New world, new threats

Olatunde Williams, Motorola Solutions, Europe & Africa, reports on the evolution of the digital oilfield and the cyber threat.

Driven by rising costs in exploration and production, increasing competitive intensity and regulatory pressures, oil and gas companies are looking for new ways to increase production capacity and improve operational efficiencies. This has led to the rapid adoption of digital technologies implemented across operations, creating what is now called the ‘digital oilfield’.

Cyber threats across the digital oilfield.

Oil companies can realise vast gains as data is integrated and analysed in real-time, reducing operational costs, improving efficiency and production, and helping to comply with regulations. Considering a single oil rig can produce in excess of a terabyte of data every day, maintaining a digital oilfield requires tight integration of internet protocol (IP) communication technologies. Extending high availability communication networks into the field enables the seamless mobilisation of this information to realise new production efficiencies and safety benefits.

The digital oilfield fuses two different technologies together using open IT protocols: operational technology (OT) with supervisory control and data acquisition (SCADA) and back office enterprise IT systems. SCADA provides the controls for complex oil and gas production and centralised monitoring and control of hundreds of thousands of geographically dispersed meters and sensors that enable advances in operations through horizontal drilling and multilateral wells, and allow for superior surveillance of pipelines. The real time visibility into operations allows companies to better control costs and optimise the performance of employees, assets and facilities.

At the heart of the digital oilfield are advanced SCADA remote terminal units (RTUs) that provide a powerful platform for measuring and controlling key production parameters such as oil and gas flow rates, line and wellhead pressure, status of pump operation and monitoring of tank level. Modern RTUs automate oil and gas production processes by performing complex calculation tasks faster, holding larger local databases and controlling remote sites without active intervention from the control centre. Additional functions can be integrated to achieve enhanced system monitoring and control of leakages, fire detection and emergency shutdown (ESD).

RTUs are connected via IP networks to allow companies to continuously process real-time information. Oil and gas companies will also depend on digital distributed control systems (DCS) to control refining processes and programmable logic controllers (PLCs) for industrial equipment and processes. Mission-critical data connectivity provided by advanced IP-based digital land mobile radio (LMR) or mobile broadband LTE enables multiple applications to be supported at remote sites. With the overwhelming amount of data flooding through the oil and gas value chain, there is also an increasing interest in highly reliable broadband networks that are able to support extreme amounts of data transfer over large, isolated areas to remote sites such as metering stations and well sites in which real-time monitoring and communication are imperative. Process automation enabled through LTE networks, together with LMR and SCADA RTUs, help reduce the amount of manpower required to reliably collect and transmit information from remote locations. As well as being integrated with SCADA and back office IT systems, advanced IP-based radio systems, such as P25 and TETRA, also enable greater workforce efficiency and safer work practices by offering integrated field voice and data communication services.

TETRA ATEX digital two-way radio extends communications in hazardous environments.

To ensure the most productive operations, oilfield facilities require efficient flow of data to all relevant parties. But often, each entity uses its own communications system, leading to less-than-optimal drawbacks such as communications lag and poor ability to monitor. Disparate networks and a myriad of communication devices typically compound the challenge. The digital oilfield supports the deployment of a distributed interoperability platform optimised for integrating and transporting real-time voice and data securely over any network. This connects all of these players, whether on two-way radios, telephony, other legacy or modern communication systems, driving seamless communications from multiple and remote locations. This secure mobilisation of voice and data is helping oil and gas companies make better decisions, and is helping reduce the risk of downtime by improving collaboration.

By migrating to the digital oilfield, companies are realising vast gains from new insights and actions as data is integrated and analysed in real-time. But the combination of open standard based IP protocols and integration into back office systems also puts companies at considerable risk from cyber attacks.

Cyber threats within the digital oilfield

The downside of the transition to the digital oilfield is the exposure to serious cyber attacks, putting production, reputation, and ultimately profits at risk. Security threats continue to grow across all industries and geographies, and the oil and gas industry is certainly not immune to this threat. While IT and OT share many similarities, it is important to recognise that cyber threats in the oilfield industry are also far more likely to have real world consequences compared to most enterprise organisations: personal injury, catastrophic equipment damage, lost production capacity and environmental impact are all possible in addition to the loss of intellectual property, corporate profitability and the possible violation of legal and regulatory requirements.

According to the independent research organisation Ponemon, companies in energy and utilities recorded average annual costs due to cybercrimes of US$19.78 million, second only to firms in the defence industry. An ABI Research study recently predicted that globally, cyber attacks against oil and gas infrastructure will cost companies US$1.87 billion by 2018.

Digital radio communications support multiple applications for workers.

While newer technologies such as those controlling drilling rigs and cloud-based services can be subject to probes or attacks, so too are once-isolated plant control systems that are now integrated with corporate networks or vendors. Even private smartphones and devices used by company employees potentially open up a business’ network to an increasing number of threats and malicious behaviour. It is well known that hardly any of these mobile devices have encryption protection. Such threats can target data at rest on the device and can be introduced through online web surfing.

In short, wherever there is digitally enabled technology or an intelligent device, even a simple device that controls a valve on the pipeline, there is a risk of it being used as a portal and taken over without authorisation.

The harsh reality is that oilfields are a prime target for malicious cyber attacks for a range of reasons – from those seeking to accomplish political goals, through disgruntled employees wanting revenge, to groups targeting financial gain or access to valuable, proprietary data on reserves and discoveries.Whatever the motivation, high downtime costs and attack frequency rates necessitate strong cybersecurity protocols.

With oilfield critical infrastructure becoming a key target, this raises the importance of securing integrated control systems (ICS), SCADA or other similar which ensure the wellbeing of oil and gas facilities. In many cases, the ICS technology is outdated, resulting in inefficiencies and unsecured systems that can present a security risk as SCADA and IT environments converge.

The heart of the digital oilfield

Historically there had been a small number of incidents due to the relative isolation of older, autonomous control systems; prior to 2000, many ICS relied on proprietary networks and hardware and were not connected to other networks. The numbers of attacks have dramatically increase since then, from opportunistic viruses, trojans and worms introduced via the internet to a surprisingly large number that represent direct acts of sabotage that show a higher level of malicious technical sophistication. The emergence of Stuxnet, the first malware created specifically to target ICS, signalled a true paradigm shift for the control systems community in 2010. It showed that organisations must be operationally prepared with tools, systems, and personnel to detect malicious activity and effectively mitigate the impact to their control systems. Stuxnet highlighted the interdependencies and vulnerabilities of legacy control systems and demonstrated that motivated groups are interested in attacking critical infrastructure.

As the continued pervasiveness of internet connections and the adoption of open standards for computing hardware, operating systems and software increases the overall system availability and reliability of ICS, it is critical that these upgrades do not increase exposure to outside forces and introduce new vulnerabilities. Only then can the digital oilfield successfully leverage the power of distributed intelligence and high-speed, broadband communication.The convergence of OT and IT environments is not the only security issue causing concern within the digital oilfield. Cyber criminals are targeting the entire spectrum of potentially valuable data: data at rest, data in transit and data in use, making the data centre the second key point of attack, whether from malware, spear fishing, insider or persistent threats and denial of service.

The more oil and gas companies depend on the transmission of data to apprise management of new oilfield discoveries, productivity levels and other mission critical data, the greater the efforts to breach systems to gain unauthorised access to this goldmine of data as it is being transmitted within SCADA systems and through corporate or enterprise local area networks (LANs).

Malware is malicious software developed to target IT data assets such as those stored on servers, data sent by emails and stored on mobile devices and even information backed up on USB memory sticks. If a competitor steals blueprints to a company’s key pipelines, it could disable operations and cause serious economic damage. Even two-way radio systems that are considered ‘isolated’ from the IT network can be vulnerable to malware attacks. Spear fishing on the other hand targets human weaknesses with social tactics such as deception, manipulation and intimidation, exploiting this weak point to generate data breaches. The Dragonfly, or Energetic Bear malware was crafted to allow its operators to monitor energy consumption in real-time, or to cripple physical systems such as gas pipelines. W32.Flamer effectively forced Iran to disconnect key oil facilities after the virus attacked internal computer systems.

Advanced persistent threats (APTs) use targeted attacks as part of a longer-term campaign of espionage and sabotage, typically targeting high value critical infrastructure assets. In the Shamoon attack, nearly 30 000 hard drives were subject to a massive cyber attack at Saudi Aramco. The crime destroyed data on the oil and natural gas company’s Windows-based machines, and the hardware had to be replaced.

Denial of service (DoS) is a strategy used to disrupt by delaying or blocking the flow of information through communication networks. A successful DoS attack on and oil and gas control system could deny availability of the networks to control system operators with debilitating effect.

What unites many of these cyber attacks and intrusions is that they are closely followed by extortion demands, which generates a high level of suspicion of insider knowledge. Ponemon identified that the most costly cyber crimes are those caused by malicious insiders, denial of service and web-based accounts.

Best practice for cyber security throughout the digital oilfield

The digital oilfield brings huge advantages and tremendous issues should a company’s systems be hacked or compromised. But there are solutions for protecting SCADA systems, mobile communication networks, smart sensors or other physical assets. Where oil and gas companies can stumble is when they fail to address vulnerable interfaces between their diverse systems or consider how their security infrastructure functions as a whole.So what are the best practices to improve the security posture of the OT and IT systems that make up the digital oilfield? First and foremost, be able to identify an organisation’s business objectives and high-value assets, and then conduct risk assessments to find any vulnerability. Establish defences to block intruders before they reach critical business assets, and educate employees to recognise and avoid phishing attacks. Use the right tools to gain a comprehensive view of the security environment and monitor potential threats both externally and internally. With the speed and intelligence of many of today’s cyber attacks, cyber breaches may still occur, even in the most secure infrastructure. Having a contingency plan in place can help ensure an immediate response if a breach should occur.

In short the mantra for a healthy digital oilfield is know for an operator to know his critical assets, protect the IT radio network and OT environments, detect potential threats before they occur and be able to quickly respond and recover.

Read the article online at: https://www.oilfieldtechnology.com/special-reports/19082015/new-world-new-threats/