The Department of Energy (DOE) in March 2018 released a 52-page report outlining its multiyear strategy to improve cybersecurity. In the report’s introduction, Assistant Secretary Bruce J. Walker noted that bad actors are increasingly targeting critical operations.
News broke that same month—through an alert issued by the Department of Homeland Security (DHS) and the FBI—that Russian government hackers had been targeting the energy sector with a “multistage intrusion campaign” since 2016. In fact, according to the DOE report, the largest percentage of cyber incidents reported to the DHS’s Industrial Control Systems Cyber Emergency Response Team came from the energy sector during the 3 years prior.
The DOE’s sense of urgency with regard to cybersecurity operations and maintenance is warranted. It represents part of increasing public awareness, evidenced by upticks in media coverage and funding for operational technology (OT)-focused cyber companies, about the growing threat landscape. To that end, the report declared three key priorities: strengthening preparedness through information-sharing and risk management; improving incident response; and accelerating research and development (R&D), with the DOE announcing $25 million in research and development funding the month after publishing its multiyear plan.
But the reality is that threats continue to outrun the energy sector’s security evolution, primarily because organizations are increasingly connecting OT, such as supervisory control and data acquisition systems and industrial control systems (ICS), to their information technology (IT) networks. While such innovation can translate to cost savings, improved functionality, and new big-data insights for energy organizations, many OT systems weren’t designed to be connected to the Internet. The blurred boundary between OT and IT also translates to a larger attack surface. Bad actors can disrupt critical infrastructure simply by targeting users with trusted access to sensitive information.
In order for the energy sector to continue evolving its cyber readiness, organizations that are blurring the lines between IT and OT need to embrace a cross-domain solution to keep the two networks separate and safe. In 2017, the energy sector had the largest number of ICS vulnerabilities, according to a Kaspersky Lab report. Indeed, the DOE acknowledged that bi-directional, real-time, machine-to-machine preparedness—or cross-domain security—is a core component of the report’s first priority.
A cross-domain security approach allows information that would otherwise be kept separate to move across networks while providing insight into what that information is doing as it passes between boundaries. Put another way, instead of seeking to identify specific “bad” traffic—things that shouldn’t be passing between the two networks—cross-domain solutions allow only known “good” data to move beyond boundaries. By inspecting the data at the application layer, a cross-domain solution can make transfer decisions at a more granular level than a firewall.
Such rigor needs to quickly become the new normal in order for the energy sector to sufficiently protect its critical infrastructure and data. Securing the OT/IT boundary balances the need for connectivity and information sharing against the need to protect data itself and the agency as a whole. In the end, cross-domain solutions ensure files and information arrive quickly at their destinations free of malware, without hampering employees’ ability to do their jobs or bogging down security analysts with millions of threat alerts and false alarms.
Read the full story here.
Don't miss our latest HSE content, delivered to your inbox twice monthly. Sign up for the HSE Now newsletter. If you are not logged in, you will receive a confirmation email that you will need to click on to confirm you want to receive the newsletter.
13 - 15 Jan 2020
- Dhahran, Saudi Arabia
Plan to participate at this unique event
20 - 22 Oct 2020
- Perth, Australia
Abstract Submission deadline 13 January 2020
22 Apr 2020
- Bergen, Norway
The SPE Norway Subsurface Conference brings together the E&P industry to expand industry technical knowledge, connect with innovators and leaders and address technical challenges facing upstream oil and gas professionals.
29 Jan 2020 22:30 GMT
- Live, then On Demand
19 - 20 Feb 2020
- Lafayette, Louisiana, USA
Covering issues related to the identification, prevention, and remediation of formation damage
HSE Now is a source for news and technical information affecting the health, safety, security, environment, and social responsibility discipline of the upstream oil and gas industry.
©2003-2019 Society of Petroleum Engineers, All Rights Reserved.