Securing the Oil Patch with Cyber Hardened Surveillance and IoT
Energy security professionals are challenged like never before, with the boom in the oil patch inviting more criminal activity on the ground and in cyberspace. High-quality video surveillance is a key tool for the industry but can invite its own set of vulnerabilities. Failure to manage a reliable video monitoring system and properly protect these IoT assets from cybersecurity hackers and other criminals risks loss of revenues, reputations, lives, and livelihoods. As a result, oil and gas cybersecurity is a hot topic.
One issue is the theft of crude (yes, the liquid stuff) using increasingly sophisticated methods. In Texas alone, the Houston-based Energy Security Council estimates that the industry is losing between 10 to 30 million barrels per year, which is a revenue loss of $450 million to nearly $1.5 billion. Last year the Texas state legislature enhanced the penalty for stealing petroleum products to a felony, by passing the “Oil Field Theft Bill.”
Criminals are also stealing equipment such as pipes, tools, valves, generators, and scrap metal as well as solar panels and batteries. The FBI-led Oilfield Theft Task Force in Midland, Texas, estimates that in the Permian Basin (the largest and most productive formation in the U.S.) theft of equipment totals between $200,000 and $300,000 a month.
The oil and gas sector is also a target for hackers looking to disrupt the industry for economic, political or vindictive reasons. Nearly half of all energy companies experience some kind of cybercrime each year, according to several surveys.
Unfortunately, the equipment that companies use to secure oil and gas operations is also subject to hackers. For example, the addition of even one IP-based camera or other Internet of Things (IoT) device at a remote site can expose an organization’s corporate network. Left unprotected, these devices are vulnerable end points that hackers can use to breach corporate networks, launch attacks on the public Internet or disrupt a video surveillance system.
According to “The State of Cybersecurity in the Oil & Gas Industry” report by the Ponemon Institute, 66 percent of the security pros surveyed said that while digitalization is benefitting energy companies, it also makes them more vulnerable to cyber risks. Nearly 70 percent of the respondents revealed at least one security issue over the past 12 months, resulting in loss of confidential data or disruption of operational technology (OT). Only 35 percent believe their OT cyber readiness is high.
In addition, once-isolated Industrial Control Systems (ICS) are now open to cyber threats as well. The cyber risk to ICS has increased dramatically over the last several years, according to 67 percent of the respondents, with 61 percent revealing that these systems are not adequately protected.
Energy Security Challenges: Cybersecurity, Network Demands, Harsh Environments
As security systems become more interconnected and IT-oriented, protecting them is increasingly complicated. For instance, many security pros do not have the budget, time, and expertise required to properly harden all video cameras and configure firewalls around camera networks. It often requires a detailed understanding of network operations and a labor-intensive process to fully secure the system.
Also, only 41 percent of the Ponemon Research respondents said they have 24×7 monitoring of all infrastructure. In fact, about half of all cyber attacks in the oil and gas OT environment are undetected.
Two solutions are cited as “very effective” in reducing cybersecurity risks, according to 62 percent of respondents: hardened endpoints and encryption of data in transfer. However, only about half plan to deploy either in the next year. Can they afford to take that risk?
Even when companies continuously monitor all operations, they are often forced to make risky video surveillance tradeoffs. For example, to save network bandwidth many organizations reduce the resolution and frame rate of megapixel video to move it back to a central data center. Ironically, this can render video surveillance unusable as evidence and obstruct efforts to leverage quality improvements in cameras and other IoT technologies.
This is a greater challenge when off-the-shelf servers and storage are used in harsh, isolated environments. Dust and dirt, extreme temperatures, and damp conditions cause management and reliability issues when devices are not ruggedized for the application.
Milestone and Razberi: Proactively Defending Critical Oil & Gas Infrastructure
Milestone Systems and Razberi have partnered to help security professionals ensure that the entire oil and gas ecosystem – from the edge to data center servers – is protected using an integrated solution. Combining the Razberi surveillance platform with Milestone XProtect® Corporate video management software (VMS) enables organizations to consistently manage their surveillance systems and guard their data with a unified user interface. Centralized system health and threat monitoring, analytics, and cybersecurity enable operators to benefit from the efficiencies that integration provides while ensuring network protection for Industrial Control Systems and operational technology.
Elements of a Cyber Hardened Surveillance and IoT Solution
Razberi’s line of surveillance appliances – including a ruggedized version – are highly reliable, secure, and network-optimized for megapixel quality. Organizations have the option to record centrally and/or at the network’s edge without compromising on quality and security.
For instance, companies with plenty of dark fiber can backhaul video to their data centers. For remote locations, they can deploy Razberi appliances in a distributed architecture near the network’s edge, which enables viewing from the XProtect VMS if an alert or incident occurs. Installing appliances in the field closer to IoT sensors such as cameras also improves megapixel video quality while reducing capital, bandwidth, and space costs. Video impact on the network can be decreased by up to 95 percent.
Razberi also provides oil and gas cybersecurity protections for central and regional operations to the field. The Razberi CameraDefense™ cybersecurity solution guards IP cameras and corporate networks from cyber attacks by automating and scaling industry best practice cyber protections. Integrated into Razberi appliances, the solution creates a surveillance platform that defends the camera infrastructure with automated camera hardening, a secure appliance architecture, and cyber threat monitoring. What normally takes hours of resource time and truck rolls can be done in a matter of minutes to harden an entire ecosystem.
If CameraDefense detects a cyber threat, Milestone VMS operators are notified and can take action. CameraDefense makes security policies – such as closing unused device ports, removing unneeded network services, and enforcing password complexity – easy to implement on tens, hundreds or thousands of surveillance cameras. These best practices are automated with an easy-to-use dashboard to identify vulnerabilities across a system.
If a violation occurs, CameraDefense generates an event and posts it in real time to the Milestone Alarm Manager. Events can also be routed via automated notification or other key actions using the customizable Milestone Rules and Events features.
For more information on oil and gas cybersecurity, visit: https://www.razberi.net/industries-applications/energyoil-gas/