Oil & Gas companies around the world have recently fallen victim to ransomware, malware, and other cyber threats. At first glance, it looks like these events are financially motivated because of the millions of dollars the hackers make when they get the better of these companies.
However, the reality is that their motives can be a lot more sinister and the impact of their activities can be a lot more devastating. Usually, they don’t just hold the oil & gas company’s data hostage – they also gain control over their physical assets which could be maneuvered to harm workers in precarious situations, or shut down to bring a city, region, or an entire country to a grinding halt.
Oil & gas companies are under pressure to digitize, to become more competitive, gain more control over their assets and their production, and use technology to better serve all stakeholders of the organization.
Such facilities usually have several key building blocks. The Industrial Control Systems (ICS), for example, are the production and supervision network and connect the digital world to the physical assets; Programmable Logic Control (PLC) hardware, firmware, and applications help control the assets in an industrial environment; the Supervisory Control And Data Acquisition (SCADA) systems collect data and helps control equipment in real-time. Together they make up the Operational Technology (OT) system.
The challenge for most oil & gas companies is that their OT – unlike their IT – wasn’t built with cybersecurity in mind.
While attacks against IT systems can halt operations and result in lost revenue and increased costs, attacks on oil and gas SCADA and ICS, can result in grave physical harm to personnel while seriously damaging oil and gas production, processing, and storage equipment.
Since it is not feasible to replace every PLC and ICS device with a new version that has been designed with cybersecurity in mind, organizations can defend against cyberthreats by following a few best practices and recommendations such as:
- Implementing and ensuring robust network segmentation between IT and OT networks to limit the ability of adversaries to pivot to the OT network even if the IT network is compromised
- Implementing the Principles of Least Privilege and “need-to-know” when designing network segments
- Organizing OT assets into logical zones by taking into account criticality, consequence, and operational necessity
- Identifying OT and IT network inter-dependencies and developing workarounds or manual controls to ensure ICS networks can be isolated if the connections create risk to the safe and reliable operation of OT processes
- Ensuring user and process accounts are limited through account use policies, user account control, and privileged account management
- Filtering network traffic to prohibit ingress and egress communications with known malicious IP addresses
- Requiring multi-factor authentication (MFA) for remote access to OT and IT networks
OT security needs visibility and control
Cisco works with some of the world’s largest oil & gas companies in the world. At their sites, the key is to implement well-rounded defensive techniques and programs which make it difficult for a threat actor to gain access to a network and remain persistent yet undetected.
When an effective defensive program is in place, attackers encounter complex defensive barriers. Their activity also triggers detection and prevention mechanisms that enable organizations to identify, contain, and respond to the intrusion quickly.
In today’s world, it is important that oil & gas companies understand the importance of cybersecurity. The reality is that the threat of large-scale disruptive or destructive cyber security attack is always looming, and they must be confident in their ability to identify and respond to such an attack.
Their preparedness plan, therefore, must outline a plan to pinpoint all its digital assets, and know their current vulnerabilities and the risk they represent. The organization must also be able to mitigate vulnerabilities/incidents anywhere and quickly produce metrics and reports.
For this, each organization needs to assess its need and invest in the right security tools. They must remember that they’re no longer risking their profits alone; the security of their oil rig workers are at stake – as are the economies the oil & gas companies support.
Cisco is a leader in securing enterprise networks and in industrial networking. Through our security research arm Talos, we make security inherent and embedded in oil the & gas IT and OT network.
As a result, customers gain visibility into industrial assets and communication thanks to their ability to identify OT devices and monitor ICS traffic via sensors embedded into network equipment rather than additional appliances or complex SPAN networks. This helps the organization trust converged networks.
Further, our solutions offer behavioral analysis and anomaly detection within industrial communications, simple and automated network access control and security policy deployment and enforcement, and more. All of these enable administrators to confidently protect on-premise industrial & cloud systems and industrial assets.
Thanks to our experience with OT networks, we’re able to help oil & gas companies trust their ability to monitor and analyse telemetry across the network and cybersecurity infrastructure, including industrial devices and network infrastructure. We’re also able to seamlessly combine that with advanced threat intelligence from Cisco Talos to deliver cutting edge detection & response capabilities.
We are also supporters of the Industrial Cybersecurity Standards (IEC 62443) framework developed by the International Electrotechnical Commission (IEC) and the International Society of Automation (ISA) which allows customers to rest assured knowing their systems are at par with those recommended by experts at top advisory & industry associations around the world.
At the end of the day, the oil & gas space plays a key role in global economics, politics, and more, and that’s why it will continue to be an attractive target for malicious actors. Leaders in such organizations need to make additional efforts to protect their digital and physical assets. Their IT & OT can no longer be at stake.