Oil & Gas Industry Cyber Security
Digital vulnerabilities causing unwanted incidents, highlights the need for specialist cyber security.
Cyber attacks on the Oil & Gas Industry are on the rise
The percentage of Industry Control Systems (ICS) within the Oil & Gas sector where malicious objects were blocked rose from 35.8% to 37.8% between H1 2019 and H1 2020, as measured by Kaspersky / ISSSource
As part of a major change in strategy, it now appears that Iranian hackers are shifting their focus to include physically disruptive cyber attacks on critical infrastructure targets – including targets within U.S. borders. Iranian hackers known as APT33 are now looking for ways to exploit security vulnerabilities in the industrial control systems (ICS) of manufacturing plants, energy grid operators and oil refineries.CPO Magazine
Oil & Gas Cyber Security
Industry 4.0 is nothing new for the Oil and Gas Industries. Industrial automation, control and safety systems within the oil and gas sector are fairly well digitalised. However, over the last few decades, proprietary systems have commonly been replaced with more generic, commercially available components, such as a Microsoft Windows PCs. This has led to easier windows of opportunity for cyber attacks.
With cyber attacks on the rise, experts predict that infections will become less random over the coming year, with cyber criminals spending the last few years profiling randomly infected computers connected to Operational Technology. Using the information learnt, it is predicted that cyber criminals like APT33 will launch targeted attacks to shutdown, damage or steal from the Oil & Gas sector. More then ever, companies need to deploy a robust, industry-specific security platform that can monitor and protect key systems.
Operational Technology (0T)
Safety, reliability, and availability, are clearly priority physical risks associated with oil and gas production. Traditional enterprise cyber security technology was never designed to protect interfaces in the physical world like Supervisory Control and Data Acquisition (SCADA), Industrial Control Systems (ICS), and Distributed Control Systems (DCS).
With the increase in suppliers being able to login to conduct remote support, increased digitalisation and connectivity with mainstream technology, a clear cyber security strategy is required. Generic security products can be used to gather high-level production data and monitor general activity, but alone have limited ability to protect the physical machinery.
Oil & Gas Security Platform
Fundamentals First have taken an industry standard, Operational Technology platform and combined it with an enterprise Security Operations Centre (SOC). Not only can we offer you state of the art protection within your refinery, but we can also patch, monitor, and proactively hunt security issues across your desktop, server and network estate.
Put yourself in control, with a single pane of glass service that protects both your corporate technology and Operational Technology in one.
“Develop an integrated security strategy across IT, OT and Risk teams.”
“Complex and high impact cyber attacks which target operational industries are increasing exponentially. Many styles of Operational Technology cyber attacks are being seen, from malware attacks targeting safety systems, to ransomware locking companies out of their core IT systems. Focus on a holistic approach that covers general controls, enterprise architecture, enterprise risk management, IT service management, physical security, IT security, and OT security.”
Increased Cyber Risk
The oil and gas industry is one of the most powerful financial sectors in the world, and one that can cause the most significant impacts to everyday lives and economies when critical issues occur. In a 2019 security survey conducted by Ernst & Young Global (EY) of 40 participants from the oil and gas industry, it was discovered that 87% of respondents did not thoroughly understand the ramifications of their new policy and strategies for cyber protection.
Supercharge your cyber strategy with a platform that can visibly map all assets in the plant, create segmented security zones, monitor and block unusual activity, and validate raw electrical signals from devices. Backed by a team of trained security professionals, you can demonstrate control and adequate cyber security protection is in place, to any regulator.
Operational Technology Cyber Security Platform Benefits
24×7 Remote OT Monitoring
A hack originating from India, using the notorious Shamoon virus, hit the Italian oil services firm Saipem in 2018. The attack crippled over 300 servers and 100 workstations across Saudi Arabia, the United Arab Emirates and Kuwait. No data was lost, however significant work was required to restore all systems from backups.Saipem
Get In Touch
Operating a refinery without the appropriate Operational Technology cyber security is high risk.
To help you discover your level of risk, and to illustrate return on investment, we offer you a free consultation. Based on the consultation, a set of recommendations will be presented.
We help businesses of all sizes release their potential
Get in touch and we’ll advise how we can help.