Page 7 - NorthAmOil Week 19 2021
P. 7
NorthAmOil GUEST COMMENTARY NorthAmOil
updated. (Again, for an oil and gas company, of Colonial Pipeline. (Similar companies’ pipe-
this would involve an explanation of what role line systems can be extensive and sprawling,
every asset plays, both individually and within with some facilities in remote rural locations and
the system as a whole.) many others distant from headquarters.)
Vulnerability assessments: An inventory is Preparation, practice and prevention: Oil
not enough either. Oil and gas companies also and gas companies should also take a proactive
need to know which parts of their systems are approach to cybersecurity, not just by reacting
especially at risk. They also need to know why to attacks and anomalies, but also preparing for
those components are vulnerable – for example, them, practising for them and looking for ways
whether it is because they are legacy technologies to prevent them. In concrete terms, this means
that are not compatible with newer equipment instituting a regular programme of maintenance
used elsewhere or whether it is because they for security systems, developing a strategy for
rely on a specific type of software that cannot be responding to threats and conducting drills and
updated without voiding the terms of service. simulations through penetration testing and/or
Pinpointing these vulnerabilities makes it easier red-teaming. (Oil and gas companies will benefit
to decide where safeguards such as firewalls and from stepping up such practices, given that the
sandboxes are needed most. (In similar cases, we oil and gas sector is known to be at risk.)
have seen that vulnerability assessments have
informed decisions to close down pipelines in Industry-specific expertise: Oil and gas com-
order to prevent malware that had infected IT panies would also do well to seek cybersecurity
systems from spreading into the OT realm.) solutions from providers that understand their
challenges. These include but are not limited to
Visibility: Identifying weaknesses within the wide geographic dispersion of assets, depend-
system is not enough either. Companies should ence on legacy systems that are ageing but relia-
also look for cybersecurity solutions that help ble, monitors and sensors that generate so much
them make sense of the information they have data that they may make cyberattacks hard to
through visibility. That is, since they cannot spot and the need to avoid shutdowns that can
secure what they cannot see, it is imperative damage equipment or cut off supplies of vital
these security solutions have complete packet commodities. Security providers that are not
data to provide a clear representation of the sys- accustomed to accommodating such conditions The number of
tems being inspected. We are seeing more and are likely to have a hard time setting up an effec-
more companies turning to Data Diode TAPs tive solution for oil and gas companies. cyberattacks
(test access points) to ensure that monitoring We know we have given you a long list of targeting the oil
traffic is unidirectional so OT environments things to think about. But you do not have to
are not hackable. Solutions of this type help put solve the problem by yourself. Garland Technol- and gas industry
everything together by allowing users to see ogy is happy to discuss network TAP visibility
what is in their networks, what is connected to and other solutions that oil and gas companies is on the rise,
their networks and who is active on their net- can implement to keep their critical infrastruc-
works on the packet level. (This is very important ture systems working. not just in terms
information for companies whose petroleum of absolute
product pipeline networks are considered crit- Chris Bihary, CEO and Co-Founder of Garland
ical infrastructure.) Technology (http://www.garlandtechnology. numbers.
com), has been in the network performance
Continuous, real-time monitoring: Visibility industry for over 20 years. Bihary has established
is even more useful when paired with monitor- collaborative partnerships with technology com-
ing solutions that allow users to detect threats panies to complement product performance and
and anomalies as they happen and respond to security through the integration of network TAP
them as rapidly as possible. With continuous, visibility. Chris started his career owning an IT
real-time monitoring, it is easier to act quickly reseller who built out 9-1-1 call centre network
to contain security breaches – even in situations infrastructure, which shaped his core belief to
where fast action may be difficult, as in the case always ensure uptime for critical networks.
Week 19 13•May•2021 www. NEWSBASE .com P7
