Defense-In-Depth: Reliable Security To Thwart Cyber-Attacks

By Eric Byres, Chief Technology Officer, Belden’s Tofino Security | February 2014, Vol. 241 No. 2

Eric Byres, Chief Technology Officer, Belden’s Tofino Security

Cybersecurity-related events have become an increasing problem for the oil and gas industry over the past decade.

On one hand, there has been a push to reduce costs and increase efficiency through companywide network integration. The advances in industrial control systems (ICS) have made pipeline systems accessible through Internet-based technologies and tools. This has allowed systems to be operated and maintained effectively with fewer staff distributed widely around the world.

Unfortunately, while connectivity was improved, the millions of legacy control systems in use were not designed with security in mind. Thus, with the increasing connectivity of SCADA and ICS, and a library of free tools to attack ICS products available to hackers – right now, industrial security is a game with the advantage going to the attacker.

Ultimately, these circumstances are leading to a do-or-die moment: secure your ICS or the reliability and safety of your entire company is at risk. Of course, there’s no simple solution – the process takes substantial effort and thorough planning. A carefully constructed and strategically designed “Defense in Depth” model is the only viable answer.

Pipelines – Prime Targets
There are many reasons why oil and gas operations have become attractive targets for cyber-attacks. For example, a pipeline’s importance to the economy of a country may make disrupting operations useful in achieving political goals. In “Cybersecurity And The Pipeline Control System,” February 2009 Pipeline and Gas Journal, I described the cyber-sabotage of the ship loading systems at Petróleos de Venezuela, S.A. (PDVSA) in 2002 during a national strike.

Often the attacks appear to be driven by reasons of economic competiveness, such as the Night Dragon cyber-activity that stole sensitive data, including oil field bids and SCADA operations data from energy and petrochemical companies in 2011 (See “Next Generation Cyber-Attacks Target Oil, Gas SCADA, February 2009 Pipeline and Gas Journal.)

And sometimes the attackers seem to have multiple goals. In 2012, there were cyber-attacks on 23 North American natural gas pipeline operators. While much of the stolen information had clear economic value, some of the data – such as the remote maintenance dial-up numbers of the compressor stations – had no economic benefit to the attackers. However, information like this does offer the ability to sabotage the pipelines years in the future.

Researchers came up with several theories for who could have been behind the 2012 gas pipeline attacks, suspecting the special intelligence teams of several countries, including China. As a result of this and other events, the White House issued an executive order to increase cybersecurity measures to protect systems critical to the national economy, including pipelines.

Adding to the complexity of the problem, attacks aren’t just coming from well-known or long-established threat sources. The attackers don’t even have to be well-funded or organized. The Shamoon attacks against Saudi Armco in September of 2012 destroyed over 55,000 servers and workstation hard drives. This was likely the work of one or two individuals with religious goals. The similar attacks against Qatar’s RasGas two weeks later also seem to have been ideologically motivated.