RE­MOTE IN­SIGHT RE­PORT

O& G Cy­ber Se­cu­rity

OffComm News - - FRONT PAGE -

Are we do­ing enough?

Off­shore may be far from the crowds, but dis­tance doesn’t min­imise cy­ber threat. In­no­va­tions in tech­nol­ogy are al­low­ing us to drill fur­ther and deeper. But th­ese ad­vance­ments of­ten come with an ar­ray of open back- doors. So, as nu­mer­ous dif­fer­ent net­works and de­vices find their way onto rigs and re­mote in­stal­la­tions, just what can be done to pro­tect the oil and gas in­dus­try asks Vaughan O’Grady.

There is no short­age of ac­tiv­ity in the re­mote ex­plo­ration cy­ber se­cu­rity space th­ese days. Late last year, for ex­am­ple, we heard that RigNet had se­lected cloud se­cu­rity spe­cial­ist Alert Logic’s Threat Man­ager and Ac­tive-Watch ser­vices to help its oil and gas cus­tomers bet­ter iden­tify sus­pi­cious net­work traf­fic and re­spond quicker. In Fe­bru­ary, Air­bus De­fence and Space and Com­mu­ni­ca­tions In­ter­na­tional an­nounced an al­liance to en­hance se­cure ra­dio com­mu­ni­ca­tion so­lu­tions for the Brazil­ian min­ing in­dus­try. In May,

GE an­nounced the ac­qui­si­tion of Wurldtech, a leader in cy­ber se­cu­rity so­lu­tions, not­ing: “This move is one of sev­eral by GE to help pro­tect crit­i­cal in­fra­struc­ture and ad­vance cy­ber se­cu­rity ef­forts glob­ally for key in­dus­tries.” But what should re­mote ex­plo­ration com­pa­nies be wor­ried about? Chris Camejo, di­rec­tor of in­for­ma­tion se­cu­rity and risk man­age­ment

spe­cial­ist NTT Com Se­cu­rity, cites a num­ber of threats. They in­clude the po­ten­tial for users on their net­works to bring mal­ware into the en­vi­ron­ment, so­cial en­gi­neer­ing at­tacks (“trick­ing a user into in­stalling a back­door into the net­work”) and the vul­ner­a­bil­i­ties of in­dus­trial con­trol sys­tems. He ex­plained: “In­dus­trial con­trol sys­tems ~ in­clud­ing SCADA ~ have a long his­tory of vul­ner­a­bil­i­ties, ad­min­is­tra­tors de­ploy­ing in­se­cure con­fig­u­ra­tions, de­fault pass­words, and in some cases pro­to­col de­signs that are sim­ply not ap­pro­pri­ate for con­nec­tion to a po­ten­tially hos­tile pub­lic net­work.” The re­sult­ing eco­nomic dan­gers, for oil and gas in par­tic­u­lar, said his col­league Lars Thore­sen, CSO & CQO Nordic re­gion, are not just in­for­ma­tion theft but very ex­pen­sive sys­tem down­time.

Where are threats com­ing from?

The mo­tives for cy­ber at­tacks vary. Disgruntled in­sid­ers are an ob­vi­ous source but Alert Logic's chief se­cu­rity evan­ge­list, Stephen Coty, also cites “in­dus­trial es­pi­onage by coun­tries look­ing for a

com­pet­i­tive ad­van­tage us­ing re­mote ac­cess Tro­jans built to spy on or­gan­i­sa­tions; po­lit­i­cal mo­tives; and peo­ple who just want to know how the sys­tem works and break in to ex­plore out of cu­rios­ity.” Camejo sug­gests that some at­tack­ers may be look­ing to gather eco­nomic in­for­ma­tion on lease bids or to ex­ploit weak­nesses in con­trol sys­tems. He said: “The ‘ Night Dragon’ mal­ware and another at­tack re­ported last year both stole pass­words, mo­dem num­bers, and other in­for­ma­tion that could be use­ful for hi­jack­ing con­trol sys­tems and us­ing them for sab­o­tage.” Just about any com­mu­ni­ca­tions sys­tem can be vul­ner­a­ble un­less it is prop­erly se­cured. Camejo points out that even satel­lite ter­mi­nals and cel­lu­lar con­nec­tions, in many cases, “are just another de­vice with an IP ad­dress that can be ac­cessed from any­where in the world and face the same sort of at­tacks as their leased-line brethren.” Tele­phone modems are of­ten used as an out- of- band backup in case of an in­ter­net ou­tage or for pe­ri­odic con­trol of re­mote lo­ca­tions. Th­ese too are vul­ner­a­ble be­cause they tend to be con­nected di­rectly to con­sole ports on sen­si­tive de­vices, de­vices that may have de­fault, or no, pass­words. “Ra­dio com­mu­ni­ca­tion links should also be on the se­cu­rity radar as the price of soft­ware de­fined ra­dio ( SDR) tech­nol­ogy quickly drops,” Camejo pointed out, and Thore­sen added “also, let­ting a sys­tem be in­stalled with de­fault set­tings may leave that sys­tem open to known vul­ner­a­bil­i­ties or back­doors.” The more points at which se­cu­rity could be com­pro­mised ( sys­tems, peo­ple, de­vices) the more risk. But the risk may be greater be­cause, as Coty sug­gests, re­mote sites tend to have what he calls “a lower se­cu­rity pos­ture.” This cer­tainly doesn't help when per­sonal de­vices are in­volved. Staff may want to ac­cess, mon­i­tor or con­trol in­ter­nal sys­tems ~ even SCADA ~ from any wire­lessly en­abled de­vice any­where but they run the risk of pick­ing up mal­ware on a pub­lic WiFi net­work and spread­ing it. “The best ad­vice,” said Thore­sen, “is to al­ways con­duct a thor­ough risk anal­y­sis be­fore al­low­ing any mo­bile de­vice re­mote ac­cess to sys­tems con­tain­ing sen­si­tive in­for­ma­tion.” Coty added: “A pa­per we wrote on this* found that BYOD in­tro­duced a great amount of risk into en­vi­ron­ments. Us­ing desk­tops in the cloud has given a new strat­egy in which we can still cen­trally se­cure and mon­i­tor desk­tops while mak­ing them avail­able for a re­mote work­force.” Another prob­lem, said Camejo, is that many of the sys­tems that are de­ployed in the field are rarely up­graded or up­dated due to a lack of IT re­sources and, of­ten, fear that up­dates will cause out­ages that im­pact the business. “It's still fairly triv­ial to find con­trol sys­tems with de­fault pass­words and known vul­ner­a­bil­i­ties con­nected to the in­ter­net,” he notes.

Se­cu­rity strate­gies

Per­haps that is why Coty ar­gues for the im­por­tance of “a solid strat­egy that has man­age­ment support to en­force the poli­cies cre­ated to pro­tect the en­vi­ron­ment.” He also sug­gests pre­ven­ta­tive mea­sures, such as “lock­ing down the phys­i­cal se­cu­rity of the fa­cil­i­ties to make sure there is no out­side in­tro­duc­tion of ma­li­cious tech­nolo­gies; the hard­en­ing of com­puter net­works and the im­ple­men­ta­tion of a se­cu­rity- in- depth strat­egy; and mon­i­tor­ing the se­cu­rity tech­nolo­gies that are de­ployed 24/ 7 to look for pos­si­ble in­ci­dents and anom­alies.” Chang­ing de­fault pass­words and patch­ing vul­ner­a­bil­i­ties are also im­por­tant but, said Camejo, ” This ap­plies equally to the back of­fice sys­tems, the con­trol sys­tems in the field, and the in­fra­struc­ture pieces that con­trol the satel­lite, cel­lu­lar, and ra­dio links.” At the or­gan­i­sa­tional level, IT man­agers need con­trol of the se­cu­rity poli­cies for the de­vices and the au­thor­ity to en­force them. And, Camejo points out; staff need to be aware of the threats of lax pass­word con­trol, phish­ing emails and in­stalling ‘ sketchy’ apps ( that could be mal­ware) on their BYOD de­vices. On the tech­nol­ogy side Camejo said, “2- fac­tor au­then­ti­ca­tion and VPNs are key tools to make it more dif­fi­cult for re­mote at­tack­ers to ac­cess sen­si­tive re­sources,” along with “mon­i­tor­ing tech­nolo­gies like SIEM [ se­cu­rity in­for­ma­tion and event man­age­ment] that can pro­vide a se­cu­rity dash­board to de­tect at­tacks in their early stages when they can be more eas­ily stopped.”

“There are sev­eral good tech­nolo­gies in the mar­ket that se­cure de­vices through en­cryp­tion, poli­cies that re­strict or pro­hibit risky be­hav­iour and that pre­vent mal­ware in­fec­tions,” added Thore­sen.

As for the re­cent Rig-Net deal with his company, Coty ex­plained: “Hav­ing Threat Man­ager de­ployed with 24/ 7 Ac­tive Watch will al­low our SOC [ Se­cu­rity Op­er­a­tions Cen­tre] to re­spond to in­ci­dents quickly and ef­fi­ciently es­ca­late them for res­o­lu­tion. With NetFlow col­lec­tion we can then look for anom­alies that might oc­cur through net­work traf­fic.” But tech­nol­ogy needs to be part of an over­all company pol­icy of se­cu­rity en­force­ment. As Coty said: “Com­pa­nies need to invest in their se­cu­rity- in- depth tech­nolo­gies and support the peo­ple and process be­hind it.”

Chris Camejo, di­rec­tor of in­for­ma­tion se­cu­rity and risk man­age­ment,

NTT Com Se­cu­rity

Lars Thore­sen, CSO & CQO, Nordic re­gion, NTT Com Se­cu­rity

Vaughan O’Grady,

in­de­pen­dent telecomms writer

Stephen Coty, chief se­cu­rity evan­ge­list,

Alert Logic

Newspapers in English

Newspapers from International

© PressReader. All rights reserved.