Cyber-attacks on the rise
SECURITY A MAJOR CONCERN FOR OIL INDUSTRY AS NEW BATTLEFRONT EMERGES
UDI EDRY, NATION-E, SANTA CLARA, CALIF.
AS CYBERSECURITY CONTINUES to advance at an incredible pace, it is matched by the incessant efforts of hackers to mount perilous attacks against global corporations, government agencies and local industrial enterprises. This struggle can be seen in the realm of critical infrastructure in the oil and gas industry, which is gradually emerging as a new battlefront in the "fifth domain of warfare."
In recent years, these dynamics have become even more palpable, generating greater investment by key industry players in cyber protection for energy-related critical infrastructure and installations. Accordingly, a report by Frost & Sullivan, "Global Oil and Gas Infrastructure Security Market Assessment," estimated that the total market is expected to reach $31 billion dollars by 2021. Drawing from these impending threats and projections, the need for a cutting-edge, extensive and preventive approach for cyber threats has become paramount.
The nature of the problem relates to the design, installation and functionality of the Operational Technology (OT) used to manage and operate industrial and critical infrastructures. The main systemic vulnerability lies at the interface of OT systems with IT networks/internet. Conventional IT networks can be a gateway for infiltration to the OT through numerous attack vectors, resulting in malicious activity and leading to several potentially harmful outcomes:
- Hijacking and manipulating crucial systems within drilling sites for malicious purposes (e.g, causing hazardous oil spills and/or gas leaks).
- Critical infrastructure downtime: deactivating critical functions that can inflict damage to assets and lead to loss of life (e.g, power outages disabling chilling systems).
- Disruption of pumping units and oil production.
- A major environmental incident inflicting economic and reputational damage (e.g, a deep water blowout and explosion leading to an oil/toxic waste spill).
Attacks on the oil and gas industry are taking place more often as cyber-attackers gain confidence over time. In 2014, we witnessed more than 300 Norwegian oil and gas companies suffer from a cyber-attack via spear-phishing emails and Trojan horses. The attackers identified key personnel in the energy companies, sent them seemingly legitimate emails with attachments, which when opened, unleashed malware into the networks. This shows just how easy it is for an attacker to access and control networks and critical infrastructure.
In order to effectively safeguard the OT landscape, it is important to understand the motivation behind cyber-attacks in the oil and gas industry. Hackers and cyber-criminals are driven by various motives, including political and ideological beliefs, economic value, related criminal activity spilling over to cyberspace, strategic gains, and other issues pertaining to national security. For example:
- Nation-states utilizing the cyber domain for surreptitious inter-state warfare and covert operations.
- Attacks driven by political and ideological beliefs (e.g, terrorist groups or "hacktivists") trying to inflict harm on organizations they oppose.
- Profit-motivated attacks against leading energy corporations for the purpose of extortion.
- Industry sabotage among competing companies.
The oil and gas industry is comprised of three sub-sectors, and each sub-sector includes numerous processes involving critical infrastructure and systems that are susceptible to cyberattacks. Such attacks can result in system shutdowns worth millions of dollars a day in production losses and repair expenses:
UPSTREAM: Companies specializing in exploration and production
- Drilling - extraction controls, pump controls, blow-out prevention
- Gathering - monitoring and measurement systems
- Separation - heaters, combustion control systems, burner management systems, compressor control systems, emergency shutdown systems
- Metering - various metering systems
MIDSTREAM: Companies specializing in transportation, trans-loading, and storage of petroleum products
- Terminal management - metering and movement management systems
- Processing - separating natural gas and NGL
- Oil and gas transportation - pipeline management (SCADA)
- Oil and LNG storage
DOWNSTREAM: companies specializing in natural gas and oil processing and refining
- Refining - refinery systems, blend control/optimization systems, emission monitoring systems
- Oil petrochemicals - processing base chemicals and plastics
- Distribution
- Retail
Nation-E has innovated the realm of cyber protection for critical infrastructure and IIoT in the oil and gas industry. Our solution offers a defense layer within the OT that allows effective prevention, detection and containment of abnormal and risk-bearing activities, thereby mitigating the risk associated with the fact that OT systems were not designed with cyber security considerations in almost all cases. Since legacy assets are now accessible to IT networks/internet, the IT-oT interface is a vulnerable point that can become a penetrable attack channel against the OT or vice versa (IT from the OT domains).
The serial or non-IP communications market has very few players that offer solutions to the problem at hand. Our technology stands out because of its one-of-a-kind, holistic approach, which ensures close monitoring of assets, secure communications and the ability to identify rogue access attempts. Our unique combination of in-house hardware and software comes with a set of advanced features with real-time responsiveness at a cost-effective price. It is designed as an "add-on" solution, which does not require rip-and-replace or any modifications to the existing OT infrastructure.
Nation-E's solution involves a transparent security layer that monitors all OT data traffic; encrypts and authenticates asset communications; enforces access control and/or security policy on all protected machines. It includes a central command unit as well as a communication system that configures and manages access to the assets; monitors security events and alerts; and offers powerful tools for security analysis and threat identification. Key benefits of Nation-E's solution include:
- Protects serially-connected critical assets through encryption and authentication. This allows prevention of rogue access to the system.
- Enables behavioral learning of common practices, passive monitoring of the traffic, asset inventory monitoring, abnormal or risky traffic patterns, policy enforcement and real-time threat isolation and mitigation.
- The Cerebrum enables immediate adaptation and learning by sending instant alerts about tampering, traffic abnormalities, deviations from a specified policy, or communication disruption.
- Permits effective incident response practices using an existing SIEM, followed by a guided investigation.
Our solution has a multi-layered approach, proprietary hardware and software design, and advanced technical features. We can help you protect your organization from impending security threats, without changing the system architecture or topology.
ABOUT THE AUTHOR
Idan Udi Edry is CEO at Nation-E and a veteran in the fields of information technology and data security. Prior to joining Nation-E, Edry served as head of data and security for Pelephone, a cellular operator in Israel. He led special strategic projects for numerous governmental agencies and organizations, working closely with high-ranking officials. Edry served as an Air Force officer for over eight years, reaching the rank of captain. During his tenure, he led hundreds of professionally-trained military personnel, building and operating advanced information systems. Edry has mastered multiple disciplines and has accumulated 13 formal certifications from renowned IT and Telecommunications institutes.