The oil and gas industry is increasingly thinking about cybersecurity as a safety issue for industrial plants, officials with Honeywell told Rigzone on the sidelines of the IHS CERAWeek Conference this week in Houston.
Just a few years ago, cybersecurity was viewed as an expense and an intangible problem; that thinking is changing. Growing interest by the hacker community in industrial control systems has made them a target for cyberthreats.
“What you’re seeing in the public corporate sector is a rising number of and severity of attacks; we’re seeing the same type of things in the industrial environment,” said Jeff Zindel, global business leader Cyber Security at Honeywell Process Solutions (HPS), in an interview with Rigzone. Last year was a noisy year for cyberattacks against industry, with cyber-risks for a host of industries, including oil and gas, expected to keep growing.
The market for cybersecurity solutions for the industrial environment is nascent, but people are becoming more aware of the issues they face here and are starting to act. The lack of visibility into cyber-risks makes it difficult for oil and gas companies to answer the question of what risks they face and how to address them. Companies may do an annual site assessment on an annual basis, which provides a level of understanding on insight on a point basis.
“Security risks are evolving and changing by the minute, which makes the question of the cybersecurity threats a company faces difficult to answer,” said Zindel.
Greater automation and use of digital technologies in industrial sites such as production sites and refineries means that oil and gas companies face greater risk of cyberattacks. According to the findings of a study conducted by Ipsos Public Affairs in September 2014 for Honeywell, three-quarters of 5,000 adults in 10 countries feared that cyber criminals could hack into and control major sectors and elements of the economy. Two-thirds of those surveyed thought that the oil and gas, chemicals and power industries were particularly vulnerable to cyber attacks.
To give oil and gas companies more visibility into their cybersecurity posture and how to address risks, Honeywell released a new cybersecurity tool April 21 for industrial facilities in the upstream, midstream and downstream oil and gas industries, the Honeywell Industrial Cyber Security Risk Manager. Zindel said the Honeywell Industrial Cyber Security Risk Manager is aimed at helping customers proactively identify, monitor, measure and provide understanding about cyber-risks for industrial plants and environments.
The company applies Big Data capture and analytics and approaches with the company’s great depth of understanding for process control and technology, as well as industrial process control, Zindel told Rigzone. Unlike cyber IT solutions, which work in the corporate environment, Honeywell works in plants to provide protection, defenses, cybersecurity technology solutions and training, processes, policies and procedures needed for robust cybersecurity program.
Honeywell’s software program tracks and captures on a real-time basis data from across process control networks/systems looking at status and events. It then takes all of these data points and rolls them through hundreds of proprietary algorithms, to put massive amounts of data into simple, useable, easy-to-understand key performance indicators. Rolling all of the data points and risk indicators into one system and showing the level of risk by zone and the type of threat, said Zindel.
The technology available for industry cybersecurity is fantastic, but assumes the user has dedicated their life and career to cybersecurity alone, Eric Knapp, director of cyber security technology and solutions at HPS, told Rigzone. Typically, cybersecurity is one responsibility being added to a long list of responsibilities. Very few people in the world have industrial control expertise, cybersecurity expertise, and no other job responsibility other than security. Keeping track of cybersecurity threats is difficult, even for industries such as banks and health care organizations that have dedicated cybersecurity staff. Honeywell seeks to provide this insight for people who are not experts in cybersecurity.
Risk Manager monitors plant assets within and across all security zones of a plant, including third-party systems. Risk Manager’s interface allows users to protect against vulnerabilities and threats such as insecure network and system configurations, rogue devices, intrusion attempts, malware and other threats.