ICS Security Lags Digitization in U.S. Oil and Gas Industry

ICS Security Lags Digitization in U.S. Oil and Gas Industry

This article was updated on October 16, 2019.

New research from the Ponemon Institute finds digitalization in U.S. Oil and Gas operations is seriously outpacing cyber security measures and that’s creating an undeniable risk to operational security. In “The State of Cyber security in the Oil & Gas Industry: United States,” released this month, 68% of those surveyed said their operations have had at least one security compromise in the past year. Only 35% of respondents rated their operational technology (OT) cyber readiness as high. Other key findings:

  • 61% say their organization’s ICS protection and security is inadequate
  • 59% believe there is a greater risk in the OT environment than the IT environment
  • Only 41% said they continually monitor OT infrastructure to prioritize threats and attacks; and
  • 65% said their top cyber security threat is the negligent or careless insider, while 15% said it is the malicious or criminal insider

While the oil and gas industries aim to make improvements to their cyber security risk posture, it’s not straightforward. This recent survey reinforces the fact that even those within the industry foresee major shortfalls. The rapid advancement of digitally connected industrial components, while delivering business benefits, has significantly increased cyber risk. And, only a minority of respondents indicated they can properly assess risks and deploy the right resources to address them.

Oil and Gas Operators Identify Insiders as Greatest Threat

The fact that insiders – whether criminal or negligent, are a top cyber security threat substantiates the need for ICS real-time monitoring and process anomaly detection. Control system traffic is fairly predictable so, by establishing a baseline of ICS network communications and conducting continuous monitoring for anomalies, anything that deviates from expected behavioral patterns is an anomaly worth analyzing. Furthermore, it would be very valuable to identify if these anomalies are due to malicious activity or unintentional errors that could cause process impacts/disruptions – whether from internal or external sources.

Insiders are not the only problem. In a recent article by Collin Eaton of the Houston Chronicle, he points out that the Coast Guard regularly patrols the coast of the Sabine-Neches waterway to monitor unprotected wireless signals that hackers could use for malicious activities. According to this article, the Coast Guard has received several reports that foreign ships attempted to probe the wireless networks of industrial facilities along U.S. waterways.

With the spike in incidents, malicious or not, from insiders or outsiders, the demand for implementing cyber security measures and deploying scarce personnel trained in cyber security is at an all-time high. The challenge is that there is a big gap between the supply and demand of industrial cyber security skills.

Automated Cyber Security and Process Anomaly Detection Can Help

There are no easy answers, but there is some good news in that innovations – such as machine learning and artificial intelligence-enhanced cyberattack detection, can help Oil and Gas operators gain efficiencies in their cyber security programs. Not to mention speed the investigation of incidents to contain attacks before significant damage can occur; and without needing to add additional staffing.

It’s an area that the team at Nozomi Networks knows well through years of building OT-focused cyber security solutions for Oil & Gas and other industrial operators.

We share Dr. Larry Ponemon’s hope that, “the findings of this research create a sense of urgency to make the appropriate investments in people, process and technologies to improve the industry’s cyber readiness.”