Showing posts with label industrial cybersecurity. Show all posts
Showing posts with label industrial cybersecurity. Show all posts

Tuesday, November 28, 2017

Pipeline Cyber Security

binary stream representing industrial process control network data transfer and cyber security threat
Cybersecurity is a process control challenge that consistently evolves as new technologies come into use and new threats emerge. Since process control methods are constantly developing, the protective measures need to match the rate of change to ensure adequate levels of protection are in place. Pipelines used in the oil and gas industry, as well as in the transportation of a multitude of liquid and gaseous products, account for more than 2.3 million miles of process piping in the United States.  Natural gas pipelines are commonly monitored and controlled by, for example, programmable logic controllers or other microprocessor and communications based systems, responsible for flow regulation and various process conditions. Because of the prevalence of these systems, they are a target of increasing attacks, on both PLCs and other SCADA related devices, such as compressors, remote terminal units, communication networks, and other critical process infrastructure elements.

While developments in technology have provided operating advantages and improvements to the process industries, the more complex and advanced the systems may also increase the exposure to malicious penetration and mischief by unauthorized parties (hackers). Because of this, diligence by industry professionals, while always a strong component of protecting against outside threats, has been augmented via new guidelines meant to better prepare all process operators against more coordinated cyber-attacks.

Basic preventative measures, such as a firewall, are no longer a sufficient bulwark against the increasing threats. Instead, the entire process must be evaluated and monitored so that each individual piece of the network is understood fully. If a part of the system starts behaving in an abnormal way, then an understanding of what that specific PLC or component affects must be immediately known. The most effective protective programs will be able to function without needing any downtime, and will also be able to learn the network easily. Whenever the defense program gets triggered, it needs to not only provide a general alert to the process operator, but must also be able to provide context so that the previous knowledge of how the system works can be applied to mitigate the current problem.

Currently, the oil and gas industry has transitioned to what is being termed a ‘holistic’ approach to cyber defense. In order for the best security possible to be employed, the human element of process control must function in tandem with the autonomous programs. The human component of process operation, where it exists, can be unpredictable and present vulnerabilities that may not be known or anticipated. Everything must be considered.

Industrial process operation involves many areas of risk, with cyber attack being just one. The right kind of planning and response to risk can mitigate the potential impact. Security efforts, technology, and knowledge must keep pace with threats which emerge to process pipeline security. Mountain States Engineering and Controls participates in the oil and gas industry throughout the western U.S.

Friday, March 25, 2016

LOGIIC - Confederation of Government & Industry for Cybersecurity

oil refinery storage tanks
Oil and gas industry partners with US DHS for cybersecurity
In response to the challenges presented by malicious or mischievous cyber operatives, a number of organizations joined together to collaborate in the design, testing, and implementation of tools and techniques to protect critical industrial systems on a global scale. LOGIIC (Linking Oil and Gas Industry to Improve Cybersecurity), as its name implies, focuses on the oil and gas industry. We should all know, however, that a substantial portion of the automation and process control devices we regularly utilize throughout many industries today were originally developed in the oil and gas industry, where the operational scale and risk level are sufficiently high to justify the costs of developing new technology, methods, and equipment.

LOGIIC participants include the Automation Federation, which brings the resources of world class device and software manufacturers to bear on cybersecurity issues of the day. The Cyber Security Division of the Science & Technology Directorate in the US Department of Homeland Security is also involved. Currently, five major oil companies are members.
Since its inception, LOGIIC has successfully completed eight major projects, with plans for many more. Upon completion of selected projects, LOGIIC delivers public reports to help elevate best practices across the entire industry. Both the member companies and the government are putting funds towards these projects which benefits not only the private sector, but also the public interest. Companies are applying the results within their organizations, because it helps bridge the gap between information technology and the industrial-environment sides of the organization.
LOGIIC is an organization that conducts activities and disseminates information that can be useful throughout your own organization and that of your customers and suppliers in the industrial process control field. Below is a video highlighting the organization and its work.