ICS Security Lags In U.S. Oil And Gas Industry

  /  ICS Security   /  Cybersecurity   /  ICS Security Lags In U.S. Oil And Gas Industry
cybersecurity for oil & gas

ICS Security Lags In U.S. Oil And Gas Industry

A research from the Ponemon Institute finds digitalization in U.S. Oil and Gas operations is seriously outpacing cybersecurity measures and that’s creating an undeniable risk to operational security. In “The State of Cybersecurity in the Oil & Gas Industry: United States,” released in March, 68% of those surveyed said their operations have had at least one security compromise in the past year. Only 35% of respondents rated their operational technology (OT) cyber readiness as high. Other key findings:

  • 61% say their organization’s ICS protection and security is inadequate
  • 59% believe there is a greater risk in the OT environment than the IT environment
  • Only 41% said they continually monitor OT infrastructure to prioritize threats and attacks; and
  • 65% said their top cybersecurity threat is the negligent or careless insider, while 15% said it is the malicious or criminal insider

While the oil and gas industries aim to make improvements to their cybersecurity risk posture, it’s not straightforward. This recent survey reinforces the fact that even those within the industry foresee major shortfalls. The rapid advancement of digitally connected industrial components, while delivering business benefits, has significantly increased cyber risk. And, only a minority of respondents indicated they can properly assess risks and deploy the right resources to address them.

An average of 46% of all cyberattacks in the OT environment go undetected, suggesting the need for investments in technologies that detect cyber threats to oil and gas operations.” Ponemon Institute report, February 2017

 Oil and Gas Operators Identify Insiders as Greatest Threat

The fact that insiders – whether criminal or negligent, are a top cyber security threat substantiates the need for ICS real-time monitoring and process anomaly detection. Control system traffic is fairly predictable so, by establishing a baseline of ICS network communications and conducting continuous monitoring for anomalies, anything that deviates from expected behavioral patterns is an anomaly worth analyzing. Furthermore, it would be very valuable to identify if these anomalies are due to malicious activity or unintentional errors that could cause process impacts/disruptions – whether from internal or external sources.

Insiders are not the only problem. In a recent article by Collin Eaton of the Houston Chronicle, he points out that the Coast Guard regularly patrols the coast of the Sabine-Neches waterway to monitor unprotected wireless signals that hackers could use for malicious activities. According to this article, the Coast Guard has received several reports that foreign ships attempted to probe the wireless networks of industrial facilities along U.S. waterways.

With the spike in incidents, malicious or not, from insiders or outsiders, the demand for implementing cybersecurity measures and deploying scarce personnel trained in cybersecurity is at an all-time high. The challenge is that there is a big gap between the supply and demand of industrial cybersecurity skills.

Automated Cybersecurity and Process Anomaly Detection Can Help

There are no easy answers, but there is some good news in that innovations – such as machine learning and artificial intelligence-enhanced cyberattack detection, can help Oil and Gas operators gain efficiencies in their cybersecurity programs. Not to mention speed the investigation of incidents to contain attacks before significant damage can occur; and without needing to add additional staffing.

It’s an area that the team at Nozomi Networks knows well through years of building OT-focused cybersecurity solutions for Oil & Gas and other industrial operators.

We share Dr. Larry Ponemon’s hope that, “the findings of this research create a sense of urgency to make the appropriate investments in people, process and technologies to improve the industry’s cyber readiness.”

This article was written by Edgard Capdevielle and originally appeared here.


Edgard Capdevielle is the CEO at Nozomi Networks. He brings an extensive background in successfully managing and expanding markets for both start-ups and established technology companies to his role as CEO.