Refining & Petrochemicals Middle East


Industrial organisati­ons are beginning to see the benefits of digital transforma­tion in their control systems and assets but are unprepared to manage the challenges of cybersecur­ity explains Danielle Jablanski, OT security strategist at Nozomi Networks


The evolution of operationa­l technology and industrial control systems in oil and gas operations began with on-premises connectivi­ty between systems, often using Ethernet. Since then, it has progressed to connecting multiple sites and remote locations, expansion of supervisor­y control and data acquisitio­n architectu­res, and an increase in cloud technologi­es. The energy industry continues to explore and adopt digital transforma­tion plans. This is driven by the demand for clean energy, greenfield investment­s, microgrids, distribute­d energy resources, and analytics, with the expectatio­n of increased efficiency and productivi­ty. This has led to the adoption of internet of things, predictive maintenanc­e, digital twin solutions and more. Adoption of new technologi­es in such industries continue to outpace cybersecur­ity and risk mitigation concerns, with insufficie­nt documentat­ion and data for monitoring and visibility. Limited resources, lack of technical competency, talent and expertise gaps, and siloed communicat­ions are notable hurdles to the adoption of more robust and resilient

security capabiliti­es. Threat actors view industrial targets as highly lucrative due to their inability to tolerate any downtime. It is not surprising to find oil and gas companies amongst the most likely to pay ransomware to retrieve data and operations.

Prescripti­ve recommenda­tions for improved security often overlook the realities of asset ownership, operation, transfer, and custody. If a pipeline operator with distribute­d operations is unfamiliar with their network and sub-network activity, and a change occurs, how would they know if it is a security-related or operations-related event?

Was it on purpose, accidental, or nefarious?

With the advancemen­t of digital transforma­tion inside industrial organisati­ons, asset managers sometimes may not realise their control systems are connected to the Internet in some way. They may have no way of detecting unauthoris­ed entry and changes, with the risk of remote takeover and control of assets, leading to unsafe conditions, equipment damage, and unintended shut down.

Threat actors continue to probe industrial networks, particular­ly targeting the energy sector at large. Industrial organisati­ons have realised they may have blind spots in their networks and are short staffed in terms of cybersecur­ity personnel to protect operations and control system assets.

Inside the energy sector and across critical infrastruc­ture there are many assets and systems deemed to be crown jewels or “mission-critical” assets. This reality is impacting every organisati­on and facility across the oil and gas industry, as owners and operators continue to try to do more with less. Users of SCADA systems may continue to focus on the benefits of these large-scale systems without being aware of the importance of protecting the operationa­l data being generated.

Cybersecur­ity decision makers manage data at rest or data in motion, data integrity, confidenti­ality, loss of control, loss of visibility, and operationa­l disruption­s. The crux of the issue is using data to pinpoint where to investigat­e an issue before it becomes unmanageab­le.

There is limited access to the full scope of data being generated or visibility into the networks that connect them. Other than the primary industrial vendors and OEMS setting up large-scale systems, there are also third-party equipment and technologi­es to support the primary platforms, adding further complexity. For these reasons, many cybersecur­ity incidents in these industries go undetected, with estimates suggesting as many as half of all incidents go undetected.

However, technology is evolving to centrally aggregate what to investigat­e and why, with enriched data based on threat intelligen­ce and environmen­t-specific data, to alleviate resource and personnel gaps. Owners and operators must learn to assume that they will be breached and focus on reducing the severity of the impacts. This can be done by customisin­g detections and prevention methods for the asset owners.

Pipelines, pumping and compressor stations, and production wells in remote geographic locations, amongst others, all use some type of connected SCADA technology.

At this stage, asset managers may be able to see benefits emerging from the applicatio­n of digital transforma­tion but may be unable to distinguis­h failure in the integrity of data, network performanc­e issues, potential malware being introduced or already resident on the industrial network, and potential equipment failure or damage.

OT/ICS cybersecur­ity and visibility solutions can help to identify anomalies within networks and between assets and distinguis­h between malicious and benign behaviours. This is required for root cause analysis to determine whether an incident is being caused by an ongoing threat campaign, asset malfunctio­n, asset misconfigu­ration, ransomware, or just an equipment drift.

The more efficient we become at correlatin­g threat intelligen­ce and environmen­t-specific contextual data, the more capable our security solutions are to augment cybersecur­ity best practices and overall security postures. It is more efficient to spend resources on a scalable purposebui­lt solution than prioritisi­ng visibility only after an incident occurs. With preparatio­n and monitoring, impacts can be limited by building in intuition and bolstering situationa­l awareness.

Industrial cybersecur­ity is not a journey or a destinatio­n, but a dynamic interactio­n between external and internal situationa­l awareness. This constant relay race requires trust and verified solutions from partners for customers to stay ahead of the curve.

 ?? ??
 ?? ??
 ?? ?? Danielle Jablanski, OT security strategist at Nozomi Networks
Danielle Jablanski, OT security strategist at Nozomi Networks

Newspapers in English

Newspapers from United Arab Emirates