Cybersecurity threats in the pipeline industry: strategies for protection and mitigation
Published by Isabel Stagg,
Editorial Assistant
World Pipelines,
Digital pirates are trying to blow up the oil infrastructure pipeline and are only a tick or tock away. However, the pipeline industry is a critical infrastructure sector and it is globally becoming a target for modern virtual threats, writes Saurabh Maral, Consegic Business Intelligence.
The use of the latest technologies such as SCADA (Supervisory Control and Data Acquisition) systems, IoT devices, and remote monitoring has substantially increased operational efficiency but at the same time, has extended the attack surface for cyber threats.
Cybersecurity threats in the pipeline industry
Advanced persistent threats (APTs)
In the pipeline sector, "APTs" stand as a considerable danger. These are the prolonged and targeted cyber-attacks with an intruder stealthily getting into a network and not being detected for quite a long time. APTs lead to severe disruptions that occur due to pipeline operations manipulation or the exfiltration of sensitive data. The invaders usually apply intricate tactics such as spear-phishing, zero-day exploits, and custom malware for trespassing systems. For instance, in 2012, Saudi Aramco faced the computer virus Shamoon, which attacked 30 000 computers and stopped the company's operations through it. Even though the primary target was IT, they were also able to show the vulnerabilities of operational technology (OT) systems.
Ransomware attacks
Ransomware attacks are a means of encrypting the data that is very important, and asking for ransom in return for the keys for decryption. For instance, the "Colonial Pipeline" has been under a ransomware attack, which has resulted in six days of stoppage of supply and has made an outcry about the issue of cybersecurity problem with the pipeline. This drew attention to the strengthening cybersecurity backend, including such measures as setting up robust backup systems, incident response plans, and staff training to deal with the problem of creating real-life situations using phishing attempts.
Supply chain attacks
Supply chain attacks are attacks that take advantage of the fact that there are weaknesses in third-party software and services used in pipeline operations. An attacker manipulates a legitimate package on a vulnerable system to infiltrate a critical one. Consequently, the same is used for spreading the malicious code among different organisations. For example, in distinguishable sectors, a SolarWind Attack that encompassed the gas, and electric industries, supposedly through a leak of the Orion update protocols, thus reiterating the importance of maintaining a reliable knowledge of the security of supply chains.
Strategies for protection and mitigation
Network segmentation
Network segmentation is the process of partitioning the network to create different independent segments that limit the cyber-attacks from spreading. As the case may be by separating IT from OT networks, enterprises can keep the chances of a cyber-breakage affecting vital pipeline control systems in check. Making use of firewalls and VLANs (Virtual Local Area Networks) splits the whole network into segments which ensures the safeguarding of more important data and control systems that are away from the rest of the network which is less secure. Utilise the intrusion detection systems (IDS) as well as the intrusion prevention systems (IPS) to supervise and guard segmented networks. Network segmentation policies should be reviewed periodically to confirm their effectiveness and compliance.
Multi-factor authentication (MFA)
MFA integrates an extra layer of security with the need to provide multiple means of confirmation before the users gain access to systems, hence reducing the possibility of such unauthorised activities. To enforce MFA on every remote point of entry and essential systems, including SCADA and ICS (Industrial Control Systems). Consegic Business Intelligence analyses that Industrial Control Systems Market size is estimated to reach over US$393.44 billion by 2031 from a value of US$196.77 billion in 2023 and is projected to grow by US$211.07 billion in 2024, growing at a CAGR of 9.0% from 2024 to 2031. Combining MFA with Single sign-on (SSO) solutions enables the IT department to manage access in one place. The authentication methods should be reviewed and updated regularly to keep pace with the new security threats.
Continuous monitoring and threat detection
Continuous HTTPS inspections of network traffic should be carried out as well to work together with system events monitoring to help identify anomalies that may be a sign of cyber threats in their earlier stages. AI and machine learning-based threat detection systems are widely used to quickly find and prevent the likelihood of attacks. Security Information and Event Management (SIEM) systems that are not only used but also enriched with AI-based anomaly detection tools can be made to monitor and analyse network traffic continuously. Utilising information from threat intelligence feeds keeps abreast of the latest cyber threats and vulnerabilities. Over and above regular security audits and penetration testing, cloud data storage is also subject to various types of risks and uncertainties.
Incident response planning
Having a good incident response plan is a guarantee that organisations can react as soon as possible to the cybersecurity incidents which in turn will reduce or at least minimise the damage and facilitate the recovery period. Developing a uniform incident response plan making regular updates, conducting the exact replication of threats during the practice, and ensuring that all workers follow the plan. Ensuring that the incident report includes clear communication channels and that the proper procedures for the escalation of the incident are followed. Work together with external cyber defence professionals and police officers to improve the emergency response situation.
Supply chain security
Securing the supply chain is a comprehensive initiative and it not only includes the avoiding but also the process of identifying the appropriate and authorised third-party vendors and enforcing the usage of stringent cybersecurity standards on the whole chain. Carrying out a completive vendor risk management programme, making vendors meet industry cybersecurity standards, and making security checks regularly. Legal agreements should explain security provisions and background checks of individuals who are key to the supply chain should be carried out.
Conclusion
The pipeline industry's use of advanced technologies, therefore, demands strong cybersecurity that makes it difficult for cyber attackers to target them. The operators of pipelines by the prerequisites of network segmentation, multi-factor authentication, constant monitoring, making regular patches, elaborating incident response planning, and paying a lot of attention to the good security of their supply chain can optimise their cybersecurity performance. To anticipate future cyber threats, the first step is to design a comprehensive strategy and act as the first line of defence.
Read the latest issue of World Pipelines magazine for pipeline news, project stories, industry insight and technical articles.
World Pipelines’ August 2024 issue
The August 2024 issue of World Pipelines includes a keynote section on pipeline project management, technical articles on inspection, condition assessment, servicing, and surface preparation. We also cover OT software, CO2 and hydrogen pipelines, and pipeline construction topics.
Read the article online at: https://www.worldpipelines.com/special-reports/28082024/cybersecurity-threats-in-the-pipeline-industry-strategies-for-protection-and-mitigation/
You might also like
Midstream demystified
Sanjay Patel, Managing Director, Tembo Global Industries Ltd., India, provides this overview of the evolution of oil and gas pipelines and the overall midstream sector over the course of the last few decades.