The oil and gas industry must take cybersecurity seriously

The very nature of the oil, gas and petrochemical industry means it is exceptionally vulnerable to attack, making robust cybersecurity a matter of life and death

  • By Elizabeth Matsangou | Tuesday, July 4th, 2017

Cyber-attacks on key energy infrastructure could have serious consequences. Such vital targets must be protected as fully as possible

Though the threat of cyber-attacks is pertinent for all sectors, it remains particularly dangerous for the oil, gas and petrochemical sector. First, there is the fact transactions made within the industry involve highly sensitive information, often pertaining to potential new sites and end-user consumption. Second, there is the endemic threat that relates to the very nature and relevance of the industry in geopolitical terms.

Given the wealth and, in turn, power that comes with oil and gas reserves, refineries have long been prime targets for terrorist groups: their capture has been a dominant feature of ISIS’ strategy. Consequently, the industry has been more proactive than others in terms of bolstering its cybersecurity. That said, many companies are still only at the start of a long road, particularly as hackers continue to find increasingly sophisticated ways to infiltrate even the most prepared victims’ systems.

Double trouble
There are obvious physical dangers inherent in the oil and gas sector, but the process of digitalisation raises a whole new type of threat. This is because processes and data become vulnerable to external forces as corporations digitally connect their industrial components.

“A major trend in oil and gas technology is the application of automation and machine learning to address the cybersecurity skill and manpower shortfall in the energy industry. However, as more connected devices move into the sector, so do the opportunities for more risk”, said Edgard Capdevielle, CEO of cybersecurity firm Nozomi Networks.

Artificial intelligence and machine learning can help organisations detect threats through the scrutiny of networks in real time, allowing them to flag any variances from ordinary baseline behaviour

A further issue is the tendency for oil and gas firms to use third parties for their operational technology (OT) management, which means they often have insufficient OT-specific knowledge of their equipment. “As a result, they have less control of the infrastructure and its security”, Capdevielle explained. “Historically, oil and gas companies have focused on strengthening IT security and isolating OT from IT. Today, that approach is no longer enough as the Industrial Internet of Things (IIoT) makes it possible for cyber-attacks to go straight to OT subsystems.”

As Capdevielle explained, operations, productivity and employee safety can all be affected by cyber-incidents. And, while planned assaults are the biggest threat facing the industry (as evidenced by recent attacks on the Ukrainian power grid), unintentional incidents are also perilous. For example, infected USB drives or third-party laptops can accidentally introduce malware, while device traffic storms are also dangerous. Unfortunately, such incidents increase apace as IIoT devices migrate to OT environments that are traditionally siloed. “Expect these cyber-attacks to grow in frequency and sophistication”, warned Capdevielle.

Winds of change
Although this combination of threats has created a challenging environment for the sector, new equipment has begun to incorporate far more sophisticated security software to give firms greater protection.

“Newer technologies use advanced visibility tools; technologies that document and visualise systems and detect intrusion”, Capdevielle said. “This means that there is good security hygiene – something that current practices lack.

“Control system traffic is predictable, so, by establishing a baseline of network communications and conducting active monitoring for anomalies, anything that detracts from expected behavioural patterns is identified as malicious.”

What’s more, artificial intelligence and machine learning can help organisations detect threats through the scrutiny of networks in real time, allowing them to flag any variances from ordinary baseline behaviour. “They also speed up the investigation of incidents, allowing firms to contain attacks before significant damage can occur, without needing to add additional staffing”, Capdevielle added. This new technology is giving firms in the oil, gas and petrochemical sector more than a fighting chance – it’s fundamentally changing the game. Hackers will always innovate, but for now the future looks hopeful for the industry.

  • Andrew Ginter

    We’ve been saying this for years, but strive for prevention, not just detection. Check out unidirectional gateway technology – it blocks communications from entering the control system for prevention of cyber attacks.