalls are only as robust and effective as the last update. When a company’s firewall has not “seen” the newest cyber attack previously, it can deliver no defense. A key part of a proactive approach centers on proper access controls to help provide information security and ensure only authorized individuals have system access. But alternative protections should be considered.

Monitoring

The next tactic is a constant monitoring of systems and activity on the process control network. Given that firewalls may prove an inadequate defense against new, unidentified intrusions, the Monitoring step is how Zero Day Attacks are identified. The optimal monitoring approach is based on evaluating the company’s specific network, mobile devices, and SCADA systems. This level of monitoring can be programmatic but should be fairly consistent and ongoing, not periodic in nature.

Detection/Reaction

Rounding out an effective cybersecurity plan is the super-critical Detection/Reaction step. Essentially, once an attack is detected through monitoring, the response plan will be initiated. For example, Denial of Service (DOS) is a typical hacker approach intended to make a machine or network resource (such as web access) inaccessible. A proven response to successful attacks such as DOS can include a plan for falling over to a mirrored server or another data center, preferably in another remote location with different security layers. A fit-for-purpose system can be designed for any oil and gas company based on their unique technological requirements since it’s not “one size fits all.”

Outthink the Hackers

The time for ignoring “the elephant in the room” has passed; proactive steps are vital. Circumventing a cyber attack that could disastrously affect a company’s safe operation—endangering lives, production, environmental protections, and reputation, and ultimately stock value—should be Priority One now.