<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">

Visibility Solutions

Garland Technology is committed to educating the benefits of having a strong foundation of network visibility and access. By providing this insight we protect the security of data across your network and beyond.

Resources

Garland Technology's resource library offers free use of white papers, eBooks, use cases, infographics, data sheets, video demos and more.

Blog

The TAP into Technology blog provides the latest news and insights on network access and visibility, including: network security, network monitoring and appliance connectivity and guest blogs from Industry experts and technology partners

Partners

Our extensive technology partnership ecosystem solves critical problems when it comes to network security, monitoring, application analysis, forensics and packet inspection.

Company

Garland Technology is dedicated to high standards in quality and reliability, while delivering the greatest economical solutions for enterprise, service providers, and government agencies worldwide.

Contact

Whether you are ready to make a network TAP your foundation of visibility or just have questions, please contact us. Ask us about the Garland Difference!

Understanding Cybersecurity Challenges in the Oil and Gas Industry

Pheasant Energy is a Fort Worth based upstream oil and gas company, whose primary focus is in the mineral, royalty, and working interest subset of the industry. Being over 75 years in the business, we have learned a lot of things, among which is the fact, that if you have something valuable, there will always be someone out there trying to take it! Over this period of time the new technologies have undoubtedly re-shaped and improved the business model, and the way we run our company, but we are aware that digitization, as beneficial as it can be, can open the door for a lot of potential threat and vulnerability from third party sources.

Nowadays with continuous advancements in technologies, industries and organizations are highly vulnerable to getting hacked through cyber-attacks. More industries are bearing caution and applying more countermeasures for safeguarding systems along with data. Across different industries, companies are accelerating countermeasures and also maximizing their focus on better cyber security.

It presents the role of digitization in day to day business operations, and industries in the gas and oil sector aren't any exception. Although digitization related benefits might appear overwhelming, you'll also notice the ill-effects that leads to higher risk of hacking cyber security.

Internet facilities present on dynamic positioning navigation, offshore infrastructure and onboard GPS systems - all are available with different vulnerabilities that get exploited through cyber criminals along with the intention of operational disruptions, reputational damage, financial loss, etc.

Lots of attacks have been there on offshore gas and oil sectors like oil rig tilting, malware-infected programs, and industry control systems getting hacked. Also attacks like cyber espionage, miscellaneous errors, insider misuse, etc. also occur.

All deployed countermeasures in gas and oil platforms are outcomes of rigorous assessments for cyber security with audits covering a wide range including environmental security, physical security, offshore and onshore safety, procedures and policies, network security, host based security, etc.

Awareness and Training for Cyber Security

In modern day interconnectivity and globalization, one of the most serious threats is cyber security. It requires a great deal of attention with management taking responsibility for informing their employees through training and awareness. Around 80% of cyber security related attacks are offshore incidents and these reflect human error.

It happens due to less awareness training and it results in higher vulnerabilities in the industry. Offshore gas and oil fields have always been among the primary cybercriminal targets.

No employee training portrays having lack of policies for cyber security which directs management about essential defensive mechanism countermeasures.

Data Diode whitepaper


Unclear Policies for Cyber Security

Course of establishing a straight forward, self-explanatory and clear cyber security policy requires tremendous efforts but the outcomes are worthwhile. While many guidelines are there about developing policies for cyber security, selecting and implementing them is the management's responsibility.

Unclear policies for cyber security are none as they mislead management with employees about implementation of countermeasures. Companies have to form complete security policies, training plans for implementing them, audit for ensuring policy compliance and monitoring systems for real-time change detection.

Outdated Systems for Industrial Control

ABI study can describe Industrial Control Systems (ICS) present in gas and oil companies like "poor protection against different cyber threat possibilities. At best, they get safeguarded with professional IT solutions ill-adapted for legacy control systems like Process Control Networks (PCN). Legacy Industrial Control Systems have been softer targets for cyber-attacks as they've got minimum protection. The Advanced Persistent Threat (APT) - is an attack considered as stealthy, and can often become successful. Such types of APTs have been directed towards legacy Control System and result in a lot of damage. Industrial control systems work with extended lifecycles putting premium stability while reducing upgrade opportunities. Eventually, this poses a threat, and forms a space for progression of cyber threats.

Less Adequate Separation of IT and Industrial Networks

Lots of Gas and Oil companies combine Industrial Control Systems (ICS) and wider networks to get prompt information exchange among OT and IT environments. While it is cost-efficient it also forms vulnerable links inside systems leaving OT systems open to the public on the internet. Also cyber-attacks happening on such types of systems result in the final shutdown of the entire system. Offshore platform internet access for leisure and operational purposes have many threats and they often increase the risk of getting cyber-attack. Dependencies on OT and IT systems open doors for these types of cyber-attacks while getting safeguarded with less protection. More usage of the Remote Access through IT domain towards OT has certain risks, and when it isn't controlled and monitored properly, cyber criminals are easily able to hack it.

Fewer Measures for Network Security - Off and Onshore

Using IT protocols for Industrial Control Systems results in higher chance of cyber-attacks and this opens a backdoor to IT networks, maximizing risk on both systems. Additionally with integrated system complexity, new technologies are available like cloud platforms for functions, etc. which increases vulnerabilities and also requires adequate countermeasures for security. 

Implementation of security measures depend on architecture and type of Industrial Control System. Security measures formed also rely on the maturity of the security program of the company. The program showcases the company's cyber security methods to tackle threats and this must be a fundamental part of daily operations of any company.

Unidirectional Data Diodes

Written by Peter Yordanov

Peter Yordanov is a blogger and a writer of articles related to Investment and Finance. He is part of the team of Pheasant Energy - Fort Worth Upstream Oil and Gas Company. Passionate copywriter at heart and soul. That's why he likes to participate in various projects related to finance and investment and creates content that reaches an audience that will appreciate it.

Authors

Topics

Sign Up for Blog Updates