Securing Against Cyberattacks
Published by Aimee Knight,
Sanjay Singam, ITC Global, USA, discusses how a secure network is important in order for a company to run efficiently.
Customers operating in remote and harsh environments within highly competitive market segments like oil and gas recognise that the protection of data is growing in importance each day. This is especially true within the resource sectors. With the ever-growing digital oilfield, the industry is becoming a much bigger target for cybercrimes. As operators increase the number of data-heavy links and connections to vessels, implement cloud-based networks and boost application use, cyberattacks are growing in frequency, sophistication and impact. To combat these risks, it is expected that oil and gas companies will spend close to US$2 billion on cybersecurity measures this year.
Despite these efforts, a significant number of companies in the industry are still lagging behind when it comes to taking action to secure their networks. Increased automation and data integration open companies up to all kinds of risks and threats, and the oil and gas industry is no exception.
An unsecure network not only opens the company up to business risks, but can also endanger the personal data and well-being of the crew members in the offshore environment. Cybercriminals can create a wide range of damage, and depending on the criminals’ intent, breaches can turn from minor inconveniences to serious catastrophes. A few of the risks associated with cyberattacks are:
Breach of confidential or proprietary data
Whether it is data related to the amount of product a company is producing, client details, business costs and breakdowns, technological implementations or even the personal information of crew members, a breach in data can cost a company money as well as its reputation as a trustworthy organisation.
Depending on the reasons behind a hacker’s attacks, sabotage is a common outcome. This could affect technology and equipment, and shut down operations on a vessel or rig for minutes, hours or even days. Any length of time with unexpected delays or shutdowns can cost a large amount of money and put unneeded stress on production timelines.
Open companies up to fines
Data breaches or equipment failures can open a company up to fines, not only with local authorities if failures are threatening surrounding areas, but also with regulatory bodies. These additional costs and legal battles can further hinder a company’s bottom line.
Loss of customers or product as a result of the breach
Any type of cyberattack puts the company’s reputation at risk. Current customers lose trust in a company that has allowed their proprietary information to be stolen or tampered with, or if the company has not been able to deliver products on schedule due to unexpected downtime. Similarly, new customers may not want to do business with a company that is known to put their own data or business at risk.
Evaluating cybersecurity needs
When looking into developing a cybersecurity system or improving one already in place, companies should first look at what their network is worth to evaluate their needs. This includes asking the hard questions:
- What data might be most at risk from a cyberattack?
- What practices are in place to reduce accidental or deliberate employee threats?
- Does the company already have a cybersecurity policy or network solution?
If a solution or plan is already in place, additional questions must be answered to establish the effectiveness and efficiency of the solution. Companies need to assess how redundant and resilient their network truly is. With the remote locations of many customers’ vessels and rigs in the offshore oil and gas environment, network redundancies are critical, but not always easy to implement unless working with a true global connectivity partner that builds network security into initial connectivity designs. Networks with multiple layers of redundancy including beam, teleport and azimuth diversity allow for the highest level of service availability, while also ensuring maximum data protection.
It is also important for an organisation to evaluate the effectiveness of their network security solutions and to review the level of transparency offered by any network security partners or providers they leverage as part of their overall cybersecurity programme. From service inception through the entire life cycle, companies must have a full understanding of security measures built into their network design and extensive visibility into their infrastructure through real time network monitoring tools. If there is no transparency and confidence in a network’s security, the company is taking a chance and putting itself at risk. Companies should be able to see and discuss what security measures are in place with their providers to make sure all needs are covered and to stay ahead of security trends.
By knowing the answers to these questions, companies can determine next steps in terms of augmenting their security solutions or developing something from scratch. Working with a proven network provider with a track record for proactively building security into network designs ensures that companies get the cybersecurity solution that best fits their needs, while also enabling their business.
Additionally, it is important to evaluate the risks coming from within the company. Untrained employees pose the biggest security risk to a business, even more so than outside factors. Most major breaches are unintentional and occur because employees are not properly trained to handle the myriad of cybersecurity threats that are prevalent today. Both C-suite executives and lower-level employees should be taught what to avoid and what to look out for during their daily activities. This includes those working in the offshore environment and at an onshore control centre.
Something as simple as plugging in a personal smartphone or an unencrypted flash drive can open the network and data up to ransomware and cyberattacks. Without the proper training and awareness, an employee could unintentionally put the company at risk. Completing awareness training when on-boarding new employees and mandating regular follow-up training sessions are two great ways to set employees up for success and keep them aware of new potential risks when systems inevitably update.
Separating non-corporate connectivity needs
Separating non-corporate connectivity needs, including crew welfare, is another easy step that can have a tremendous positive impact on a company’s cybersecurity posture. With the demand for connectivity rising at an extreme rate, regardless of location, companies have to think about how they can provide their crew members with the ability to stay connected to friends and family even in the most remote environments without opening up their business networks to increased cyber risks or a decrease in operational efficiency.
Staff and crew welfare is an important part of every company, and connectivity is becoming a non-negotiable part of the requirements for happy and healthy remote workers. As companies look into the increased bandwidth required for crew and passenger communications, they must evaluate network offerings and solutions that best fit their needs. Ideally, the right solution will provide this increased bandwidth without sacrificing the connection required for secure, daily operational needs and emergency communications.
Many global satellite communications providers supply solutions that enable customers to allocate bandwidth without sacrificing operational connectivity. These segregated systems (i.e. modems and network hardware) provide the necessary separation between the crew and corporate systems to help ensure that if one portion of the network becomes compromised, the entire system is not affected. Some providers also supply network management resources to ensure the network is designed to specifically align with the customer’s requirements in terms of cost and efficiency.
One of these solutions is ITC Global’s Crew LIVE, a crew welfare platform that enables customers to stay connected and productive, while remaining confident that their connections and data are secure. Powered by connectivity through the Panasonic Network and designed to separate traffic for remote personnel and business operations, this solution helps eliminate security threats associated with after-hours devices connected across the same link that handles corporate traffic. Alleviating these competing usage priorities provides an optimal user experience for everyone during work and leisure time. These types of solutions provide crew members with the ability to stay up-to-date with business back at home, watch movies and connect with family and friends, all while giving the company peace of mind that its business network is safe and secure from both outside attacks and user error. Offloading cybersecurity threats that are generally prevalent on the internet can also alleviate internal IT resource needs, thereby reducing costs and increasing focus on the business.
Maintaining a secure network
From incidental damage that may occur to network infrastructure merely by being exposed to a compromised laptop, to deliberate damage by virtue of a targeted network attack, protection against cyberthreats requires a multifaceted approach.
This approach to network solutions includes a comprehensive understanding of customers’ networks with multiple layers of security implemented to mitigate the impact of a compromise or breach of any one layer. For example, device-appropriate filtering may be applied at several levels and points on the network including on the edge Ethernet switch, the edge router, the satellite transport layer and in the routers and firewall at the teleport. Implementing this approach requires an intricate understanding of the end-to-end network design and end-to-end traffic flows, while providing a flexible network design. This means that security is applied across hardware from multiple vendors, and on multiple models of equipment. This approach offers systemic diversity – helping to mitigate vulnerability in any one specific device.
A compromised device with this approach would result in unexpected traffic being seen by the layer(s) on either side of the compromised device, thus drawing attention to the breach. Multiple layers significantly increase the time it takes for a malicious attacker to compromise the network. This gives additional time for intrusion detection systems to signal a security risk, and enables network engineers to respond and address the threat.
Intrusion detection and artificial intelligence
The right network provider will supply a highly skilled, experienced team to reinforce the network security backbone by focusing on all types of monitoring including network audits, threat intelligence, security incident reviews and malware analysis. This monitoring allows the customer to respond immediately and stay ahead of attacker trends. With this approach, hacking community trends are regularly and proactively scanned to understand and defend against new and developing security threats.
In addition to threat intelligence advanced warning capabilities, this approach incorporates artificial intelligence into its intrusion detection and prevention software, which anticipates future network security issues. Breach assessment activities also enable proactive analysis to give the company and its customers visibility into unidentified security threats before any negative impact occurs.
Internet access and hub firewalling
A strong cybersecurity solution should include at least two diverse internet transit ports with separate providers. Each of these transit ports should be equipped with firewall and security Intrusion Detection System (IDS) or Intrusion Protection System (IPS) equipment. Access to firewalls should only be authorised to a short list of individuals, enabling all changes and modifications to be monitored through the individual’s access. Firewalls should also be established at all data centres and teleports as well as at the network edge. This helps mitigate illegitimate or threatening traffic.
Cybersecurity best practices and technology
In addition to the practices and approaches listed above, a safe and secure solution should include multiple layers of resiliency and technologies to help mitigate threats at all possible points of entry into the network. These may include malware analysis, network device hardening, ongoing pen testing and dynamic rotation of passwords on network elements.
Ultimately, a secure, safe network operates much more efficiently than a network that is open to threats. Keeping security standards up-to-date helps keep customer networks operational and brand reputation strong despite the constantly changing digital landscape. By limiting the risks of security threats to the network, companies can rest easy knowing the downtime involved in those repairs or updates will be miniscule, enabling the vessel or rig to continue production without unnecessary and costly breaks. Having the right partner can help establish the best cybersecurity solutions to fit a customer’s specific needs.
Read the article online at: https://www.oilfieldtechnology.com/digital-oilfield/18032019/securing-against-cyberattacks/
You might also like
Halliburton upgrades Norwegian Petroleum national data repository
The company has announced the launch of the Diskos 2.0 National Data Repository (NDR) for the Norwegian Petroleum Directorate.