The oil and gas and critical infrastructure industries were the #1 targets by nation-state sponsored cyberthreat actors in 2017-18. Cyberattacks pose a significant threat causing major business disruption, downtime and loss of intellectual property. Rapid digitization of production tools across the industry can also increase the threat landscape unless properly mitigated.
Several nation-state attacks have highlighted the necessity for a risk-based approach to cybersecurity, protecting and managing how control systems and data are accessed. According to researchers, Russian state-sponsored hackers are actively targeting oil and gas industrial control systems (ICS). Known attacks by Russia-linked malware shut down an oil refinery in 2017.
One known malware, Triton, appears to have been developed to disable plant safety and failsafe mechanisms, opening the door to physical attacks on infrastructure. When successful, this malware is used to shut down the safety instrumented system (SIS) — disrupting plant operations and causing service downtime. Typically, adversaries lurk undetected in the target network for nearly a year before gaining their access to engineering workstations connected to critical ICS systems.
The Triton actors follow a common pattern seen in sophisticated ICS-related intrusions: moving from corporate information technology (IT) to operational technology (OT) networks through systems that are accessible to both environments.
Secure IAM for the Oil and Gas Industry
Establishing secure digital identities within your IT and OT systems is a fundamental step toward enforcing best practices of identity and access management (IAM). IAM grants visibility of the persons and things accessing the systems and helps keep bad actors from breaching networks across multiple sites.
In today’s threat landscape, passwords alone are insufficient. Multi-factor authentication (MFA) adds a layer of security to help protect organizations from stolen or misused credentials.
The guide, “General Best Practices the Department of Homeland Security and the FBI,” recommends:
- using two-factor (or multi-factor) authentication for authentication of employees, contractors, visitors and IoT devices
- implementing solutions which can detect the malicious use of legitimate credentials
A Modern Approach to Identity Assurance
Trusted identity is foundational in today’s highly connected zero-trust environments. Oil and gas companies are being proactive with strong multi-factor authentication and credential management solutions. Taking a modern approach to digital identity means incorporating an adaptive, composite authentication solution. A composite identity combines traditional MFA — what you know (PIN), who you are (biometrics) and what you have (smartcard) — with risk-based factors such as physical gestures, geo-location and time frame.
Modern composite authentication solutions are much easier to use than traditional complex passwords. The assurance that users have a frictionless and continuous authentication experience is a key contributor to success in the field.
Combined Security for Physical and Logical Access Control
As most oil and gas sites are perimeter restricted, employee/contractor physical access management controls and real-time data are required for suitable risk mitigation. Data analytics enables companies to take the power of their physical security data beyond traditional reporting and use it to predict possible physical security risks. A system that combines physical and logical access controls and analytics and is easy to deploy and adopt across distributed sites is required. To block attackers from leveraging stolen credentials, trusted digital identity and strong authentication is the foundation of protection across distributed physical assets and intellectual property.