With more data and more sources of data, cybersecurity analytics in the oil and gas industry is rapidly becoming a big problem addressed by Big Data.
The growing amount of data associated with cybersecurity analysis involves multiple types of data. These sources include structured and unstructured data such as log files, instrumentation data and network data, as well as investments by companies in intrusion detection systems, prevention detection systems, firewalls, data loss prevention centers, servers, and database applications, all which generate a lot of data, said Rene Moreda, who oversees energy and utilities for the Americas at BAE Systems Applied Intelligence, in an interview with Rigzone. Cybersecurity analytics also involves combing through data sources such as email, video surveillance feeds, geospatial information, and physical security data from access readers and logs.
“There is more data and more formats of data speeding across enterprises today,” Moreda commented. “When you look at the Internet of Things and the need by companies to reduce costs and gain greater efficiencies through tools such as automation and wireless, the attack surface for oil and gas companies keeps getting bigger every day.”
Big Data can be viewed from a cyber and a productivity perspective. Companies in the oil and gas industry are still delving in to how to get the most from Big Data, and how are they making themselves vulnerable to cybersecurity. Security for the cloud business model is very different from when a company has physical control over a facility.
“There are additional layers of trust and risk you have to evaluate.”
To address the issue, companies will need an integrated architecture with security at the front end of the design.
Companies across the oil and gas spectrum, from upstream companies to pipelines to refineries, are looking for ways to detect and protect their businesses and assets. As more and more IP-capable sensors are eventually deployed within networks, BAE expects the volume, variety and velocity of data to keep growing.
“The Big Data approach to cyber efforts is way to develop a stronger security posture,” said Moreda. “By harnessing this rich data, companies can garner insights into their vulnerabilities before cyber-attackers do.”
While an exact estimate is not known, Moreda said the company each month is seeing billions of raw events – cyber events before data is analyzed – in its operation centers, and that emails that the company filters to detect cyber-threats involve terabyte and petabyte file sizes.
“The data they own is one of their greatest assets,” said John Cosby, solutions architect with BAE. “A lot of companies are jealously guarding the data science they do and treating it as very valuable intellectual property.”
The oil and gas industry’s history of using very large data sets to guide their exploration and production means that they have developed some very sophisticated models over the years. Companies are expected to continue working their way down the value chain to try and gain a market edge with the data they already have.
The fact that ICS/SCADA monitoring systems, which were previously detached from the network, are being connected to Internetworks, and Internet, unfortunately, for the security perspective, and their data is being captured in existing solutions, industry expert Thomas Quinlan told Rigzone.
While it may take longer than regular ‘Big Data’, Quinlan thinks that ICS data is definitely coming as another source of Big Data, most likely in 2016.
“People are very concerned about security – and rightly so – and are focusing there first. However, they’re soon going to want a data science perspective on all the information they didn’t previously have access to, once they can get around the different protocols and formats.”
OTHER CYBERSECURITY TRENDS IN 2015
Geoff Graham, who oversees mostly oil and gas activity at BAE, is seeing the convergence of physical and cybersecurity risks as companies introduction automation to link business and OT operations. Much of this convergence is very specific and targeted in places such as collaboration centers to allow for subject matter experts to impact operations in a centralized way.
“There are a lot of people starting to look at how to approach physical and cybersecurity risk from an integrated perspective,” said Graham. “You can have as much cybersecurity as you want to protect yourself in the digital realm, but if somebody can walk into your building and steal a laptop, it doesn’t matter.”
The attack surface for oil and gas companies also can be increased if someone brings a data-stick into an area and infects the system.
Until recently, many of the oil and gas companies that John Dickson, principal at San Antonio-based Denim Group, has worked with viewed security through the lens of physical security. He has seen companies struggling with the genuine challenge of cyber-related vulnerabilities and risk struggling to complete with physical safety and security issues inherent in oil and gas.
One example of a severe physical risk facing oil and gas companies is ISIS. A security scan of a company reveled many serious cyber-risks that significant time and resources were needed to address. However, the rise of ISIS-driven conflict in the Middle East meant that executives were solely focused on following ISIS’ march and whether their employees might be in harm’s way, Dickson said.
“ISIS was clearly a severe physical risk that warranted close attention, but leaving a host of cyber vulnerabilities unresolved was also a persistent danger for operations/IT dangers, such as stolen intellectual property, malware that could enter through these holes and erase hard drives. Unlike ISIS, which needed physical contact to harm employees, cyber vulnerabilities could be exploited by anyone with Internet access. Worse, they might be exploited for an undetermined time until management could focus away from the Middle East.
“The level of risk has risen to the point where cyber professionals/consultants in oil and gas always need to not just gather data, but present that data in a way that aligns and influences the total risk picture C-levels must watch.”
Ron Gula, CEO of Maryland-based Tenable Security, is seeing a shortage of cybersecurity personnel, not because of layoffs, but because there aren’t enough to go around. Gula sees this shortage not just for oil and gas, but across a number of industries. This shortage begins at the high school level, with not enough students interested in becoming computer forensics technicians. Local universities in Maryland such as Johns Hopkins University have capitalized on demand for these workers by offering degree programs in this area. But outside of this area, Silicon Valley and New York City, cybersecurity-related jobs aren’t in the vocabulary of the school systems.