A digital revolution has taken place within the Oil and Gas industry where sensor and networking technologies and integrated control system frameworks now dominate the infrastructure of modern drilling environments. The obvious benefits of this revolution have been to deliver significant advances in the areas of increased safety and improved production. However, the less obvious consequences have been the creation of a whole range of cyber threats and vulnerabilities which in turn have increased the risk vector throughout upstream, midstream and downstream operations.
Today, according to industry sources, there has been an estimated rise of 250% in reported control system incidents over the last four years. A recent survey conducted by Tripwire (a leading global provider of endpoint detection and response, security and compliance solutions) revealed 77% of energy sector respondents had seen an increase in successful cyber attacks in the past 12 months. These attacks have not only grown in stature, but also in sophistication, making them much more difficult to detect and defend against.
Aboard today’s modern drilling rigs there is a very clear and present threat posed to production, safety and the wider environment. It is believed that less that 15% of operational platforms have had a specific cyber audit to ascertain their vulnerability to attack, with less than 10% undergoing a deeper sweep of systems and software to detect back doors, malware and other nefarious cyber hazards. A recent study conducted by DNV GL focusing on operations on the Norwegian Continental Shelf identified the following top ten cyber security vulnerabilities:
1. Lack of cyber security awareness and training among employees.
2. Remote work during operations and maintenance.
3. Using standard IT products with known vulnerabilities in the production environment.
4. A limited cyber security culture among vendors, suppliers and contractors.
5. Insufficient separation of data networks.
6. The use of mobile devices and storage units including smartphones.
7. Data networks between on and offshore facilities.
8. Insufficient physical security of data rooms, cabinets, etc.
9. Vulnerable software.
10. Outdated and ageing control systems in facilities.
In response to this hazardous new environment ADC Cybersecurity Services offer clients a comprehensive and unique 6 point Cyber Security Audit designed to effectively expose and mitigate this new and unfamiliar category of risk:
ADC CYBER SECURITY AUDIT INCLUDES:
1. RISK ASSESSMENT OF SECURITY POLICIES
2. SYSTEM VULNERABILITY ASSESSMENT
3. DATA ACCESS SECURITY AUDIT
4. NETWORK HEALTH STATUS INSPECTION
5. ASSESSMENT OF THIRD PARTY ACCESS
6. SOFTWARE CHECK
ADC Cyber Inspection teams consist of professionals drawn from the global cyber community and as such are able to apply a unique holistic approach to their inspections, particularly essential when dealing with ‘cyber warriors’ and hackers. Our teams identify and categorise the differing levels of risk found and can provide effective management protocols to respond to, and recover from, present and future cyber events.
FOR MORE INFORMATION ABOUT ADC'S CYBERSECURITY SERVICES COMPLETE OUR ONLINE ENQUIRY FORM HERE