I have been speaking in the CCICon2 in Bogota about “The Practical Approach for Protecting the Critical Infrastructures from Emerging Cyber Threats”, detailing topics such as how emerging cyber threats that target industrial control systems and how such cyber-attacks can come in different forms including increasing pressure in a pipeline, changing field device parameter settings, closing/opening a motorized valve, causing a denial-of-service attack, increasing/decreasing motor speeds, and viewing fake HMI readings. Noting that all of these can result in a loss of view, control, operation, production, lives and more.
To counter cyber-attacks, companies need to keep in mind that attackers are always ahead. They have the time, resources, and experience, and for that, companies shall look forward to adopting industrial defense-in-depth cyber security techniques and build multiple cyber security layers. It is not enough to have only cyber security solutions; these solutions shall be accompanied by techniques that can provide knowledge and vision about anomalies that could take place within these critical infrastructures. Having industrial cyber security operations center is no more an option. Also, people assume that they are not likely targets and they are not interesting to hackers. But this is not true. If they see a weakness, they attack, it’s as simple as that.
Ignorance is a killer. When you walk on mines, your first mistake is your last mistake. Security is not an option anymore. Oil companies must, right now, start to consider security upfront, so it will be much easier to secure those systems if we do it at the front end engineering design phase, rather than later.
An effective process control security in the industrial oil and gas plants can make the difference between a normal day at work and a disaster. That’s why critical infrastructures operators need to consider cybersecurity at the core of their operations.
Digital Oil Fields Cyber Security Advisor