Navigating cybersecurity challenges | Hydrocarbon Engineering
The downstream oil and gas industry is a critical component of the global economy. There is no denying that digitisation of operations has created tremendous opportunities such as increased productivity, lower costs, and enhanced profitability. However, the challenge is that connecting operations and the business enterprise has opened organisations up to a litany of cybersecurity risks.
The increased use of automation and remote monitoring has increased the attack surface, making it necessary to take appropriate security measures to guarantee uptime.
For oil and gas companies, maintaining operations is crucial to their success, particularly for those in the downstream sector. The risk of downtime extends beyond maintenance concerns – they are extremely vulnerable to cyberattacks. The oil and gas industry was the fifth most targeted sector by ransomware alone, according to a recent study. The increased security measures that are now required have the potential to identify cybersecurity risks that increase the need for downtime while the issues are resolved in a safe manner. Yet in understanding this growing risk, there are ways to mitigate it.
The vulnerabilities of operational technology
Operational technology (OT) refers to the hardware and software systems used to monitor and control industrial processes. These systems are used extensively in the downstream oil and gas industry to manage everything from pipeline flow rates to refinery temperatures. The infrastructure is often dispersed and includes remote stations and legacy technology with different capabilities that are being integrated into the IT infrastructure.
A substantial challenge lies in the historical development of OT systems, which often predate the widespread availability of the internet. Originally designed to operate in isolation, these systems frequently lack fundamental security features such as encryption and authentication. This vulnerability arises from the fact that many OT systems were initially designed with serial-based connections, which have since been replaced with IP-based connections. Whilst this transition has been a crucial step towards helping operators bridge the capabilities gap between these two domains and gain greater situational awareness, there is a certain irony that the greater use of technology has become both the cause and solution to growing vulnerability for the sector. Visibility does not necessarily lead to detection and detection does not necessarily lead to the right response.
Therefore, whilst this transition has enhanced automation and efficiency, the new vulnerabilities it has created are not fully comprehended by many companies. This can have severe consequences for the industry if left unchecked. Moreover, the intricate nature of these systems complicates the implementation of updates and patches, given their essential role in maintaining the seamless operation of oil and gas facilities. The reluctance to introduce changes originates from the potential financial consequences of any downtime.
For instance, human machine interfaces (HMIs) linked to remote terminal units (RTUs) – especially those influencing volumetrics on pipelines – are considered to be one of the most vulnerable. HMIs and RTUs were designed with a focus on functionality rather than robust cybersecurity measures. The shift from serial-based to IP-based connections, while enhancing automation, concurrently introduced new vulnerabilities not fully comprehended during the original design. Given that these interfaces directly impact the flow rates and operations of critical infrastructure like pipelines, any compromise in their security poses a significant risk, potentially leading to operational disruptions and environmental consequences.
This article was originally published in the April 2024 issue of Hydrocarbon Engineering magazine. To read the full article, sign in or register for a free subscription.
Written by Paul Evans, Nozomi Networks