Cybersecurity is important in any business, but few industries represent a greater risk than oil and gas. Due to the value and volatility of what they contain, pipelines are a prime target for terrorists and others seeking to disrupt American society. Oil and gas companies must make their cyber defenses every bit as strong as their physical ones. The following steps will reinforce your control room, ensuring safety for the long haul:
1. Isolate control systems
The Pipeline and Hazardous Materials Safety Administration, or PHMSA, recently released an advisory bulletin on shoring up pipeline security. Chief among its recommendations was the call to separate your Supervisory Control and Data Acquisition, or SCADA, facilities and networks from all other corporate systems. This step limits the number of people who have access to your control room and its systems, reducing the opportunities for an attack. It will also allow you to develop more detailed control room management protocols. Because not as many people will need to access the control network, you can vet the employees who work there more carefully and go into more detail during security checks.
2. Limit avenues of access
Once your SCADA system is fully isolated from the rest of your networks, the next step is to limit the avenues for accessing it. One way to do this is to create strategic remote access ports, hardened to help protect against intrusion. Not only will this make it more difficult for attackers to enter the system, but it also means that you will have an easier time watching out for such an attack. The fewer access ports there are to keep track of, the more quickly you can detect, investigate, and counter suspicious activities.
3. Enhance authentification
While detecting suspicious use of your SCADA system helps contain damage, it’s better to prevent attackers from ever entering the network to begin with. The most reliable way to do this is to adopt complex authentication protocols. Start by designing passwords with a large quantity of different numbers, letters, and characters, and changing these passwords on a regular basis. You can further enhance security by requiring operators to use authentication tokens along with passwords.
Once you have a secure authentication method, only show it to employees who have full operator qualifications, clean backgrounds, and a need to use the network. The fewer employees there are who can access the system, the fewer potential attackers there will be.
4. Plan an integrity Management Plan
Safety management systems are most effective if there is a clear plan for identifying and responding to threats. You should come up with a detailed integrity management program for cyber-attacks. Begin by making a list of possible attacks, identifying the signs that such an attack is underway, and adopting monitoring systems to detect such signs. Then take precautions to limit damage from such attacks. These include making backup copies of key data, setting up redundant equipment and networks that are physically and digitally isolated from the main SCADA system, and installing anti-malware software. Finally, assign clear duties to each employee so that everyone knows who is in charge of monitoring, investigating, backing up, and otherwise protecting the system.
5. Deal with rogues services
The last step to protecting your SCADA system is to limit the devices that can be integrated with it. Tablets, smartphones, printers, and scanners can all spread malware and leak data, limiting or excluding the use of these can further harden your SCADA system against intrusion. Ideally, any device you use on your network should only ever be used for work activities. While such a policy may seem strict, it’s the only way to ensure that malware and spyware are not carried onto your network from outside sources.
From cyber threats to physical attacks to excessive throughput, pipelines face a wide variety of risks. G2 Integrated Solutions is committed to keeping those risks to a minimum. For more information on protecting pipelines and other critical assets, contact us today.