Industrial control systems (ICS) are a vital part of the country’s critical infrastructure as they facilitate essential services within energy plants — including oil and gas. Like many other sectors, critical infrastructure is increasing its reliance on smart devices and automation, and this exposes organizations’ infrastructure to new threats and vulnerabilities. A successful attack on ICS components can have an enormous impact, causing operational shutdowns and damaged equipment or property, and possibly putting workforce safety at risk.
Planned attacks are one of the greatest threats, accented by high-profile cases like Dragonfly, Stuxnet and the 2015 and 2016 attacks on the Ukrainian power grid. However, it’s not just malicious individuals who cause outages; as many cyber threats, from weak passwords to open ports (whether caused intentionally or the result of unintentional mistakes), can negatively impact productivity.
To protect reliability, ICS operators need to stay up-to-date with both cybersecurity challenges and the methods available to monitor and mitigate threats.
Cyber Threats in the Sector Continue to Rise
Cyber threats to critical operational technology systems can create devastating consequences for the physical world, resulting in equipment failure, power outages, or even fires and explosions within affected plants.
A survey conducted by SANS found that companies feel their control systems are more threatened than a year ago. Twenty-four percent of respondents had moved from a moderate or low threat-level perception to high or even severe/critical levels. Respondents ranked external threats as the top threat vector (61 percent), internal or unintentional threats as second (42 percent), and malware spreading across the infrastructure indiscriminately as third (41 percent). The survey also found that security for ICS had not improved in various areas and many high-priority problems identified in past surveys were still prevalent.
Critical infrastructure owners, hardware vendors, information security experts and government officials need to work together to create industry security programs that improve cyber resiliency and ultimately keep everyone safe.
Securing Industrial Control Systems
While the energy industry has made significant improvements to cybersecurity systems, the combination of rapidly advancing, digitally connected industrial components and an escalating threat landscape proves there is still more work to be done to protect the safety and productivity of these operations.
When it comes to oil and gas plants, reliability and workforce safety are of the highest importance. To ensure that these areas are kept secure, cybersecurity teams need to consider how new advanced technologies can help them take a step toward safer and more reliable critical infrastructure.
For example, solutions are now available that use machine learning and artificial intelligence to quickly learn and model the large, heterogeneous ICS environment used to run energy plants. These developments help overcome the challenges of dealing with the complexities of these systems, which make it virtually impossible for humans to manually track and identify signs of compromise or irregularities left behind by cyber attackers or unintentional threats.
These powerful solutions can monitor networks in real time and rapidly detect any changes from baseline behavior, thus facilitating containment and remediation efforts. Machine learning automatically discovers, in real time, the industrial network, including its components, connections and topology. Machine learning is then supplemented with advanced learning capabilities (artificial intelligence) to develop process and security profiles, mapping relationships and changes. The powerful combination of machine learning and artificial intelligence offers operational efficiency benefits by consolidating high volumes of alerts into context-aware incidents. Indeed, completing this work manually would not only be time-consuming, but also the results would be error-prone.
By baselining devices on the network and monitoring how they impact process behavior, any malfunctions, misconfigurations and irregularities can be quickly spotted, preventing frustrating service disruptions and even expensive repairs or loss of revenue. This intelligence can also speed up investigations of incidents to contain attacks before significant damage can occur, without needing to add additional skilled staff, which is particularly difficult, considering the current shortage of cyber skills in the job market.
Oil and gas organizations help make up the backbone of today’s economy, and the rise of digitalization in this sector means leaving them exposed is not an option. Even though the oil and gas industry has been more progressive and proactive about cybersecurity than other sectors, there is still significant room for improvement. Innovation and implementation of advanced cybersecurity technologies, such as machine learning and artificial intelligence, are important steps toward safe and reliable critical infrastructure. By establishing a baseline of ICS network communications and conducting active monitoring for anomalies, anything that detracts from expected behavioral patterns can be flagged and addressed before significant damage has occurred.
About the author: Edgard Capdevielle has an extensive background in cybersecurity and the industrial arena, giving him unique insight into the complex challenges the sector faces. As CEO of Nozomi Networks, Capdevielle has a front-row seat to the cybersecurity challenges facing infrastructure operators around the globe and the role technology innovation is playing to protect critical systems from escalating threats. He is a proven thought leader in the security space and is often invited to share his perspective in panel discussions and as a keynote speaker. His insights and views have been cited by media, and he has published a number of articles globally. Prior to joining Nozomi Networks, Capdevielle held positions with Imperva, Data Domain and EMC. He has an MBA from the University of California, Berkeley and a bachelor’s degree in computer science and electrical engineering from Vanderbilt University. For more information on cybersecurity solutions for industrial control networks, call 800-314-6114 or visit www.nozominetworks.com.