The oil and gas industry has been an industry of change over the last decade. Market pressures and costs have driven significant technological advances in automation and industrial connectivity across all aspects of petroleum extraction, pipeline transport and refining.
However, with these advances in connectivity, SCADA, distributed control systems (DCS) and pipeline systems are now exposed to more cyber risks than ever before. For example, according to a study released by the Ponemon Institute, 35 percent of industry survey respondents claimed that the deployment of cybersecurity measures in the industry are not keeping pace with the growth of digitalization. Additionally, 61 percent reported that their organization’s industrial control system (ICS) security was not adequate. This reality highlights the need for a more defined approach to selecting and deploying an ICS cybersecurity solution that can simultaneously secure SCADA and leverage the power of automation and artificial intelligence (A.I.) to achieve operational excellence.
Like many other industrial verticals, the oil and gas industry is increasingly in need of an ICS cybersecurity solution that works in concert with legacy and new ICS operations, as well as supporting geo-distributed networks with automated learning and A.I. Here are a couple of key oil and gas use case examples that highlight functions and capabilities both OT and IT professionals working in the oil and gas field should look for in ICS cybersecurity technologies and solutions.
Quality assurance and quality control (QA/QC) is big business — and a big undertaking for oil and gas operations teams.
Typically, within the command structure between DCS/SCADA, each controller and endpoint must be tested under various process stress-factors and reported in a full-loop test. For example, a test engineer must command a valve to turn a certain percentage under various operational circumstances and record implications on things like latency, availability and failure risk. This must be done in compliance with various regulations and reported. If a network or device is added into the DCS/SCADA, the process must be repeated. This is arduous and resource-intensive; even more so for remote pipeline networks. However, truly passive ICS cybersecurity technologies offering anomaly detection and robust reporting capabilities are able to make these processes more efficient and concise for operators onsite in the midstream pipeline network via remote access control.
With an ICS cybersecurity solution that offers the automation of pertinent queries based upon automated learning, ICS data is continuously embedded into the system recognition and anonymous recognition engine without injecting data into the network. This defines what it means to have a “passive” ICS cybersecurity solution, and it is critically important because it allows automated machine learning to occur without impacting production with out-of-network data. There is no impact on latency, no risk of intrusion and no risk of network downtime.
Network aggregation speaks to the capability of oil and gas operations to scale the reach of their cybersecurity strategy with ease. ICS cybersecurity solutions provide operations the ability to control and monitor networks even across multiple site locations. This is important for achieving operational excellence in any large-scale oil and gas control endeavor. Typically, this is achieved with a multi-tiered ICS cybersecurity approach whereby geo-distributed networks with passive ICS cybersecurity appliances are linked together with a centralized console or virtual interface that allows offsite control to monitor things like latency, asset data utilization and risk in real-time. Of course, a centralized control offsite is only as valuable as the data that the ICS cybersecurity appliances in the field are able to provide. Without an automated machine learning or A.I. capability, network aggregation cannot support robust ICS cybersecurity strategy.
How does automation and A.I. support network aggregation exactly? Well, first and foremost, it serves as the foundation. For example, if new nodes are discovered within a subnet on a platform or erratic changes in latency occur, the incident will be automatically identified locally as well as at the control level using a centralized console. With this approach, field operations and centralized control can work in concert to identify, evaluate and consistently improve operations and mitigate risk. This Is directly applicable to SCADA, DCS and pipeline sensor networks where traffic flows and accurate readings are critical to identifying potential points of failure.
Furthermore, automated learning and A.I. allows OT and IT users alike to clone useful dashboards and network queries for new ICS cybersecurity appliance and centralized consul deployments. Users can quickly duplicate things like table views, compliance metrics and report templates to achieve a unified enterprise approach to ICS security and operational management. Users can also quickly install and rollback software updates and compare device and networks traffic from site to site. This significantly reduces mitigation, troubleshooting and forensic efforts with clearly communicated critical alerts, key performance indicators (KPIs) and time-machine capabilities.
A global oil and gas company was looking for a way to implement a comprehensive ICS cybersecurity solution that could be deployed across multiple onshore and offshore drilling platforms. Assets in the field needed to be aggregated and monitored via remote access, and could not impact network traffic.
The solution deployed leverages a passive approach providing asset discovery, machine learning and anomalous activity recognition across the entire DCS, SCADA and pipeline network environment. On each platform, operations utilize a localized security model that allows them to monitor, map and conduct active analysis on dataflow of all devices within and between their operations. Sensor data across remote pipeline links between platforms and downstream operations are monitored in real-time.
Meanwhile, centralized onshore control can aggregate and monitor all operations offshore using a centralized console that provides real-time cybersecurity and operational visibility, facilitating central management of their decentralized operations. Commissioning, asset monitoring and dispersed DCS operations are not only secured, but centrally available at tiered control centers for maximum operational visibility and analysis.
Automation + Artificial Intelligence
Automation and artificial intelligence should be key components to ICS cybersecurity — especially within oil and gas. Whether it is commissioning a network or aggregating asset views of various sites, an ICS cybersecurity solution can offer so much more than security alone. It is imperative to evaluate ICS cybersecurity technologies on their ability to meet the functional needs of OT and IT operations at various levels of control to mitigate and reduce incidents causing delays, shutdowns and lost productivity.
Moreno Carullo is cofounder and chief technical officer for Nozomi Networks. Moreno previously worked at 7Pixel (formerly part of Ricardo.ch AG) as technical manager of the development teams and technical advisor to the CTO. He earned a Ph.D. in artificial intelligence and has experience in building intelligent and self-adaptive systems.