By Bryan Lares and Thu Le
In the days before the concept of the “Digital Oilfield” emerged as a result of the proliferation of the Internet-of-Things, companies struggled to find ways to centralize their operational information. It was extremely difficult to efficiently monitor all assets, provide support, and solve problems in real-time for better decision making. Companies that have been able to do this now are staying competitive and cutting their costs, proving there’s still hope for the Oil and Gas industry. This is great news, yet, in some cases, this transformation presents additional challenges.
Drilling rigs all over the world are powered by expensive machines with tremendously high costs of failure for events such as kickbacks or explosions. With so much at stake, monitoring these systems is a daunting task, which requires a great degree of expertise. In order to maintain and operate this critical equipment, experts are required by their organizations to be physically onsite at the rigs – whether on onshore, offshore, or dispersed throughout remote areas around the world – to make critical decisions on the fly and help with asset maintenance. Even though inefficient and at-times laborious, security was rarely a problem as these drilling rigs are most frequently controlled by air-gapped systems, or systems which are not connected to external communication networks. The closed-loop systems made it extremely hard for outsiders to gain unauthorized access to their IT or OT network.
More recently, organizations have started to implement IoT solutions onto their systems. Countless hours and human resources are saved, processes are improved tremendously, and failures are minimized. All the data from almost every system available can now be accessed, measured, and managed in one place. This is a remarkable advancement, yet it is also the reason why cyber attacks are getting more dangerous than ever before. Since systems are now connected, they can be attacked and compromised, even if these controlled systems are dispersed in decentralized locations. This has become such a problem that the energy industry has been cited by the Council on Foreign Relations as the most vulnerable sector to the threat of cyber attack.
Indeed, US ICS-CERT reported that 53% of attacks within the energy industry mainly target control systems using common hacking techniques such as SQL injections, spear phishing, and watering hole attacks. These hacking methods aim to infect your systems through your database, your emails, or exploiting your organization’s site browsing behaviors. According to TripWire 2016 Energy Survey, more than 80% of respondents coming from the Oil and Gas industry acknowledged an increase in the number of successful cyberattacks their organization has experienced the past 12 months, while 68% aren’t confident in their organization’s ability to detect all cyberattacks.
In September 2015, SecurityWeek Feedback Friday revealed that the systems of the United States Department of Energy was breached more than 150 times between October 2010 and October 2014. This led to significant growth in Oil & Gas security spending, from $26.3 billion in 2015 to a projected $33.9 billion by 2020.
To sufficiently combat the growth of threats in both number and sophistication, combined with the scarcity of security talent, the Oil and Gas industry needs a stronger approach to cybersecurity. Keeping this in mind, SparkCognition has developed an AI-based solution for cyber-security, SparkSecure. The technology is designed to monitor and protect not only the IT infrastructure, but also the OT network.
SparkSecure monitors all data communications in real time and identifies suspicious and malicious activity on a network. The software signals analysts for where to look in order to identify the exact location of a potential attack, and provides evidence as to the validity and severity of the threat.
Most attacks today are new, signature-free, zero-day threats. However, with large amounts of accurate and trustworthy information acquired through automated research retained by SparkSecure, most zero-day attacks can be identified.
Not only that, SparkSecure algorithms can differentiate between anomalous and malicious behaviors. The ability to do this has significantly minimized the burden of resolving false positives for security teams, saving them time and resources that can be better spent dealing with real threats.
With every advancement comes a trade-off. Driving a car presents more risks compared to walking. However, without cars, we wouldn’t be able to travel as efficiently as we now can. We then learn how to maneuver it to minimize the risks. It’s the same case for bringing IoT to Oil and Gas. The energy industry only gets more and more competitive, and companies cannot afford to be left behind. However, if companies can understand the implications and challenges that come with adopting IoT, and actively “maneuver” to find the right technology and security systems, keeping systems secured is an achievable reality.
(*) Thank you Keith Moore, Jeff Brown, and Philippe Herve for contributing your insights to this article.