By Steve Hunter, senior director, system engineering Asia Pacific & Japan, Forescout

Since as early as the 1980s, the oil and gas industry has welcomed data, technology and digital innovation to help understand its resource and production potential, improve health and safety outcomes, and boost operational efficiency.[1] However, with competitive pressures and the collapse in oil prices globally, oil and gas companies need to find new ways to compete more effectively. This has seen many organisations in this industry adopt emerging technologies.

While new technologies such as the Internet of Things (IoT), predictive analytics, artificial intelligence (AI) and its subset, machine learning (ML) have helped the industry drastically cut costs and boost efficiency, it has simultaneously exposed these companies to harmful cybersecurity threats. To ensure the safety of their networks, it is now a board-level priority for organisations in the oil and gas industry to quantify and mitigate their cyber and operational risks.

In 2018, 26.7 per cent of security incidents affecting industrial control systems (ICS) and operational technology (OT) networks were due to vulnerabilities that could have been prevented with patches and updates, while a further 7.9 per cent were due to insecure services that were enabled. [2]

OT capabilities are changing faster than ever before due to increased connectivity, with new ways to control operations, increase efficiency, and streamline processes. However, with IT cybersecurity being relatively mature compared to the cyber-physical systems emerging from OT environments, proactive strategies must be implemented to develop OT cybersecurity.

The increase in convergence between IT and OT systems presents new risks that can have catastrophic results for oil and gas companies. With each infrastructure founded on different and, often, conflicting priorities, digital convergence will only be successful if organisations acknowledge the different needs of each environment.

Companies must adopt new security models, including network segmentation, to adapt to these new needs, as well as the connected nature of both networks. A lack of separation between IT and OT systems within the OT network in the oil and gas industry is not uncommon. However, segmentation in this network is particularly important in critical infrastructure organisations for four key reasons:

1.        Minimising attack vectors: When all systems are connected, multiple endpoints mean a hacker can easily gain access. When networks are properly segmented, endpoints are substantially reduced and more easily managed to protect against threats.

2.        Monitoring traffic: Restricting OT network traffic to protocols used by critical infrastructure reduces the potential for lost packets, as well as unplanned downtime. IT protocols tend to consume higher bandwidth and more resources, potentially interrupting communications between critical infrastructure systems.

3.        Managing access: Multiple stakeholders require access to various business systems. In addition to restricting points of entry, segmentation helps prevent unauthorised network access.

4.        Isolating threats: If an asset becomes compromised, segmentation minimises the impact on the broader organisation.

Factoring in criticality, consequence, and operational necessity, organisations must organise their OT assets into logical zones and deploy security controls to make sure risky IT devices can’t communicate with a control system. Organisations must simulate the segmentation process before executing it. By using a tool with a graphical matrix of current communication flows, organisations can visualise what these segments might look like, and further validate that the segmentation strategy won’t break critical parts of a process.

To truly mitigate operational and safety risks, oil and gas companies need to fully understand the threats to their OT networks and their origin. However, new vulnerabilities arise faster than an organisation’s ability to manually protect against them, and critical infrastructure limitations often make it hard to actively scan for new threats.

To overcome this, organisations must deploy an OT network monitoring tool, providing network visibility and letting companies identify cyber risks such as device vulnerabilities and operational risks, including out-of-range process values. Automated, agentless tools that continuously monitor for threats provide superior protection against a constantly evolving cybersecurity threat landscape.

Companies in the oil and gas company can reduce risk by monitoring their OT network in three key ways:

1.        Visibility
As OT network complexity continues to rise, organisations are only making incremental network security improvements, leading to a growing visibility and risk gap. A network monitoring system gives oil and gas organisations a comprehensive, real-time, and 24/7 view of network activity. This provides visibility into more assets and deeper control into system levels.

It’s essential that organisations identify and classify every user and every device on every network because businesses can’t control what they can’t see. Absolute device visibility is the key to reducing risk and improving the organisation’s security posture.

2.        Threat detection
OT network monitoring can identify any deviations in the normal baseline of network traffic. Through real-time network analysis, cybersecurity teams can detect and alleviate threats as they occur.

The nature of the oil and gas industry means that cyberthreats can be catastrophic and cause real-world damage. Often motivated by geopolitics and espionage, cybercriminals target OT systems through a variety of strategies including entering networks from previously safe networks and devices. OT network monitoring can help identify previously unknown assets on the network and identify abnormal behaviour from previously safe networks or devices, preventing sneak attacks.

3.        Real-time data collection
A huge benefit of OT network monitoring is the collection of real-time data. Access to real-time data means that incidents are responded to almost instantly, often minimising their impact.

Organisations can also use this data to inform future decisions including cybersecurity policies. Many OT monitoring solutions go beyond data collection from multiple systems, also providing comprehensive alerts with contextual analysis support, and guiding users in addressing at-risk devices.

A shared concern across the collective oil and gas industry is how implementing any new technology might impact operations and safety, and if it will require any design changes. Some solutions won’t require significant investment in infrastructure and can be delivered as a turnkey project. While digitalisation brings significant risks to the oil and gas industry, it also provides copious benefits. By investing in OT network monitoring, oil and gas companies can gain visibility, better understanding their potential risks and how to alleviate them.

[1] https://reports.weforum.org/digital-transformation/wp-content/blogs.dir/94/mp/files/pages/files/dti-oil-and-gas-industry-white-paper.pdf
[2] https://www.securitymagazine.com/articles/90782-human-error-caused-52-percent-of-cybersecurity-incidents-in-the-industrial-sector-in-2018