Oil & Gas Facilities Face Increased Threat Of Cyber Attacks

What is the impact of digitization on the Oil & Gas industry?

According to our partner Mission Secure, a Gartner Cool Vendor and leader in Operational Technology (OT) security:

17%

Oil & Gas companies believe they would detect a cyber attack

95%

Say their cybersecurity does not meet the organisation’s needs

48%

Say it would be difficult to meet today’s requirements

A recent BBC News article highlighted that dozens of IT systems have been disrupted at terminals with oil storage and transport around the world being affected. Some reports suggest the attacks are ransomware, where hackers scramble data and make computer systems inoperable until they get paid a ransom. The disruption comes as tensions remain high between Ukraine and Russia and as concern over rising energy prices grows.

The energy sector is no stranger to cyber attacks. The most recent came in 2021 with the ransomware attack that shut down a major U.S. oil and gas pipeline responsible for supplying nearly half of the East Coast’s petroleum. But for global energy industry leaders – and the oil, gas and utility sectors in particular – this is another incident in a series of cyber attacks on critical infrastructure in the increasingly harried digitally connected energy ecosystem, that requires an urgent solution.

The Oil & Gas industry often have old technologies not designed for digitization; the environment has changed. Industry leaders will need to build cyber resilience into their organisations and partnerships to continue providing reliable, timely fuel deliveries to their customers in a future full of potential cyber threats. Cyber attacks can compromise the availability, integrity, and confidentiality of oil and gas companies. In the worst case, they endanger lives.

CEOs and board members must draw from their decades of expertise in integrating energy assets with operational technology (OT) and leveraging information technology (IT) networks to reduce cyber risk across their hyperconnected operating environments.

Despite the move towards sustainable energies, oil and gas still underpin the normal function of numerous sectors across the world, making economies heavily reliant on fossil fuels.

What’s required is a military strength, industrial-grade protection to help maintain operability, even under the threat of a cyber-attack. Providing Cybersecurity for OT and industrial control systems (ICS) networks by stopping the cyber attack BEFORE it happens. No downtime. No surprises.

As new regulatory challenges evolve, maintaining on-going compliance in frameworks like ISO, IEC, NIST and others is essential.

Our partners Mission Secure, have developed a platform and service with the capability to protect vulnerable networks and systems. Their Signal-Integrity Sensor monitors key operational assets and processes to detect tampering and prevent possible equipment damage and unplanned disruption. It can also be deployed in a non-invasive way into what is often a fragile inherited system.

The key differentiator with Mission Secure is their ability to isolate and protect;

“The Mission Secure Platform constantly monitors and assesses your cyber physical systems giving an understanding of what’s happening, what’s new to investigate, and to identify attacks and human error. To have the knowledge about what is disruptive is the first step towards building a proportionate defence strategy.

Many Oil and Gas companies believe they are protected with an ‘air gap’ approach. However, the dynamic nature of energy operations opens the door to insider threats, and air gapped OT networks are not immune from other cyberattack methods such as socially engineered advanced persistent threats (APTs).”

Steve Hester, Director, Strategic Account Sales, Mission Secure

By establishing cybersecurity best practices and improving preventative security measures, business units can also realise significant cost savings on cybersecurity insurance premiums.

What Are The First Steps To An OT Cybersecurity Solution?

Conduct an assessment of existing infrastructure. Carry out reviews with key stakeholders to determine the IT and control system requirements and the operational engineering processes necessary to support operations in identifying vulnerabilities that could lead to cyber-related incidents.

Implement new OT cybersecurity control measures. This includes segmentation, protection and signal-integrity monitoring to mitigate existing vulnerable systems. A roadmap can then be built to address technological gaps and provide protection for people and processes in the long term.

activereach, in partnership with Mission Secure, has the expertise to design a working solution for ICS / OT network architectures. The services team can install all the secure platform components at each customer facility. With the Mission Secure Platform and 24/7 Managed Services in place, the customer has network visibility, monitoring, segmentation, and protection at each facility to:

  • Protect the operational networks from inbound traffic coming from untrusted, connected third-party networks and equipment
  • Prevent un-authorised access into the multiple wireless access points around the facilities
  • Provide access control and tracking in the main control system communications ring
  • Lock down communications to and from engineering workstations and HMI’s

Our security partnership will help the customer address their changing security needs, improve their security incident management and provide a framework to continuously review their environment as the threat landscape changes.

Let us protect your OT and ICS network to safeguard your operations. To see the Mission Secure platform in action please complete our Demo Request form or call the activereach team on 0845 625 9025