We Are Not Paranoid: Protecting the Digital Oil Field

My mantra has always been to over-protect, especially when the network being protected is critical.

This opinion has been somewhat validated by the recent incident with a small water utility’s SCADA system, resulting in damage to pumping equipment. While a water pump failure in a small township isn’t exactly a national threat, there are SCADA and industrial control systems that are just as vulnerable. Consider energy generation and the transmission and distribution of energy. I used to think of the “Smart Grid” as the pinnacle of my pseudo-paranoid call for cyber security because of the massive attack surface that it presents. When I was recently introduced to “Smart Fields” I was fully prepared to cringe within a shroud of renewed skepticism. The digital oil field uses more intelligent devices at all stages of oil production—drilling, piping, storage, refining and delivery—in order to lower costs and improve safety. At the same time, just like with “smart” electric grids, this added intelligence opens up a potential new attack surface.

Fortunately, this exciting evolution in the oil industry is being spearheaded by a kindred spirit. Someone who understands that the paradox of smart automation systems can only be combatted with diligent cyber security measures. Why use one firewall when you could use a firewall and an Intrusion Prevention System? Why trust the network when traffic analysis tools can indicate threat patterns? Why trust anything, for that matter? Lock down the controls, separate and segregate everything. Add security until your CFO breaks down in tears, because in truly Critical Infrastructure the ROI of cyber security is measured in human lives.

I say this a lot, and I hear the same response a lot, “you’re paranoid.” Well you know what? I’m not alone, and we are not paranoid.

I use “we” instead of “I” because the aforementioned kindred spirit—an ally, if you will, in the cyberwar. Through him I was exposed to one of the best cyber security plans that I’ve seen in a while. How does it work?

The plan is designed specifically to protect the “Digital Oil Field,” and it answers issues of accessibility and vulnerability by heightening awareness and implementing the best security controls available today. It is built using multiple security perimeters: one separating the process control system from the process information system; and then another separating the process information system from the rest of the business network. That final separation uses a DMZ to further strengthen that barrier, requiring every session to be terminated and reestablished before crossing that very important digital divide. Firewalls, Intrusion Prevention Systems, and even Network Behavior Anomaly Detection (NBAD) systems are used to control known policies, block known attacks, and detect patterns of unknown attack. Replace “PCN and PIN” with “ICS and SCADA,” and you have essentially the same cyber defense architecture described in my book.

But with digital oil fields at stake, there’s another perimeter that needs consideration. It sits between the PIN and the field stations—protecting the programmable logic controllers at their most physically vulnerable locations—the well heads. This is where the hard work of products like the Tofino firewall or the Zenwall industrial protocol filter come into play, and it’s encouraging to see a critical operator investigating these types of tools.

This all makes sense, although some may make those familiar accusations of paranoia. But it gets even better when you add in DLP. DLP, or Data Loss Prevention, is designed to prevent information from being stolen or “leaked” from the network. It’s widely used in large enterprises, financial institutions and hospitals. It protects credit cards, and patient health data, and personal identities. It does not, many might argue, have any relevance to industrial control systems cyber security … but those people would be wrong. Consider Night Dragon, Shady Rat, and now the newest Stuxnet variant, Duqu. “Information theft” could indicate a reconnaissance effort for a larger attack. While only Night Dragon represents information theft directed specifically at control systems, the increasing presence of APT and industrial espionage is starting to converge with the increasing number of threats against control systems. In this light, protecting sensitive information about an industrial control system could be the ultimate preventative measure.

That was the “how”, what about the “why?” To that, my kindred spirit had a clear and concise answer, “because if I can save a single life, it is all worth it.” This is critical infrastructure, remember? So no, we are not paranoid.

Related Reading: Industrial Control Systems Security One Year After Stuxnet

Related Reading: Bridging the Air Gap: Examining Attack Vectors into Industrial Control Systems

Related Reading: Are Industrial Control Systems Secure?

Related Reading: How to Make the Smart Grid Smarter than Cyber Attackers

Related Reading: The Increasing Importance of Securing The Smart Grid

Related Reading: Stuck on Stuxnet – Are Grid Providers Prepared for Future Assaults?