Hany Fouda, SVP, Process Automation, Industrial Automation Business, Schneider Electric, goes over the challenges of cybersecurity in Remote Terminal Units (RTU) in oil and gas, highlighting new and existing solutions.
We are in an era marked by geopolitical tensions, economic volatility, and rapid technological change. It’s therefore no surprise that oil and gas operators are juggling multiple challenges, including, and by far not the least, how to embrace digital transformation amid rising cybersecurity risks.
Driven by geopolitical turmoil, hostile nation states and easier access to increasingly sophisticated AI technology, meaning even amateur hackers can become perpetrators, cybersecurity risks are palpable.
Between 2022 and 2024, reported incidents in critical infrastructure rose by 668%, according to data from the European Repository of Cyber Incidents. In oil and gas, one of the most high-profile ransomware attacks was Colonial Pipeline, which brought one of the largest and most vital pipelines in the US to a standstill, causing disruptions of Gasoline supplies and panic buying.
National cyber agencies are also raising the alarm. In March, the UK’s cyber chief warned the threat to the nation’s most critical infrastructure is ‘enduring and significant’, following a similar warning by the US government.
No wonder oil and gas operators are nervous about forging ahead with digital transformation. On the one hand they know that in the current complex landscape they need the agility, cost savings and operational efficiency that digitisation delivers. But, on the other, they must walk the tightrope of safety, security and compliance with national cybersecurity regulations alongside this innovation.
Modern technology, new threats
Modern Remote Terminal Unit (RTU) technology, for example, offers, among other things, enhanced operational efficiency, considerable time and monetary savings, and smarter and safer monitoring and control of remote operations. Replacing 30 year old legacy technology with modern RTUs means security and regulatory compliance can be managed remotely, mitigating the need to send engineers on expensive round trips to remote locations to manually update passwords. Money is saved and security is more quickly maintained. But it must also be acknowledged that if these devices lack robust security measures, they themselves create new threat vectors for hostile actors.
This raises the question; how to undergo digital transformation faster to harness operational efficiencies and innovation, while maintaining security, tight oversight, and control over processes?
Solutions and technologies are needed to effectively bridge this gap between these two imperatives. This is what we at Schneider Electric are focused on. We have built our pipeline process automation solutions with cutting edge technologies and open innovation, backed by integrated security and the trust and resilience of technology proven over many years. One need does not require a compromise over the other.
RTUs now and for the future
Central to this is building RTU technology that simplifies cybersecurity management and provision without hindering future technological adoption. This can be achieved with inbuilt cybersecurity provisions that include integrated firewall and DNP3 Protocol secure authentication support to deliver a secure, end to end, technology stack.
Furthermore, Operational Technology (OT) systems can leverage Information Technology (IT) tools to help secure infrastructure like pipelines.
This way, operators don’t need to purchase and apply third-party, external firewalls and layers of security to wrap around the RTU, which can be complex. Instead, the RTU technology is cost effective, easy to roll out, and requires less training and overall management.
But, as well as making technology for today, it’s crucial to future proof these assets that historically are only upgraded in decade-long life cycles. Companies should have access to cutting-edge applications when they are ready for them, rather than waiting for the next upgrade cycle.
This kind of flexibility and security can be found in the newest release of our flagship rugged RTU technology, the SCADAPack 470i and 474i, which offers Edge computing, AI, analytics, flexible data logging and processing for remote operations. It’s cost effective, easy to roll out, and requires minimal training and overall device management by users; our answer to future proofing Schneider RTUs purchased today.
It can be used with directory services, such as Active Directory, and incorporates the ability to restrict access to users with OT network accounts using role-based access control (RBAC). A key extension to this ability is the restriction of user access within the RTU itself. This way, only the functions required by a user to do their job are made available when they are interacting with the SCADAPack 470i and 474i. For example, a technician could be authorised to view the status of the RTU’s flow calculations, but not to modify the logic application being used by the RTU. Using RBAC to manage accounts at an OT network level has major advantages over managing accounts on a device-by-device basis. Changing access credentials creates significant risk. Updating a password or account device-by-device cannot be sustained at scale.
Using Privileged Access Management (PAM) tools, such as CyberArk, with the SCADAPack 470i and 474i allow OT network administrators to control access on a device-by-device and service-by-service basis using centrally managed device accounts. In this case, an operator could request access to a specific site and receive temporary credentials to the RTU specific to the site. When the work is complete, the PAM updates the credentials on the specific device restricting access until a future request is submitted.
Syslog, supported by the SCADAPack 470i and 474i, is a standard approach used to log events on a computing device, like failed login attempts. This enables an OT network administrator to quickly detect anomalies such as unexpected configuration changes or potential security breaches, allowing for a timely response. Syslog also provides a comprehensive audit trail of activities; essential for forensic analysis, compliance with regulations, and understanding the sequence of events leading up to a security incident.
To access the full version of this article and get a free trial subscription to World Pipelines, sign up here!