Driving ICS Security Innovation in the Oil and Gas Industry

The oil and gas industry has long been in the crosshairs of ICS/SCADA cyber security threats. Advanced automation networks, collectively known as operational technology (or OT networks) are used throughout the entire upstream and downstream operations lifecycle. The extensive use of these automation systems significantly increases productivity, but at the same time it provides an additional attack surface that threat actors can leverage to inflict material harm…especially as the need for always-available, remote interconnectivity increases.

At Claroty, we’ve been learning a tremendous amount about the need for ICS security innovation in the Oil and Gas industry. We’ve harnessed the deep cyber security backgrounds of our teams, as well as the extensive work our teams have done in Critical Infrastructure security, to develop a robust understanding of the unique needs of this space. In Oil and Gas, we are engaged with some of the largest companies in the sector – and with the enormous amount of interest we witnessed last week at the American Petroleum Institute’s 11th Annual Cyber Security conference - our domain expertise in this space is set to grow deeper and even more rapidly in the coming months. One of our most extensive engagements is in the offshore exploration drilling sub-segment within upstream oil and gas operations. The rapidly changing liability landscape in offshore drilling, combined with increased recognition of cyber risk, is driving Exploration and Production (E&P) companies to compel rig contractors to implement sound cyber security programs on their vessels as a prerequisite to any drilling contract. This in turn has created an equally strong business imperative for rig contractors to develop cyber security policies and procedures and to seek solutions that align with the unique needs of their OT systems.

Claroty was conceived to secure the safety and reliability of operational networks running critical processes like the multiple integrated OT systems that offshore drilling vessels rely upon. Therefore, Claroty was the ideal partner for a leading rig contractor that sought not only to comply with E&P contractual requirements, but to take a leading role in transforming the cyber security posture of its vessels.

A Little Primer on the Complexity of Securing Offshore Rigs…

Mobile Offshore Drilling units (MODUs), used in the exploration and development of wells, are divided into Jack-ups that reside in shallow water sea beds and floaters (drilling ships and semi-submersibles) for mid and deep water drilling. Standard drilling ships and semisubmersibles typically four independent OT networks that are each managed by an external contractor and differ from each other in automation equipment and communication protocols utilized. As a result implementing a cutting-edge security solution is no easy task.

Understanding the OT networks in Floater Systems: 

· Power Generation and Distribution Network provides electricity to all the floater’s systems.

· Dynamic Positioning Network maintains the floater’s position and heading, by using its own propellers and thrusters. 

· Drilling Control Network (DCN) controls the drilling activities of the floater.

· Blowout Prevention Network (BOP) is used to seal, control and monitor oil and gas wells to prevent uncontrolled release of crude oil or natural gas from a well.

The fragmentation and management of the floaters’ OT networks causes the following structural security vulnerabilities:

· Remote access required by the network contractors for maintenance activities introduces a new attack surface. Compromising a privileged third-party account to gain an initial foothold on the network is a common attack vector that has been utilized numerous times in targeted attacks.

· Further, the drilling ships’ OT networks are not air-gapped. They are connected directly with the rig contractor’s main IT network which is connected to the Internet.

It is clear that these structural vulnerabilities pose a significant risk. However, this risk cannot be soundly managed by the rig contractor for two reasons:

· Each network is separately managed by its respective contractor in a complete silo. Therefore, there is no unified view across the entire OT network environment­.

· From the technology perspective, traditional IT security monitoring products do not provide visibility into the entire scope of proprietary OT protocols that are utilized throughout the floater’s networks.

Acknowledging these challenges, our rig contractor client sought a solution that enabled it to regain visibility over its OT networks, and better address the safety and operational risks it is accountable for…a very ambitious undertaking.

We’ve written up details on how Claroty helped solve these problems in the case study you can download below. We provide a detailed analysis of the unique offshore drilling OT attack surfaces and operational challenges, and walk through one of Claroty’s offshore installations. This concrete example will serve to illustrate the broader cyber security and operational challenges that characterize the oil and gas industry. We invite you to have a read by downloading here.