Technology
Cyber security in the oil and gas industry: preparation for risks THE OIL AND GAS SUPPLY CHAIN IS A GLOBALLY interconnected environment, moving millions of barrels of crude oil and billions of cubic feet of natural gas on a daily basis. Due to the increasing demand in global energy, the oil and gas industry faces many disputes and challenges in the service sectors of exploration and production (upstream); processing, storage and transport (midstream); refining and processing (downstream); and oilfield applications. One of these challenges is the growing risk of cyber threats. Today’s industrial Ethernet and wireless technologies have made it easy for oil and gas professionals to share data faster and more efficiently – whether they are on an offshore platform or back in the main office. All of these far-flung locations, spread throughout the globe, are connected via complex, enterprise-wide networks transferring critical data between all areas of production and processing and to the corporate headquarters for planning and scheduling purposes. Connecting control systems with the business world optimizes operations. However, these complex communication networks distribute data in all directions and to multiple applications, increasing the risk of cyber threats. An accidental virus infection could shut down production, costing millions of dollars in lost revenue. The global supply chain infrastructure is susceptible to numerous risks and threats; any intentional or accidental disruption anywhere along the communication path could result in a catastrophe. This susceptibility of the communication path begins at the wellhead and ends at the distribution point at the other end of the supply chain. Hackers have a long path on which to find a small back door that allows them entry to inflict potential damage. This is not a simple violation of the companies’ privacy or security.
Cybersecurity guidelines
According to a news release from Tripwire, 82 percent of oil and gas industry respondents said their organizations have seen an increase in successful cyberattacks over the past 12 months. The study, by Dimensional Research in November 2015, included more than 150 IT professionals in the energy, utilities, and oil and gas industries. The study also found that
34
SOURCE: PHOENIX CONTACT
By following federal and industry standards and implementing a defense-in-depth approach to cybersecurity, hydrocarbon professionals in the oil and gas industry will be better prepared to prevent the financial, informational and physical risks that can result from a cyber-attack.
CIFS Integrity Monitoring is an alternative to traditional anti-virus methods.
69 percent of oil and gas respondents said they were “not confident” their organizations were able to detect all cyberattacks. Unfortunately, there are numerous examples of cyber risks and threats to the oil and gas industry. One of the biggest threats appeared in 2012, when the Shamoon virus attacked Saudi Aramco, the world’s leading oil and gas production company. The virus erased data in at least 30,000 of Aramco’s corporate computers. Aramco reported that the objective of the attack was to stop the company’s production, which represents more than 10 percent of world oil supply. Shamoon is just one example of a threat to strike the industrial world. Other well-known malware includes Stuxnet, Flame and Duqu, but others are likely lurking undetected. A hydrocarbon system could come under cyberattack for multiple reasons: • Financial gain: providing insider information • Intellectual property theft • Supply disruption from environmental activists • Supply disruption from political activists • Disgruntled employee • Gaining unlawful access to technology related to production and processing
• Terroristic threat • Cyber warfare by a rogue nation The owner-operators must address all of the above points as they begin designing and maintaining a “cyber-secure” control and communications network infrastructure throughout the entire supply chain, from the wellhead to the final distribution point. How will an owner-operator develop, implement and maintain a corporate-wide, global-yetlocal cybersecurity strategy of this magnitude? In the new cyber world order, everyone should be involved in the design and engineering of cybersecurity guidelines for existing systems. This represents a huge challenge for owners and operators. They now need to locate and map out the entire supply chain network and determine what technologies, best practices and programs are suited for the specific system without any production interruptions. Meanwhile, they must meet the cybersecurity guidelines that government agencies have imposed for the specific industry.
Protection of critical process data
Hydrocarbon production, processing and distribution systems have evolved and
in d u s t r ial et h er ne t b o o k
10.2019
