Pressing the big red button – on Incident Response Readiness in the Oil and Gas Sector

Digitalisation and the interconnectivity of operational technology (OT) drastically increases cybersecurity risk in the oil and gas industry. The security challenges, requirements and potential consequences in industrial environments significantly differ from those in a traditional office IT environment. While the impact of a security breach in office environments is often limited to financial losses, attacks on industrial systems have the potential to stop production, cause physical damage, harm the environment and even put peoples’ lives at risk.

The oil and gas industry is increasingly reliant on digital systems, and companies have ambitious plans for increased use of digital technology. Established operational patterns are changing, allowing more onshore operation on offshore installations. This trend provides great benefits in areas of efficiency, cost savings and competitiveness, however it also leads to new challenges related to cybersecurity. The industry must therefore actively follow-up changes in the risk landscape, and their increased exposure to continuously evolving cyber threats. A key component in this is incident response readiness planning.

The first part of this talk presents the results of an empirical study of cyber incident response readiness in the Norwegian oil and gas industry, performed by SINTEF on behalf of the Norwegian Petroleum Safety Authority. The study addresses the CERT capacity among various actors in the industry and their ability to handle critical cybersecurity incidents in industrial control and safety systems. The study focuses on OT systems, information sharing, and the operationalisation of CERT alerts and warnings.

The study shows that informants are relatively satisfied with their own cyber incident preparedness today, but they acknowledge that it can be improved in the areas of visibility and real-time monitoring of cybersecurity in OT systems. Furthermore, the study shows that not all oil and gas companies or drilling rig operators distinguish between cybersecurity incidents in IT and OT systems, and views vary widely concerning who is responsible for security in and between IT and OT systems.

mnemonic has, for several years, delivered security monitoring services to different customers within these industrial verticals and helped them build cybersecurity mechanism for protecting their industrial automation and control systems. In the second part of this talk, we will present a recent use-case where mnemonic designed a solution for securing remote access into SAAS and protecting IACS subsystems offshore from cyber threats. Here we implemented a system allowing the control room offshore to dynamically grant access and isolate critical subsystems offshore by pressing a “big red button”. If there is an incident, the “big red button” can be used without impacting the protected production process.

The key takeaways from this talk will be an insight into the unique challenges of the petroleum industry when it comes to incident response readiness, including a real-world example of how to design secure remote access with a built in practical emergency network segmentation solution.

Previous Presentation

Krzysztof Swaczyński

Next Presentation

Matan Dobrushin Idan Helzer