The Department of Energy (DOE) in March 2018 released a 52-page report outlining its multiyear strategy to improve cybersecurity. In the report’s introduction, Assistant Secretary Bruce J. Walker noted that bad actors are increasingly targeting critical operations.
News broke that same month—through an alert issued by the Department of Homeland Security (DHS) and the FBI—that Russian government hackers had been targeting the energy sector with a “multistage intrusion campaign” since 2016. In fact, according to the DOE report, the largest percentage of cyber incidents reported to the DHS’s Industrial Control Systems Cyber Emergency Response Team came from the energy sector during the 3 years prior.
The DOE’s sense of urgency with regard to cybersecurity operations and maintenance is warranted. It represents part of increasing public awareness, evidenced by upticks in media coverage and funding for operational technology (OT)-focused cyber companies, about the growing threat landscape. To that end, the report declared three key priorities: strengthening preparedness through information-sharing and risk management; improving incident response; and accelerating research and development (R&D), with the DOE announcing $25 million in research and development funding the month after publishing its multiyear plan.
But the reality is that threats continue to outrun the energy sector’s security evolution, primarily because organizations are increasingly connecting OT, such as supervisory control and data acquisition systems and industrial control systems (ICS), to their information technology (IT) networks. While such innovation can translate to cost savings, improved functionality, and new big-data insights for energy organizations, many OT systems weren’t designed to be connected to the Internet. The blurred boundary between OT and IT also translates to a larger attack surface. Bad actors can disrupt critical infrastructure simply by targeting users with trusted access to sensitive information.
In order for the energy sector to continue evolving its cyber readiness, organizations that are blurring the lines between IT and OT need to embrace a cross-domain solution to keep the two networks separate and safe. In 2017, the energy sector had the largest number of ICS vulnerabilities, according to a Kaspersky Lab report. Indeed, the DOE acknowledged that bi-directional, real-time, machine-to-machine preparedness—or cross-domain security—is a core component of the report’s first priority.
A cross-domain security approach allows information that would otherwise be kept separate to move across networks while providing insight into what that information is doing as it passes between boundaries. Put another way, instead of seeking to identify specific “bad” traffic—things that shouldn’t be passing between the two networks—cross-domain solutions allow only known “good” data to move beyond boundaries. By inspecting the data at the application layer, a cross-domain solution can make transfer decisions at a more granular level than a firewall.
Such rigor needs to quickly become the new normal in order for the energy sector to sufficiently protect its critical infrastructure and data. Securing the OT/IT boundary balances the need for connectivity and information sharing against the need to protect data itself and the agency as a whole. In the end, cross-domain solutions ensure files and information arrive quickly at their destinations free of malware, without hampering employees’ ability to do their jobs or bogging down security analysts with millions of threat alerts and false alarms.
Read the full story here.
Don't miss our latest HSE content, delivered to your inbox twice monthly. Sign up for the HSE Now newsletter. If you are not logged in, you will receive a confirmation email that you will need to click on to confirm you want to receive the newsletter.
15 - 16 Sep 2020
- Brisbane, Australia
We are in the throes of an energy transition - our energy system is evolving rapidly and diversifying, decarbonising and decentralising.
7 - 10 Dec 2020
- Amsterdam, The Netherlands
Delivery for the Energy Challenge: Today and Tomorrow
19 Jul 2020
- Austin, Texas
This one-day session will include a view of best practices for Carbon Management with a focus on fugitive methane reduction.
17 - 19 Aug 2020
- Kuala Lumpur, Malaysia
Where Energy Professionals Exchange Ideas
14 - 16 Sep 2020
- Muscat, Oman
Shaping the Future of the Energy Industry.
28 Apr 2020
- Brisbane, Australia
This one-day session features view on best practices for Carbon Management with a focus on fugitive methane reduction.
2 - 3 Sep 2020
- Beirut, Lebanon
Join peers and colleagues at this premier event
HSE Now is a source for news and technical information affecting the health, safety, security, environment, and social responsibility discipline of the upstream oil and gas industry.
©2003-2020 Society of Petroleum Engineers, All Rights Reserved.