You are Home   »   News   »   View Article

Palo Alto Networks - cybersecurity getting tougher for offshore

Wednesday, January 30, 2019

Oil and gas companies are getting increasingly aware of cybersecurity challenges for offshore operations since the Ukrainian electric grid cyberattack of 2015, says Palo Alto Networks.

Since Ukraine's electricity supply was cut in December 2015 due to a cyberattack, there has been increasing awareness of the susceptibility of industrial installations to hackers, says Del Rodillas, director, Industrial Cybersecurity Product Marketing (ICS, IIoT) with cybersecurity specialist Palo Alto Networks.

Cybersecurity has become a challenge for operational technology, such as automation and control systems, not just information technology, as it had largely been before, says Mr. Rodillas.

There have been a number of attacks on oil and gas operational technology, including offshore rigs, Mr Rodillas says, including with ransomware, although the details are confidential. It points to the need for organisations to 'bake in cybersecurity as they modernise their OT infrastructure.'

A cause of the increased cybersecurity threat is the increased connectivity between offshore and onshore, driven by increased desire to shift work onshore, or move offshore computer infrastructure onto cloud systems, for example to do data analysis to try to optimise maintenance scheduling.

Companies also want to open up operational technology so they can have more flexibility in general, including enabling control system vendors to service equipment remotely.

Understanding your network traffic

It would help if companies could get a more fine grained visibility over user-based and machine-to-machine network traffic which are going to and from the offshore platform as well as within production control systems, and what they are for, Mr Rodillas says. In the past, understanding was 'quite coarse grained,' with knowledge usually limited to the less intuitive parameters such as port number and destination and source IP addresses.

Palo Alto Networks has technology which enables oil companies to understand the specific users on the network and what they are doing with IT and industrial applications and protocols, and so only allow authorised individuals and devices to do certain things. Similarly, machine-to-machine traffic can also be controlled consistent with business policies. Any other traffic would not be allowed access.

The network traffic between onshore and offshore and within offshore control systems are gradually changing from serial data flows (like a river of data) to data packets. There are 'deep packet inspection' technologies available, he says. For example, it is possible to identify if someone or a machine is trying to 'write' via the MODBUS protocol, which may be indicative of a cyberincident if that user/machine should only have read only access.

To have such a system, first of all you need to build a model of your system, with an understanding of who and what should be doing which task.
Some companies are setting up 'directory services', with a database of people with specific roles, which can then be used to enforce role based access.

Segmenting the network is the next basic, but very effective step, to making offshore networks more secure. When it comes to segmenting the data traffic, you need to find something between 'no segmentation' and 'extreme segmentation', getting something in the middle where you create the right level of visibility and risk reduction, without obstructing work.

Another key component of user security is multifactor authentication. 'People say I have a VPN so I'm secure, But what happens when your credentials get stolen, which is typically the first step for a lot of these targeted attacks?' he says.

Palo Alto Networks is also looking at using machine learning to easily detect anomalies in the network traffic, which could be indicative of a hack, and automate remediative action. For example, machines utilizing previously unused applications or machines establishing connections to other machines they never talked to before could be automatically detected.

Companies also need to develop better ways to take quicker and more automated action, Mr Rodillas says. Taking an action against a threat often involves much manual work, from staff who are already very busy. It should be possible to quickly lock a suspected malicious user out of the system. 'Part of the responsibility we have as a security vendor is to make it easier for users to deploy and administer the more sophisticated security technologies,' he says.

Another useful approach is to have an integrated security system, rather than multiple point solutions that don't work well together. 'The more products you get, the harder [the system] is to administer, the risk of misconfiguration is higher, the non-correlated traffic and security logs masks possible cyberthreats and increases administrator analysis and response time,' he said.

An integrated system can provide better performance for users, better intelligence about the threats, and better overall understanding of how the network is being used, he says.

Palo Alto Networks also makes a 'virtual firewall' which can run on cloud servers, making sure that only the right sort of traffic is accessing the company's cloud data. The cloud is becoming increasingly relevant in offshore computing, with some companies diverting all traffic between onshore and offshore through a cloud system, or using it for storing and analysing offshore data, such as sensor data.

Palo Alto Networks is working with Oil and Gas companies such as Schlumberger to develop 'perimeter' security systems for its exploration, production and processing equipment, including giving it a centrally managed security architecture across the plant floor, corporate networks, and cloud systems.



Associated Companies
» Digital Energy Journal

CREATE A FREE MEMBERSHIP

To attend our free events, receive our newsletter, and receive the free colour Digital Energy Journal.

DIGITAL ENERGY JOURNAL

Latest Edition Aug-Sept 2024
Sep 2024

Download latest and back issues

COMPANIES SUPPORTING ONE OR MORE DIGITAL ENERGY JOURNAL EVENTS INCLUDE

Learn more about supporting Digital Energy Journal