As Oil & Gas facilities become increasingly reliant on networked industrial control systems (ICS) to manage production, the security of these systems and communication between them is becoming ever more critical. Typically, however, ICS are not designed or developed with cyber security in mind, leaving the responsibility to integrators and end-users to take sufficient additional protective measures. The long life-times of ICS technology, the frequent reliance on third parties for maintenance and support, and the complex dependencies between production and enterprise networks make security in this environment a serious challenge.
The politically sensitive nature of Oil & Gas makes the industry a frequent target of politically motivated actors such as nation states and hacktivists. The high values involved in the industry’s production gives financially motivated actors such as cyber criminals leverage to attempt e.g. blackmail. Attackers are increasingly capable of using advanced techniques to penetrate not just enterprise environments, but also to compromise and disrupt production systems.
We’ve learned that the complexity of securing Oil & Gas environments and the growing threat from more and more advanced attackers has made a defense-in-depth approach essential, combining actionable intelligence with advanced prevention, detection and response. Only by combining specialized technology to isolate and secure critical (production) environments with detection and quick reaction to breaches, can the impact of cyber attacks be minimized. Our work with oil and gas companies includes helping them gain insights into their threat landscape as well as providing them with actionable intelligence, managed monitoring solutions and advice on their overall security posture. We also provide specialized technology to secure (data-)communications and to improve cyber security defenses.