Security professionals working together to defend against rising cyber threats in energy

The idea of cyber-attacks causing severe physical damage to power plants and oil refineries is no longer a hypothetical for the screenplays; in today’s world, it’s the subject of real news headlines.Cyber attackers are targeting energy and oil and gas organisations like never before, and the need for better industrial cybersecurity is real.

In a recent Tripwire survey, 70% of security professionals in the energy industry said they are concerned that a successful cyberattack could cause a catastrophic failure, such as an explosion, says Tim Erlin is VP of Product Management & Strategy at Tripwire.

In the past, energy organisations and other industrial operators only had to worry about physical security. Now that most industrial control systems (ICS) are connected to the Internet, the energy industry needs to pay attention to new cyber threats. We commonly hear about hackers breaking into computer systems to steal data, typically for financial gain. With critical infrastructure, however, cyberattacks can disrupt critical operations, damage physical equipment and even cause loss of life. We’re seeing more and more real-life examples of this.

In a recent historical moment, the FBI and Department of Homeland Security issued a joint report describing a massive Russian hacking campaign to infiltrate America’s critical infrastructure. In a first, the US government publicly blamed Russia’s government for attacks on energy infrastructure.

We’ve also seen discoveries like Triton (aka Trisis), which shut down a Saudi petrochemical plant last year and is believed to have been designed to cause an explosion. Six months before that came Industroyer, modular malware which can take down ICS systems by speaking to industrial communication protocols and deploying wiper malware.

Responding to the threat

In Tripwire’s survey of security professionals in the energy industry, 59% said their companies increased security investments because of ICS-targeted attacks like Trisis/Triton, Industroyer/CrashOverride and Stuxnet. However, many feel they still don’t have the proper level of investment to meet ICS security goals.

More than half (56% ) of respondents to Tripwire’s survey felt it would take a significant attack to get their companies to invest in security properly. This may be why just 35% of participants are taking a multilayered approach to ICS security – widely recognised as a best practice. 34% said they were focusing primarily on network security and 14% on ICS device security.

The other challenge in industrial cybersecurity is organisational: the longstanding divide between information technology (IT) and operational technology (OT) teams. According to the Tripwire survey, however, 73% of participants said that their IT and OT teams are working better together now than compared to the past.

Organisations are realising they have no choice but to get their teams to work together as the threat of attack continues to rise. In the survey, IT and OT teams were aligned on what could happen if they don’t get industrial security right, such as operational shutdown and the safety of their employees.

While collaboration is certainly improving, most of our survey respondents suggested that IT still leads the initiative. When asked whether IT or OT teams were taking the lead on ICS security needs, 50% of total participants said IT, 35% said its evenly shared between IT and OT and 15% said OT.

Tim Erlin

It’s not surprising to see IT teams taking the lead, as they typically have more history with cybersecurity. The digital threat is relatively new for the OT side of the house. That said, operational environments are very different from IT environments, and successful converged teams let their OT counterparts lead when they have the expertise. Partnership from the OT team is absolutely crucial in implementing an ICS security program that won’t disrupt operations.

A three-step approach for building defense-in-depth:

While not as easy as 1-2-3, organisations can approach industrial cybersecurity in three steps:

First, secure the network. Organisations should segment networks by implementing the ISA IEC 62443 standard, secure all wireless applications, and deploy secure remote access solutions for troubleshooting and problem-solving. Companies should also monitor their networks including industrial network infrastructure equipment.

Second, secure the endpoints. This can start with investing in asset discovery and creating an inventory of endpoints on the network. Organisations must then ensure endpoints are securely configured and monitored for changes.

Third, secure the controllers. Companies can better protect ICS by enhancing detection capabilities and network visibility by implementing security measures for vulnerable controllers, monitoring for suspicious access and change control, and detecting/containing threats in a timely manner.

The physical and digital worlds continue to converge, bringing along new opportunities for better productivity and optimised operations. It’s important, however, to integrate security into the digital transformation journey to protect critical infrastructure from new digital threats.

Comment on this article below or via Twitter: @IoTNow OR @jcIoTnow

FEATURED IoT STORIES

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, iot home automation is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
RECENT ARTICLES

OCF celebrates pulse systems’ installation of newly certified IoT platform for smart lighting

Posted on: December 6, 2021

The Open Connectivity Foundation (OCF) has announced the first installation of the recently-certified low power IoT platform, from OCF member Cascoda, that combines the end-to-end security benefits of OCF and the low power, wide-area coverage advantages of Thread.

Read more

Green Custard Ltd develop robust predictive maintenance system for Martin Engineering Ltd

Posted on: December 6, 2021

Green Custard Ltd, a professional services company and AWS Advanced Consulting partner, together with Eseye Ltd (also an AWS partner) has been selected by Martin Engineering Ltd to build a global predictive maintenance and monitoring platform on AWS so their localised US platform can be rolled out internationally.

Read more