While no IT system can be 100% secure, according to Gartner, a multi-layered security approach is the most effective one for upstream oil & gas infrastructures.
This strategy includes a coordinated governance strategy for IT and physical security for sites and systems, technologies that secure at the platform, network, application and data levels, and coordinate with business continuity and disaster recovery to address levels of response beyond those of typical prevention and detection, should any compromise occur.
“A cyber security strategy for oil & gas enterprises, which has been done by a number of them, would involve the use of vulnerability management technologies, data protection technologies, identity and access management, endpoint protection, and other possible categories of technology solutions. The bigger task lies in developing good governance and good process around cyber security,” said Earl Perkins, research vice president at Gartner.
In terms of cyber security, industrial equipment should be given special care, according to Kaspersky Lab.
“Regular updates for vendor applications and protocols are needed; some facilities we have seen are still using protocols and applications that are 25 years old,” said Kaspersky Lab senior security researcher for the Global Research & Analysis Team, Mohammad Amin Hasbini.
“If communication between industrial systems is done via interceptable technologies such as wireless, then protection of confidentiality and integrity of traffic is essential; an example would be to use Industry Standard algorithms like IPSEC tunnels or AES encryption, to avoid any possible interception or tampering of the traffic.”