Giving Pipeline Security a Boost

Tuesday, August 8, 2017 @ 04:08 PM gHale

By Thomas Nuth
In the last decade market and cost pressures have driven significant technological advances in automation and industrial connectivity across all aspects of petroleum extraction, pipeline transport and refining.

While technological advances are delivering business benefits, systems now end up exposed to more cyber risks than ever before.

WannaCry: Revisit (or Create) ICS Security Plan
Fighting for Holistic OT/IT Security
WannaCry Vulnerability Checker Released
WannaCry Decryptor Tool Available

Yet, according to a 2017 survey by the Ponemon Institute, the deployment of cybersecurity measures in the oil and gas industry isn’t keeping pace with the growth of digitalization in operations.

In fact, 35 percent of respondents in the Ponemon survey rate their organization’s OT cyber readiness as high while 61 percent said their organization’s industrial control systems (ICS) protection and security is not adequate.

One way to overcome the ICS cybersecurity gap is to utilize next generation technology that leverages machine learning and artificial intelligence (AI) to deal with system complexity and deliver immediate benefits.

Here are two cases of how a passive ICS anomaly detection and monitoring solution secures pipeline networks.

While the oil and gas sector, including pipeline operators, are embracing technological advancements, risks from cyber threats are outpacing cybersecurity measures.

Efficiency of Equipment Commissioning
Quality assurance and quality control (QA/QC) is big business — and a big undertaking for oil and gas operations teams.

Typically, within the command structure between DCS/SCADA, each controller and endpoint must be tested under various process stress-factors and reported in a full-loop test. For example, a test engineer must command a valve to turn a certain percentage under various operational circumstances and record the impact on latency, availability, failure risk etc. This must be done in compliance with various regulations and the results reported.

If a network or device is added into the DCS/SCADA, the process must be repeated. This is arduous and resource-intensive; even more so for remote pipeline networks. However, a passive industrial cybersecurity and operational visibility solution deployed in the industrial network makes these processes more efficient.

How? Let’s first take a step back and explain how the solution is deployed and works:
• Passive ICS cybersecurity modules are deployed in the industrial network by being attached to mirror or SPAN ports of networking equipment at key segment points.
• The modules copy network traffic to themselves for rapid learning and analysis.
• No out-of-network data is added to the ICS network, and production is not impacted. There is no impact on latency, no risk of intrusion and no risk of network downtime.
• The ICS cybersecurity appliance leverages machine learning and AI techniques to rapidly analyze huge volumes of network communication and process variable data that are extremely difficult to evaluate any other way.
• This “smart” data analysis is used to model the pipeline system, and develop process and security profiles specific to it.
• Once baselines are established, high speed behavioral analytics are used to constantly monitor it.
• The result is the rapid detection of anomalies, including cyberattacks, cyber incidents and critical process variable irregularities.

In the commissioning scenario, new devices added to the network are quickly identified and highlighted in dashboards and reports using a central management console. Device information such as location, protocols, connections, manufacturer and model number is all available from the remote location.

A test engineer can check device performance by running queries and monitoring the values of process variables against established baselines to detect anomalies. This improves operator productivity and shortens the time to deployment of new equipment.

Schematic showing the deployment of passive ICS security modules at various oil and gas sites. Real-time anomaly detection data and monitoring information from these sites can be monitored at central controls rooms or SOCs.

How to Improve ICS Cybersecurity
Good ICS cybersecurity solutions provide operators the ability to monitor networks and security risks across multiple site locations. This is important for achieving robust cybersecurity monitoring and operational excellence in any large-scale oil and gas control endeavor.

Typically, this is achieved with a multi-tiered ICS cybersecurity approach whereby geo-distributed networks with passive ICS cybersecurity appliances link together with a centralized console or virtual interface. This allows offsite, centralized, real-time monitoring of cyber threats and risks, anomalous changes to pipeline flow variables and network communication irregularities.

If cyber risks or new nodes end up detected, field operations and centralized control can work in concert to identify, evaluate and consistently improve operations and mitigate risk. This is directly applicable to pipeline networks where small changes in traffic flows or device behavior could indicate a cyber threat or potential point of failure.

An enterprise-ready passive ICS cybersecurity solution allows OT and IT users alike to clone useful dashboards and network queries for use on new appliances. Items like table views, compliance metrics and report templates are quickly duplicated and achieve a unified approach to ICS security and operational management. Device and network traffic can easily compare from site to site, significantly reducing mitigation, troubleshooting and forensic efforts.

Cybersecurity Gap
To deal with the challenges of increasing digitization and cyber risks, oil and gas operators need to be aware of how new technology solutions can help. Passive ICS anomaly detection tools can utilize machine learning and AI to quickly learn complex pipeline systems and monitor them in real-time.

This solution is non-intrusive, simple to deploy, and immediately starts providing useful, actionable information that reduces cyber risks and improves operational efficiency.

Furthermore, with flexible data aggregation available via the enterprise-ready CMC, real-time cybersecurity and operational visibility is available across decentralized and geographically dispersed operations.
Thomas Nuth is global director, product and solutions technology at Nozomi Networks. This was an excerpt from a Nozomi Networks blog.

Leave a Reply

You must be logged in to post a comment.