July 18, 2016
The oil and gas industry might want to keep its operations shut off from the outside world because of ever-escalating concerns about cybersecurity, especially for such critical infrastructures. But the gains of connected assets are just too vital to ignore; optimization of enterprises is the key motivator and remote access is an important consideration. Chevron maintains that its critical systems are air gapped, but just about any discussion around cybersecurity these days includes the point that isolating your operations 100 percent is nigh impossible (you might want to check that new printer that was just installed to see if you need to disable its web connection).
The inevitability of transferring data from an industrial automation and control system (IACS) to the outside world—and the importance of keeping that data, network and core environment secure—has led the Linking Oil and Gas Industry to Improve Cybersecurity (LOGIIC) to commission a report detailing the factors that should be considered with real-time data transfer (RTDT) products.
It’s no secret that legacy control systems were not built with cybersecurity in mind. Automation vendors have been making progress over the past few years, advising clients on how best to secure their networks through strong defense-in-depth practices. More recently, some of them have even begun to talk more about making their industrial automation and control systems secure by design. There is still room for improvement, however, and plenty that oil and gas companies need to be concerned about to protect their security.