Modern society relies heavily on the energy, oil and gas industries, which provide essential infrastructure and power to support businesses and governments. However, with the increasing convergence of IT and OT systems, cybersecurity challenges have emerged, posing significant hazards to operational environments.
In fact, in 2022, over 60 percent of IT intrusions impacted OT systems, and nearly 60 percent of organizations considered their OT cybersecurity risk level to be “high” or “critical,” making it a constant concern. These attacks can have serious consequences, including disruptions to operations, loss of production, damage to equipment, and even employee injury.
As ransomware threats and cyber attacks continue to escalate, it is imperative for oil and gas companies to adopt a holistic OT security strategy that brings IT and OT together for operational resilience. Here, I’ll explore the overall threat landscape and highlight the importance of proactive risk management, collaborative approaches, and having the right technology in safeguarding the industries.
The Threat of Ransomware
Ransomware remains a significant concern for the oil and gas industry, as evidenced by a recent survey where 67 percent of OT security professionals expressed higher levels of concern about ransomware compared to other types of intrusions.
The Colonial Pipeline attack in May 2021 serves as a stark example of the devastating impact it can have on oil and gas operational environments. Cyber criminals breached IT systems, resulting in the halt of production, distribution operations, and deliveries for five days until the company paid millions. This incident highlighted the vulnerabilities and gaps that malicious threat actors can exploit in the oil and gas industry, emphasizing the urgent need for robust OT security measures to protect against ransomware attacks and ensure uninterrupted operations.
Mitigating Cybersecurity Risks in Oil and Gas Operations
Some of the most important resources in the world depend on oil and gas, from industrial manufacturers and critical infrastructure to businesses and governments. In fact, 40 percent of the US electricity comes from power plants that rely on natural gas. This makes the potential consequences of a cyber attack on infrastructure far-reaching and severe.
Currently, many of these companies are in a reactive phase, using only switched port analyzers (SPAN ports) to monitor and react to past events. A SPAN port is like a “copy” function that allows network administrators to observe the traffic passing through a specific network port without interrupting the normal flow of data. This can be useful for monitoring network activity, detecting anomalies or security threats, and troubleshooting network issues.
However, existing solutions such as patching controllers also come with risks associated with patching itself. This is where innovative technologies like OT security can make a difference. OT security employs a proactive approach that involves “active querying” and peripheral integrations to continuously assess the security posture of OT systems.
Active querying refers to the practice of proactively probing and gathering real-time information from OT systems to detect potential vulnerabilities, anomalies, or security threats before they result in cyber attacks or disruptions to normal operations. By actively querying the OT systems and peripheral integrations, companies can obtain actionable insights that enable them to take preventive measures, such as implementing security controls, to reduce the overall risk associated with cyber attacks.
Stakeholders such as CISOs and plant managers also play a critical role in managing the risks associated with OT security. While the CISO is ultimately responsible for mitigating risks, plant managers also prioritize reducing risks while ensuring production continuity. It’s important to communicate the benefits of active querying and how it is different and safe for plant operations. Clarifying the process, highlighting the proactive nature, and the reduction of risks can help gain buy-in from facility managers and other stakeholders.
The oil and gas sector faces a variety of OT security risks that can impact operations and result in downtime. Real-time visibility of assets and processes is crucial for identifying, managing and mitigating potential hazards that can impact physical operations, supply chains and revenue.
However, excessive noise and alert fatigue are also key concerns for cyber teams, with many security tools generating high volumes of low-priority and irrelevant risk alerts. This strains IT-OT security teams’ ability to collaborate and prioritize mitigation actions. Close collaboration, efficient alert management, and swift response are essential to ensuring the availability, continuity and security of operations.
Maximizing availability and operational continuity are essential in preventing interruptions and downtime that can impact supply chains, deliveries and result in revenue loss. Safety is also a critical issue that affects employees, uptime, regulatory compliance, insurance qualification and more. In addition, the high level of potential cyber risks and consequences in the industry means that oil and gas companies have difficulty obtaining cyber insurance. To qualify for insurance, they must rigorously quantify and assess exposures and maintain regulatory compliance.
It’s worth noting that production facilities in the upstream (exploration and production) and downstream (refining and distribution) stages of the oil and gas industry tend to have more modernized security measures compared to midstream (transportation and storage) facilities such as pipelines. As a result, CISOs may have an “Oh crap!” moment when they realize that these midstream sites might not comply with industry regulations and local laws. Additionally, the language barrier between OT and IT professionals can also complicate matters and create further obstacles in achieving effective measures.
Orchestrating a Holistic OT Security Strategy
To combat these challenges, oil and gas companies must implement a holistic OT security strategy that brings IT and OT together to ensure true operational resilience.
Operations personnel, IT teams and CISOs can work together effectively to ensure resilient operations and business continuity. Advanced, industrial-native technology is available that can be leveraged to enhance the security posture of operational environments, including oil and gas downstream and midstream settings,
The objective is to facilitate IT-OT team collaboration by providing a unified vision and practical guidance to effectively address risks in oil and gas operational environments. This involves equipping teams with clear playbooks that offer prescriptive and remediation guidance for risk mitigation. Orchestrating data from cross-domain sources will enhance your posture, provide contextualized risk prioritization, identification, and reduction, and help prevent downtime and financial losses via proactive risk management to ensure your operational environment is ransomware-ready.
Safeguarding these environments is crucial not only for ensuring operational strength but also for protecting public safety and maintaining economic stability. By adopting a holistic approach to OT security and utilizing the appropriate tools, it is possible to protect these industries and maintain business continuity even in the face of adversity.
Daniel Bren is the CEO and co-founder of OTORIO. He is a senior cybersecurity leader with over 25 years of cross-domain expertise in cybersecurity and SecOps.
Oil and gas operations are commonly found in remote locations far from company headquarters. Now, it's possible to monitor pump operations, collate and analyze seismic data, and track employees around the world from almost anywhere. Whether employees are in the office or in the field, the internet and related applications enable a greater multidirectional flow of information – and control – than ever before.