Balancing the Sharing of Information

CyberSecurity Journal

Subscribe to CyberSecurity Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CyberSecurity Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Security Authors: Ambuj Kumar, Shelly Palmer, Slavik Markovich, Elizabeth White, Greg Ness

Related Topics: CyberSecurity Journal, Internet of Things Journal

Blog Post

Internet of Things: Great for Critical Infrastructure Connectivity, but What About Cybersecurity? | @ThingsExpo #IoT

IoT for Oil & Gas - Addressing Cybersecurity

With modern industrial technology, an organization can make intelligent operating decisions because it can establish connectivity to all of its assets in industrial facilities or in the field across any distance. When industrial automation was first picking up speed in industries like oil and gas, there was a heavy focus on how supervisory control and data acquisition (SCADA) systems helped collect and transfer critically important data. SCADA systems are still very relevant today, but communications technology has evolved, especially with the adoption of wireless Machine-to-Machine (M2M) communications becoming important in allowing operators to access more data from more access points.

Complete connectivity through Industrial IoT (IIoT) technology can further help organizations connect and collect more data. With wireless technology in particular, it is now possible to reach even the most remote locations and transfer data reliably.  Industrial organizations are "digitizing" their operations and creating a connected infrastructure with IP connections, rather than using more traditional serial technologies. With IP enabled sensors or IP/IIoT enabled Access Gateways, the data generated by sensors at an asset location can be valuable to more than just the central control system. This might mean M2M communication with sensors talking directly to each other. It may mean that multiple systems consume the live, real-time sensor data directly from any location in the field. It may even mean that operators connect their sensors directly to the cloud or back office systems. If there is a way to share critical data that addresses security issues and can help provide information to key data users, then that information becomes increasingly valuable.

Many would argue that our critical infrastructure energy projects are only as reliable and secure as the technology serving them. Security will ultimately be the limiting factor on how much IoT is deployed. The traditional trade off of is either "easy to use" or "secure", but not both is still relevant. IoT solutions often utilize some of the widely deployed security technologies from the Internet to avoid the custom, one off solutions of past industrial security, if it was used at all. IP technology makes it easier to deploy and talk to sensors, but it also makes it easier for intruders to see and snoop on your valuable data streams. Security through obscurity is not a solution. There are many common attack vectors for industrial devices that become even more relevant when considering the IIoT infrastructures and fully networked, geographically dispersed energy projects.

Oil and gas, for example, is a security-conscious industry. The data that is transmitted via IoT technologies can be extremely useful, if it can meet the security requirements while data is being transferred. With the use of TLS/SSL and basic AES-128 data encryption, even in an Industrial IoT environment where data moves across an open network and it is assumed that an unauthorized party could potentially see the traffic on that network, secure connections can be established. When the data is properly encrypted, an unauthorized party cannot access the data even if they can see it in the network. In wireless connections, standards based connections will allow relatively easy access to the network itself, leaving just the software encryption to stop snooping. Many consumer IoT technologies are making their way into the IIoT and each has different tradeoffs.

One example in oil and gas is data gathered and transmitted via IoT technology could identify the utilization or failure rate of a certain type of control equipment. If the failure rate of this equipment was consistent and data was then accessed and analyzed by the producer or trade group, they might be willing to pay users for that data. If efficiency can be improved by just a small percentage then there are billions and billions of dollars to be saved by creating efficiencies. These are the same promises of SCADA, however with IoT the industry is now looking at how every single asset, across every facility can be connected through the internet (or an intranet), making data readily available to key decision makers whenever it is needed.

Overall, it's clear that industrial organizations, such as oil and gas producers, must consider some important questions in regards to security of their data transport before ever selecting a technology. For example:

  • What is the M2M communications technology controlling or automating? Is it essential that it operates without failure?
  • What data is being collected and/or transmitted with this technology? Is it time-sensitive and/or mission-critical?
  • What technology solutions have a proven track record for the applications being served?
  • What external factors might impact the reliable transmission and receipt of critical data from one point to another?
  • How does this M2M communications technology address challenges such as data encryption, network access control and signal interference?
  • Do we need this technology solution to be fail-safe, in order to prevent or eliminate catastrophic damage from occurring?
  • Is cyber security or physical security a greater concern for this deployment?
  • What vulnerabilities have the Information Security community identified in the type or category of IIoT equipment I use?
  • What is the right tradeoff between easy to use and secure for my installation?

What are some of the key security considerations driving your organization? Let us know in the comment section below.

More Stories By Scott Allen

Scott is an executive leader with more than 25 years of experience in product lifecycle management, product marketing, business development, and technology deployment. He offers a unique blend of start-up aggressiveness and established company executive leadership, with expertise in product delivery, demand generation, and global market expansion. As CMO of FreeWave, Scott is responsible for product life cycle/management, GTM execution, demand generation, and brand creation/expansion strategies.

Prior to joining FreeWave, Scott held executive management positions at Fluke Networks (a Danaher Company), Network Associates (McAfee), and several start-ups including Mazu Networks and NEXVU Business Solutions. Scott earned his BA in Computer Information Systems from Weber University.