The protection of critical national infrastructure has long been a serious concern to governments in this region, but an all-encompassing approach means achieving this is no longer limited to physical security. The widespread use of interconnected networks and control systems in national oil, gas, power, water and electricity sectors, means there is now a very real and growing need to enhance cyber security, highlighted by an ever increasing number of international attacks.
Indeed, as a region responsible for much of the world’s energy, GCC countries are placing cyber defence as one of their priority areas for development. Saudi Arabia has plans to spend $3.3Bn on oil and gas infrastructure security and Qatar, Oman, Kuwait and the UAE are set to follow suit over the coming years.
“The cyber security threat to energy installations is surprisingly widespread, running across utilities and distribution networks to generation, refining, and even drilling and exploration. Most security professionals now say that if you think you have not had your security breached then you just haven’t detected it,” says Professor Paul Dorey, director at CSO Confidential.
#NIST SP 800-53 #NERC #CIP #CyberSecurity #ISO27002 #IEC27002 #ISO27001 #IEC27002 #NIST #ISA62443 #IEC62443 #ISA99 #IACS #iFluids #InfoSec #NetworkSecurity #ICS #Automation #ControlSystem #GIACS #PEBC #Protection #Endpoint #Firewall #Routers #Switch #ISO31000 #DMZ #Layer3.5
Monthly newsletter of International Council of Security and Safety Management.
The ICISSM web-site (http://sbtyagi.wix.com/icissm), the ICISSM Goggle group (https://groups.google.com/forum/?fromgroups#!forum/icissm), and the ICISSM LinkedIn Group (http://www.linkedin.com/groups?home=&gid=4413505&trk=anet_ug_hm)
Preparing today for tomorrow’s threats.
When companies hear the word “security,” what concepts come to mind
— safety, protection or perhaps comfort? To the average IT administrator,
security conjures up images of locked-down networks and virus-free devices.
An attacker, state-sponsored agent or hactivist, meanwhile, may view security
as a way to demonstrate expertise by infiltrating and bringing down corporate
or government networks for profit, military goals, political gain — or even fun.
We live in a world in which cybercrime is on the rise. A quick scan of the
timeline of major incidents (See Figure 1, Page 9) shows the increasing
frequency and severity of security breaches — a pattern that is likely
to continue for years to come. Few if any organizations are safe from
cybercriminals, to say nothing of national security. In fact, experts even
exposed authentication and encryption vulnerabilities in the U.S. Federal
Aviation Administration’s new state-of-the-art multibillion-dollar air
traffic control system
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
Cyber is a real threat and we can not keep our eyes shut to the same. Most of the countries surrounding us are involved in cyberwar covertly and we need to take steps to counter the same at the earliest.
Monthly newsletter of International Council of Security and Safety Management.
The ICISSM web-site (http://sbtyagi.wix.com/icissm), the ICISSM Goggle group (https://groups.google.com/forum/?fromgroups#!forum/icissm), and the ICISSM LinkedIn Group (http://www.linkedin.com/groups?home=&gid=4413505&trk=anet_ug_hm)
Preparing today for tomorrow’s threats.
When companies hear the word “security,” what concepts come to mind
— safety, protection or perhaps comfort? To the average IT administrator,
security conjures up images of locked-down networks and virus-free devices.
An attacker, state-sponsored agent or hactivist, meanwhile, may view security
as a way to demonstrate expertise by infiltrating and bringing down corporate
or government networks for profit, military goals, political gain — or even fun.
We live in a world in which cybercrime is on the rise. A quick scan of the
timeline of major incidents (See Figure 1, Page 9) shows the increasing
frequency and severity of security breaches — a pattern that is likely
to continue for years to come. Few if any organizations are safe from
cybercriminals, to say nothing of national security. In fact, experts even
exposed authentication and encryption vulnerabilities in the U.S. Federal
Aviation Administration’s new state-of-the-art multibillion-dollar air
traffic control system
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYTalwant Singh
Cyber is a real threat and we can not keep our eyes shut to the same. Most of the countries surrounding us are involved in cyberwar covertly and we need to take steps to counter the same at the earliest.
Cyberspace is rapidly transforming our lives – how we live, interact, govern and create value. With the JAM (Jan Dhan, Aadhaar and Mobile) trinity, India is at the forefront of global digital transformation. “Digital India” is being hailed as the world's largest technology led programme of its kind.
While internet, smartphones and modern information and
communication devices have been great force multipliers, endless connectivity and proliferation of IoT devices is giving rise to vulnerabilities, risks and concerns. Cyber security is today ranked among top threats by governments and corporates. Heightened concerns about data security and privacy have resulted in a spate of regulations in India and across the world. India is in the process of discussing and enacting its own comprehensive data security and privacy regulation, as well as vertical specific ones. Cyber security is an ecosystem where laws, organisations, skills, cooperation and
technical implementation would need to be in harmony to be
effective.
Overall, a robust regulatory framework based on global and
country-specific regulations, development of a holistic cyber
security eco-system (academia and industry as well as
entrepreneurial) and a coordinated global approach through
proactive cyber diplomacy would help to secure cyber space and promote confidence and trust of key stakeholders including
citizens, businesses, political and security leaders.
CII has been actively working in the cyber security space. The CII Task Force on Public Private Partnership for Security of the Cyber Space has been set up to bring about improvements in the legal framework to strengthen and maintain a safe cyberspace ecosystem by capacity building through education and training programmes. We would facilitate collaboration and cooperation between Government and Industry in the area of cyber security in general and protection of critical information infrastructure in particular, covering cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of best practices.
Companies spend millions of dollars on firewalls, encryption and secure access devices, and it's money wasted; none of these measures address the weakest link in the security chain.
~ Kevin Mitnick
Digital businesses are difficult to launch and run even without the challenge of security. And yet, digital business strategies are also being used by hackers to systematically go after lucrative targets. Following up on our release of the 2015 NTT Group Global Threat Intelligence Report, this executive summary highlights key findings from the report that affect today’s digital businesses.
Booz Allen Hamilton focuses on defining the vulnerabilities
further and identifying the potential mobile security exploits that could harm or damage a business. This article covers Booz Allen's approach to helping organizations develop a secure and effective mobile application security program.
A STUDY ON CYBER SECURITY AND ITS RISKS K. JeniferAM Publications
Cyber security is a basic term used nowadays by each and everyone in the world. It is appropriate to know about cyber security as everything became digitized in our day-today life, because digital world is the place where cyber crimes emerge. Securing the information has become one of the biggest challenges in the present day. Various measures are taken in order to prevent these cyber crimes, though cyber security is still a very big concern. In this paper I have made a study on cyber security, how far cyber crimes are increasing and what are the threats we should be aware of.
The emergence of cloud computing has changed perception of all regarding software delivery, development models and infrastructure. Cloud computing has a potential of providing elastic, easily manageable, powerful and cost-effective solutions. The rapid transition to cloud computing has fueled concerns on the security issues. The migration of the user’s data and applications in a shared environment of a cloud, where there is a collocation of several users increases security related concerns. Several research efforts have been made in evaluating challenges related to security faced by the cloud computing environments, a number of solutions of such problems have also been proposed. Integrated security solutions should be devised to deal with the increasing security risks. In this paper, a detailed cloud computing survey, key services and concepts are being presented. This paper attempts to evaluate various security threats to cloud computing and a number of security solutions have also been discussed. Furthermore, a brief view of the cloud security regulatory bodies and compliance have also been presented. Despite the research efforts in cloud security field, there are still some open research problems and challenges which are discussed in this paper.
Cyberspace is rapidly transforming our lives – how we live, interact, govern and create value. With the JAM (Jan Dhan, Aadhaar and Mobile) trinity, India is at the forefront of global digital transformation. “Digital India” is being hailed as the world's largest technology led programme of its kind.
While internet, smartphones and modern information and
communication devices have been great force multipliers, endless connectivity and proliferation of IoT devices is giving rise to vulnerabilities, risks and concerns. Cyber security is today ranked among top threats by governments and corporates. Heightened concerns about data security and privacy have resulted in a spate of regulations in India and across the world. India is in the process of discussing and enacting its own comprehensive data security and privacy regulation, as well as vertical specific ones. Cyber security is an ecosystem where laws, organisations, skills, cooperation and
technical implementation would need to be in harmony to be
effective.
Overall, a robust regulatory framework based on global and
country-specific regulations, development of a holistic cyber
security eco-system (academia and industry as well as
entrepreneurial) and a coordinated global approach through
proactive cyber diplomacy would help to secure cyber space and promote confidence and trust of key stakeholders including
citizens, businesses, political and security leaders.
CII has been actively working in the cyber security space. The CII Task Force on Public Private Partnership for Security of the Cyber Space has been set up to bring about improvements in the legal framework to strengthen and maintain a safe cyberspace ecosystem by capacity building through education and training programmes. We would facilitate collaboration and cooperation between Government and Industry in the area of cyber security in general and protection of critical information infrastructure in particular, covering cyber threats, vulnerabilities, breaches, potential protective measures, and adoption of best practices.
Companies spend millions of dollars on firewalls, encryption and secure access devices, and it's money wasted; none of these measures address the weakest link in the security chain.
~ Kevin Mitnick
Digital businesses are difficult to launch and run even without the challenge of security. And yet, digital business strategies are also being used by hackers to systematically go after lucrative targets. Following up on our release of the 2015 NTT Group Global Threat Intelligence Report, this executive summary highlights key findings from the report that affect today’s digital businesses.
Booz Allen Hamilton focuses on defining the vulnerabilities
further and identifying the potential mobile security exploits that could harm or damage a business. This article covers Booz Allen's approach to helping organizations develop a secure and effective mobile application security program.
A STUDY ON CYBER SECURITY AND ITS RISKS K. JeniferAM Publications
Cyber security is a basic term used nowadays by each and everyone in the world. It is appropriate to know about cyber security as everything became digitized in our day-today life, because digital world is the place where cyber crimes emerge. Securing the information has become one of the biggest challenges in the present day. Various measures are taken in order to prevent these cyber crimes, though cyber security is still a very big concern. In this paper I have made a study on cyber security, how far cyber crimes are increasing and what are the threats we should be aware of.
The emergence of cloud computing has changed perception of all regarding software delivery, development models and infrastructure. Cloud computing has a potential of providing elastic, easily manageable, powerful and cost-effective solutions. The rapid transition to cloud computing has fueled concerns on the security issues. The migration of the user’s data and applications in a shared environment of a cloud, where there is a collocation of several users increases security related concerns. Several research efforts have been made in evaluating challenges related to security faced by the cloud computing environments, a number of solutions of such problems have also been proposed. Integrated security solutions should be devised to deal with the increasing security risks. In this paper, a detailed cloud computing survey, key services and concepts are being presented. This paper attempts to evaluate various security threats to cloud computing and a number of security solutions have also been discussed. Furthermore, a brief view of the cloud security regulatory bodies and compliance have also been presented. Despite the research efforts in cloud security field, there are still some open research problems and challenges which are discussed in this paper.
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
In the past few years, a new approach to cybersecurity has emerged, based on the analysis of data on successful attacks. In this approach, continuous diagnostics and mitigation replace the reactive network security methods used in the past. The approach combines continuous monitoring of network health with relatively straightforward mitigation strategies. The strategies used in this approach reduce the opportunities for attack and force attackers to develop more sophisticated (and expensive) techniques or to give up on the target. In combination, continuous monitoring and mitigation strategies provide the basis for better cybersecurity.
Governments, military, organizations, financial institutions, universities and other businesses collected, process and store a large amount of confidential information and data on computers and transmit that data over networks to other computers. With the continuous rapid growth of volume and sophistication of cyberattacks, quick attempts are required to secure sensitive business and personal information, as well as to protect national security. The paper details about the nature of cyberspace and shows how the internet is unsecure to transmit the confidential and financial information. We demonstrate that hacking is now common and harmful for global economy and security and presented the various methods of cyber attacks in India and worldwide. M. Swetha | L. Prabha | S. Rajadharani "Cyber Security Intelligence" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29261.pdf Paper URL: https://www.ijtsrd.com/computer-science/computer-security/29261/cyber-security-intelligence/m-swetha
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Booz Allen Hamilton
Holistic Cyber Risk Management Programs in the Financial Industry Must "Predict and Prevent" in Today's Complex Threat Environment, says new White Paper.
Protecting the Oil and Gas Industry from Email ThreatsOPSWAT
Due to the high value of its supply chain, commodities, transactions, and intellectual property, the oil and gas industry is an ideal target for socially-engineered email attacks. Oil producers, brokers, and transporters must learn how to use preventative measures to mitigate the risks of falling prey to a spear phishing attack.
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INFORMATION SYSTEMS 1
Security and safety of the power grid and its related computer information systems
Name of the student:
Name of the institution:
There have been increased use and application of information and communication technologies in most of critical infrastructures and departments of the government. They have proved to be fundamentally significant in helping the various departments to carry out their daily activities with a lot of ease and proficiency. However, these systems have also opened quite a considerable unforeseen opportunity both positive and negative. The infrastructures have become highly efficient and flexible and this has been very beneficial to the people. On the other hand, there have been persistent problems with cybercrimes and hackers who have outsmarted the government and the set securities protocols every now and then. This has made the state lose billions of dollars in a theft of its secrets and high-level information. In this case, it is right to analyze all the general impacts that can be put in place to prevent cybercrimes as well as threats. It is hence important to validate all the necessary measures that need to be put in place in every organization. The paper will hence give recommendations that can help the named organization solve the issues mentioned.
To address this issue, proper precautions needs to be put in place. The government has to demonstrate preparedness in combating this crime both in terms of systems put in place and also the legal jurisprudence (Higgins, 2016). The US power grid system is an interconnected system that is made up of power generation, transmissions software, and its distribution with a capacity to bring down the whole economy if not well protected. The nation's department of defense (DoD) is one of the most critical and sensitive institutions that can paralyze the state if tampered with by unscrupulous individuals. The situation is even worse if there is an advanced persistent threat (APT) against computers and software that operates the western interconnection power grid. This needs an urgent measure to remove the threat immediately and avoid its reoccurrence. We recommend the following security and safety of the power grid and its related computer information systems are taken by the concerned departments:
a. Creation of a special branch that is specifically dedicated to cyber security
It is high time for the government to come up with a special branch of the military personnel that will be dedicated to fighting cybercrimes (Higgins, 2016). Its main function will be to detect cybercrime activities, to develop mechanisms to prevent cybercrimes, apprehend, arrest and align cyber criminals in a court of law.
b. Creation of special court to determine cybercrime cases
Security and safety of the power grid and its related computer information systems and those crimes associated w.
On the surface the two issues of cybersecurity as well as climate change could not be more different. Although both are significant security threats that pose real-world risk but they're typically dealt with by organizations as distinct problems, with "climate change" rarely discussed within IT executives and security teams.
But they are actual threats likely to increase in the near future However, they are more closely linked than you may believe. Actually there are specialists consider climate change to be the largest security risk that humanity is confronted with.
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxRAHUL126667
Bulletin
of the
Atomic
Scientists
IT IS 5 MINUTES TO MIDNIGHT
®
Feature
Eyes wide shut: The growing
threat of cyber attacks on
industrial control systems
Joel F. Brenner
Abstract
When industrial control systems are connected to the Internet, they can be vulnerable to cyber attacks. At risk
are energy sources and electric grids, water and sewer systems, manufacturing, banks, transportation and
communication networks, and other systems that may be targeted by hackers, terrorists, or enemy states
seeking to wreak economic havoc. Despite a series of well-publicized cyber attacks in recent years, few
companies have taken the steps necessary to isolate industrial control systems and sensitive information,
and to limit the damage an attack can inflict. Security is not just a matter of dealing with technical issues, which
are fairly straightforward and tactical. The strategic issue is governance: coordinating the efforts of various
departments to ensure that information technology works together with physical security, legal counsel,
human resources, and operations management.
Keywords
cyber attack, cyber security, denial of service, industrial control systems, Maroochy Shire, RasGas, Saudi
Aramco, Stuxnet
T
hirteen years ago, a disgruntled
sewer system operator in Maroochy
Shire, Australia, filled his car with a
laptop and radio equipment apparently
stolen from his employer and drove
around giving radio commands to the
pumps and valves that controlled the
local sewers. Pumping stations went hay-
wire. Raw sewage poured into local
waterways. Creek water turned black,
fish died, and the stench was appalling
(Brenner, 2011). This was an early warning
of the danger inherent in connecting
industrial control systems to the Internet,
but Maroochy Shire was far away, and
very few people were paying attention.
Nasty things that start on the other
side of the world have a way of ending
up on oneÕs own doorstep, however, and
the vulnerability to electronic mayhem of
control systems that run railway switches,
air traffic control systems, manufacturing,
financial systems, and electric grids is
now an endemic condition. In Brazil, a
cyber attack in 2007 plunged more than
three million people into total darkness
and knocked the worldÕs largest iron
ore producer offline, costing that one
Bulletin of the Atomic Scientists
69(5) 15–20
! The Author(s) 2013
Reprints and permissions:
sagepub.co.uk/journalsPermissions.nav
DOI: 10.1177/0096340213501372
http://thebulletin.sagepub.com
company alone about $7 million (CBS
News, 2009).1
The worldÕs superpower is not invin-
cible either. Today the North American
electric grid is being attacked fer-
ociously and oftenÑsometimes by intru-
ders so skillful that government help is
needed to fend them off. Municipal water
and sewer systems are also vulnerable.
Even the US military recently warned
that it canÕt guarantee its own operations
under a sophisticated cyber attack, and
that US allies are in the same posit ...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
The Biggest Cyber and Physical Security Threats to Critical Infrastructure by Fas Mosleh, ex-HP, ex-IBM, ex-Broadcom. Discusses how critical infrastructure can be compromised by physical and security threats. Critical infrastructure refers to the systems, facilities, and networks that are essential to the functioning of a society and its economy. These are the assets that, if damaged or disrupted, could have a significant impact on public health and safety, economic security, and national security. Social engineering: This involves manipulating people into divulging sensitive information or taking actions that compromise security. Phishing is a primary example of such manipulation and is still one of the most prevalent types of attack. According to the 2021 Data Breach Investigations Report by Verizon, phishing was involved in 36% of all data breaches, making it the top threat action in the report. Phishing attacks are also becoming increasingly sophisticated and targeted, with attackers using social engineering tactics to trick victims into divulging sensitive information or downloading malware. This can include impersonating trusted individuals or organizations, creating convincing fake websites or emails, and using urgent or threatening language to pressure victims into taking action.
According to the 2021 State of the Phish Report by Proofpoint, 75% of organizations surveyed reported being targeted by phishing attacks in 2020, and 59% of those attacks were successful in compromising at least one user account or system. The report also found that COVID-19 related phishing attacks were particularly prevalent in 2020, taking advantage of the pandemic to trick victims into providing personal information or downloading malware.
5. Distributed denial of service (DDoS) attacks: These attacks flood a system with traffic, overwhelming it and causing it to crash or become unavailable.
6. Advanced persistent threats (APTs): APTs are sophisticated, long-term attacks that target specific organizations and can involve multiple stages of infiltration and exfiltration.
According to the 2023 CrowdStrike Global Threat Report, An uptick in social engineering tactics targeting human interactions – Tactics such as vishing direct victims to download malware and SIM swapping to circumvent multi-factor authentication (MFA).
Get yourself trained or Certified for IEC 62443 and other trainings.pdfJohn Kingsley
An informative Online Tech-Talk#3 session to "discover cost-effective ways of enhancing your OT/ICS cybersecurity skills and how to get yourself trained, certified for IEC62443 certification with John Kingsley" held on 8th April 2023 at 6:00 PM IST*
Learn how to achieve this without spending a fortune!
✳ What is the difference between training, certificate and certification
✳ What are the accredited trainings available for IEC 62443
✳ What are the accredited trainings available for OT/ICS cyber security
✳ What are the trainings available for OT/ICS cyber security
✳ Trainings you never knew existed 😮 😱
✳ Maximum value for your money 💲 💰
✳ Shortlisted based on value, cost, coverage, concepts 🎯
✳ Affordable trainings available for OT/ICS cyber security 🛠 🏭
✳ OT trainings PLC, SCADA, Industrial communication protocols 📡
✳ Further Reading on OT/ICS cyber security 📖 📚
All the presentation material for this sessions are available in below links!!
Affordable OT ICS Cybersecurity and other OT Trainings
https://lnkd.in/gfZMfacB
Get yourself trained or Certified for IEC 62443 and other trainings
https://lnkd.in/gnsQkKFs?
So you want to be an OT (ICS)Cybersecurity Engineer
https://lnkd.in/gN4X5FkR
OT Security Professionals TechTalk3 - Discover the Path to OT Security by John Kingsley
Your jumpstart guide on how to get yourself trained, certified for IEC 62443 and OT/ICS Cybersecurity trainings available.
✳ What is the difference between training, certificate and certification
✳ What are the accredited trainings available for IEC 62443
✳ What are the accredited trainings available for OT/ICS cyber security
✳ What are the trainings available for OT/ICS cyber security
✳ Further Reading on OT/ICS cyber security
SANS Institute Abhisam Software Industrial Control System Cyber Security Institute LLC GIAC Certifications International Society of Automation (ISA) exida TÜV Rheinland Group TÜV SÜD Justin Searle CertX Infosec UL Solutions Joel Langill Fedco International Pedro Wirya
#cybersecurity #otcybersecurity #automation #industrialsecurity #networksecurity #security #safety #iec62443 #training #ISA #ISABangalore #ISAsafesec #safesec #Safesecdivision #securityprofessionals #scadahacker #infosec ISA SAFETY AND SECURITY DIVISION ISA BANGALORE OT-ICS/SCADA SECURITY PROFESSIONALS Puneet Tambi Manjunath Hiregange Shiv Kataria Shamikkumar Dave Thilak A Vineet Madan Prabh Nair Infosec Train
-------------------------------------------------------------------
For more such thoughtful content, like, share and follow me to receive notifications and updates!
MODIFICATION OF EXISTING FACILITIES FOR 20% ETHANOL BLENDINGJohn Kingsley
MODIFICATION OF EXISTING FACILITIES FOR 20% ETHANOL BLENDING
Government of India (GoI) is proposed to develop infrastructure and storage facilities for 20% Ethanol dosing with MS as Gasoline, in addition to existing 10% Ethanol dosing with MS as Gasoline.
To achieve this there may be modification required in exciting facilities of terminal/depots.
We M/s. iFluids Engineering is leading Design Engineering consultant in India, shall study the existing facilities like storage tanks, unloading & loading piping and Pumps systems. Based on the study we will recommend Economical/Practically possible modifications that required in the facility to maintain 20% Ethanol dosing.
Reliability, availability, maintainability (RAM) study, on reciprocating comp...John Kingsley
What is needed to perform a RAM Study and more details #RAM #Training #iFluids #RAMstudy
.
To know more, on How iFluids can help you operate & maintain Safe and Reliable plant Contact us Today --> info@ifluids.com
For any training enquiries, contact us today --> training@ifluids.com
Introduction to oil and gas exploration and processingJohn Kingsley
This is a comprehensive presentation designed to give an overview and to introduce oil & gas operations.
Following are the contents of the presentation :
a) How Oil & Gas were formed ?
b) How are Oil and Gas deposits located ?
c) Economics of Exploration operations.
d) Definition of Oil Reserves.
e) Drilling & Production Process - How are they safely and efficiently extracted for onward processing without creating detrimental environmental impacts ?
f) History of “Off-shore Oil & Gas Exploration”.
g) Different types of “Off-shore Production facilities”.
h) Characteristics of Crude oil.
i) Oil & Gas Industry – Overall Block diagram.
j) Separation of Oil, Gas and Water.
k) Gas treatment and Export.
l) Oil treatment and Export.
m) Water treatment and disposal.
n) Pipeline transportation basics.
Know more about iFluids Engineering --> visit www.iFluids.com
IFLUIDS Engineering with its creativity, innovative and trailblazing techniques has produced proven design & drafting engineering methodologies. Our design & drafting services that provides tangible direction acquired through strategic planning & development, with conceptual and preliminary architectural, civil & structural, mechanical, piping , electrical engineering design, procurement, management consulting and infrastructure planning. Our unique innovation design process provides the framework for our innovation delivery that contributes to the tangible sign of the respect for the environment through our Engineering services to Infrastructure, Petrochemical, Oil & Gas and Energy Sectors.
Our Services
• Plant Engineering
• Architectural
• MEP Solutions
• Civil & Structural
• BIM Solutions
• Mechanical Design
• Design Automation
• Product Design
• Reverse Engineering
• Process Management
Multi-disciplinary Engineering and Drafting design including analysis simulation etc.
IFLUIDS Engineering with its creativity, innovative and trailblazing techniques has produced proven design & drafting engineering methodologies. Our design & drafting services that provides tangible direction acquired through strategic planning & development, with conceptual and preliminary architectural, civil & structural, mechanical, piping , electrical engineering design, procurement, management consulting and infrastructure planning. Our unique innovation design process provides the framework for our innovation delivery that contributes to the tangible sign of the respect for the environment through our Engineering services to Infrastructure, Petrochemical, Oil & Gas and Energy Sectors.
Our Services
• Plant Engineering
• Architectural
• MEP Solutions
• Civil & Structural
• BIM Solutions
• Mechanical Design
• Design Automation
• Product Design
• Reverse Engineering
• Process Management
Engineering Design and consultancy Services including Cybersecurity, Risk MAnagement, Project and Procurement Management Support
Hazop Training - Intermediate Level Course iFluidsJohn Kingsley
The Fundamentals of HAZOP Study
A hazard and operability study (HAZOP) is a structured and systematic examination of a complex planned or existing process or operation in order to identify and evaluate problems that may represent risks to personnel or equipment. In this online training, you will be learning The Fundamentals of HAZOP Study.
What you will learn
HAZOP Study Stands for Hazard and Operability Study. Hazop is the structured brainstorming technique to identify Hazards involved in a chemical process plant. It is an important Industrial Safety tool. HAZOP study is carried out during the design stage of the process plant or during carrying out any modification in the existing plant. Live interactive sessions over the internet, combined with practical examples completed offline and shared via email to us. You will simply require a computer with a reliable internet connection, a headset with a high-quality microphone.
Course Content
What is a HAZOP Study?
Definition of basic terms
Risk matrix/ALARP principle
When to Perform a HAZOP Study
Different stages of Hazop study and relevant Data requirement
HAZOP STUDY - TEAM COMPOSITION
Generally accepted rules of HAZOP
Overall HAZOP Methodology
Layers of protection/Safeguard
Hierarchy of controls (with simple example)
HAZOP Study-Example
https://trainings.ifluids.com/
Introduction to PSM Online Interactive TrainingJohn Kingsley
Process Safety Management (PSM ) refers to a set of interrelated approaches to manage hazards associated with the process industries and is intended to reduce the frequency and severity of incidents resulting from releases of chemicals and other energy sources. These standards are composed of organizational and operational procedures, design guidance, audit programs, and a host of other methods.
A comprehensive PSM program to identify, assess and control facility hazards, including fires, explosions and the release of highly hazardous chemicals is crucial to any industrial organization’s safety plan. With iFluids online PSM training, learners will gain important information about the elements most frequently cited by OSHA, as well as topics like emergency planning and response, mechanical integrity and management of change at a fundamental level.
Course Content
An Overview
Overview and Auditing
Process Safety Information
Process Hazard Analysis
Mechanical Integrity
Management of Change
Employee Participation
Operating Procedures
Training
Contractors
Pre-Startup Safety Review
Hot Work Permits
Incident Investigations
Emergency Planning & Resource
Compliance Audits
Trade Secrets
https://trainings.ifluids.com/
Sil assessment Risk Graph and LOPA Training iFluidsJohn Kingsley
LOPA is the newest methodology for hazard evaluation and risk assessment. On a sliding scale of sophistication and rigor, LOPA lies between the qualitative end of the scale (characterized by methods such as hazard and operability, or HAZOP, analysis and what-if analysis) and the quantitative end (characterized by methods using fault trees and event trees). LOPA helps the analyst make consistent decisions on the adequacy of existing or proposed layers of protection against an accident scenario. The technique is ideally suited for companies striving to meet specific risk targets or to lower risk as low as reasonably practicable (ALARP).
Hazop Fundamentals Online Training iFluidsJohn Kingsley
This course is designed to provide the basics of HAZOP study technique, its outcome and also to perform/review HAZOP report.
Familiarity with HAZOP Terminologies, Methodology, Brief Ideas for taking part /Involve in HAZOP Session. https://trainings.ifluids.com/
John kingsley OT ICS SCADA Cyber security consultantJohn Kingsley
John kingsley OT ICS SCADA Cyber security consultant
SCADA ICS Security Courses
Lack of SCADA ICS security professionals that lead to big gaps between compliance against the respected guidelines with the real situation at site. Critical needs for proper security professional in SCADA ICS
SCADA ICS Security Assurance
Ensuring the SCADA ICS environment to comply with the security requirements in order to maintain the production operations and sustain the business performance
SCADA ICS (OT) Security Services
SCADA ICS Security Services Summary
SCADA ICS Security Asset Management
SCADA ICS Security Risk Management
SCADA ICS Security Assessment
SCADA ICS Standard, Policy & Procedure Management
SCADA ICS Security Implementation
Cyber Security Services
Vulnerability Assessment
Penetration Testing
ISO 27001 Certified Management System Audit
iFluids Lean Six Sigma Case Study oil & gasJohn Kingsley
iFluids Lean Six Sigma Case Study oil & gas
Lean Six Sigma Applications in Oil and Gas Industry: Case Studies
Management Consulting Services
Lean Management Services
Framework to Implement Six Sigma Methodology to Oil and Gas
India Oman Qatar Malaysia Singapore
iFluids Behaviour based safety services and trainingJohn Kingsley
Behaviour-Based Safety: The blame game
An entire department is given bingo cards. The game continues until someone in that department reports a work related injury or illness. At that time, everyone has to turn in his or her markers and the game starts over. Imagine the pressure on the poor worker who slices his or her finger or suffers some type of sprain, not to report an injury, because a co-worker is about to reach BINGO and win the VCR or microwave oven.
Sound familiar? Scenarios such as this are growing in frightening proportions as more and more workplaces are adopting behaviour-based safety programs as part of their health and safety arsenal. UFCW Canada opposes this type of so called Health and Safety program as this type of program also encourages workers to spy on their co-workers for working in an unsafe manner
iFluids Management Consulting & Training Services
Six Sigma
Lean Management
Behavioural Based Safety
Safety Management Gap Analysis
Risk Management Profiling
Accident Investigation
Bottom Tank Inspection by Manual & Mapping Tank Floor Bottom Scanner
Dimensional Control Survey , Storage Tank Inspection
Above Ground Storage Tank Evaluation Program
• Our Above Ground Tank Inspection services include:
• Nondestructive testing services
• Ultrasonic thickness measurement using our DX-20 remote crawler
• MFE 2412 floor scanner
• DX-20 Magnetically- Attached Ultrasonic / Remote Visual Testing Crawler
• Our Tank Inspection Qualifications include:
• API 653 certified inspectors
Mechanical Integrity Program capabilities:
• Thickness Inspections
• Engineering Evaluations
• Corrosion Rate and Remaining Life Determination
• Fitness For Service Evaluations (FFS)
• Turnkey Tank Management Program
Our targeted tank inspections look to find and quantify such damage and deterioration phenomenon as:
• Corrosion Rate
• Remaining Life
• Under Floor Corrosion
• Corrosion Under Insulation (CUI)
• Tide Line and Corrosion Zones
• Settlement and Planar Tilt
Above Ground Storage Tanks within our inspection expertise include:
• SP-001 Tanks
• UL-58
Our inspections are tailored to your process equipment and risk mediation programs such as:
• Mechanical Integrity Program (MIP)
• Process Safety Management (PSM)
• Spill Prevention Control and Countermeasure (SPCC)
• Resource Conservation and Recovery Act (RCRA)
• Chlorine and Chlorine Dioxide Service
• Flammable or Hazardous Chemicals
• Proprietary Process Chemicals
We utilize the following tests in our inspections to gain an understanding of the condition of your equipment.
• Visual Inspections (VT)
• Ultrasonic Thickness Testing (UTT)
• Magnetic Particle Testing (MT)
• Penetrant Testing (PT)
• Radiographic Testing (RT)
• Magnetic Flux Leak Detection (MFL)
• Vacuum Box Testing (VBT)
Peripheral Considerations:
• Secondary Containment Sizing
Our API inspectors have been properly trained and certified and commmonly perform API 653 tank inspections. Many industries call upon iFluids to perform other popular services according to the API 570 and API 510 standards.
Chanigng industrial Control Systems Conference and Networking Session
CICS Introduction
We are in the throes of witnessing an Industrial Revolution, The Industrial Revolution Who Should Attend 4.0! A revolution that will completely change the way we live, work, and relate to one another. In its scale, scope, and complexity, the transformation will be unlike anything humankind has experienced before and with it will change the Industrial Control Systems (ICS).The boundaries delineating the ICS world from the civil world are denigrating, we are now looking at future where residences will be connected the Power Grids, supplying back rather than receiving energy (Renewable Energy – Reverse Metering), Smart Cities which will enable its residents and allow them to interact with the cities control systems and more.In this exciting times, we have created a unique conference where we will hear from the experts from the industry in ICS Domain, on what new is happening? We will endeavor to build a 360° view on the subject and understand the happenings, the challenges, the innovations that is changing the face of Industrial Control systems.
Attendees
SAMIR K PAWASKAR
Cyber Security Expert - GICSP, CRISC, CISM, CISSP, AMBCI, CICA, ISO 27001 LA, CCNP, MCSE
FARIS ABDULLAH AL-KHARUSI
Head of Business Excellence -Real Time Operations & Smart Fields,Petroleum Development Oman
NILANGSHU DEY
Senior Automation Engineer-Qatar Petroleum, Vice President-ISA(International Society Of Automation)
MALIKE BOUAOUD
Director/Lead, ICT and CS Strategy Research & Development QATAR FOUNDATION
KARMA SAMIR SHERIF
Professor -Management Information Systems College of Business and Economics Qatar University
JAVIER DIÉGUEZ BARRIOCANAL
Director – Basque Cybersecurity Centre
SAMUEL LINARES
Partner - iHacklabs
OMAR SHERIN
Director -Cyber Security Advisory - Africa, India & Middle East (AIM)Ernst & Young
SULTAN SALIM HUMAID AL-YAHYAI
Manager Information Technology
MOHAMMED IKRAMI
Senior Security Engineer, Qatar Aluminum Limited
FADI ADLOUNI
Senior Security Systems engineer, Palo Alto Networks.
GOPI KRISHNA DURBHAKA
Technology Evangelist Senior Member, IEEE fellow of ISECE
How to write a plant operating manual
preparation of effective operating manuals
oil and gas pertrochemical process industry pharmaceuticals energy power ca
Case study of dcs upgrade how to reduce stress during executionJohn Kingsley
iFluids Engineering ICS / DCS / SCADA Engineering Design, Procurement, Integration, Testing, Commissioning & Troubleshooting Services
Article Source: This guest blog post was written by Sunny R. Desai, an engineer in the DCS/PLC/SCADA department at Reliance Industries Ltd. A version of this article originally was published at InTech magazine.
Hydrocarbon leak detection in tank farmsJohn Kingsley
On December 10, 2005, Tank 912 at the Buncefield Oil Storage Depot in Hertfordshire, England, was filling with gasoline. According to a report by the European Process Safety Centre, the tank had two forms of level control: a gauge enabling personnel to monitor the filling operation; and an independent high-level switch (IHLS) which was meant to shut down operations automatically if the tank was overfilled.
The first gauge stuck and the IHLS was inoperable, so there was no means to alert the control room staff that the tank was filling to dangerous levels. Eventually, large quantities of gasoline overflowed from the top of the tank. A bund retaining wall around the tank and a system of drains and catchment areas that were supposed to ensure that liquids could not be released to the environment failed. More than 66,000 gallons (250,000 liters) of gasoline escaped from the tank before the explosion occurred.
Risk Assessment, Compliance and Creation of Management Systems as per API 2350: Overfill Protection for Storage Tanks in Petroleum
A visual signal is a luminous source within a coloured transparent enclosure and is used in many applications not least as reinforcement to an audible signal in the event of danger, warning or machine status / system process.
Effectiveness of visual signals
With the possible exception of status indicators, the purpose of the E2S visual signals range is to attract attention as compared with a luminaire or general purpose light which is intended to illuminate a given area and not necessarily attract attention. Therefore the effectiveness or the light intensity of a device as opposed to merely its capacity to illuminate is probably the important consideration. Different light sources may offer significantly different effective light intensity and ability to attract attention, particularly when flashing; however in contrast their ability to illuminate a given area may be fairly poor.
E2S provides information relating to the effectiveness of a visual signal based on actual measurements for each model within the E2S range. The information provided IS NOT based on rule of thumb assumptions and / or calculations alone. We therefore have confidence our measured light output values are meaningful and will better aid product selection.
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...Amil Baba Dawood bangali
Contact with Dawood Bhai Just call on +92322-6382012 and we'll help you. We'll solve all your problems within 12 to 24 hours and with 101% guarantee and with astrology systematic. If you want to take any personal or professional advice then also you can call us on +92322-6382012 , ONLINE LOVE PROBLEM & Other all types of Daily Life Problem's.Then CALL or WHATSAPP us on +92322-6382012 and Get all these problems solutions here by Amil Baba DAWOOD BANGALI
#vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore#blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #blackmagicforlove #blackmagicformarriage #aamilbaba #kalajadu #kalailam #taweez #wazifaexpert #jadumantar #vashikaranspecialist #astrologer #palmistry #amliyaat #taweez #manpasandshadi #horoscope #spiritual #lovelife #lovespell #marriagespell#aamilbabainpakistan #amilbabainkarachi #powerfullblackmagicspell #kalajadumantarspecialist #realamilbaba #AmilbabainPakistan #astrologerincanada #astrologerindubai #lovespellsmaster #kalajaduspecialist #lovespellsthatwork #aamilbabainlahore #Amilbabainuk #amilbabainspain #amilbabaindubai #Amilbabainnorway #amilbabainkrachi #amilbabainlahore #amilbabaingujranwalan #amilbabainislamabad
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
HEAP SORT ILLUSTRATED WITH HEAPIFY, BUILD HEAP FOR DYNAMIC ARRAYS.
Heap sort is a comparison-based sorting technique based on Binary Heap data structure. It is similar to the selection sort where we first find the minimum element and place the minimum element at the beginning. Repeat the same process for the remaining elements.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Overview of the fundamental roles in Hydropower generation and the components involved in wider Electrical Engineering.
This paper presents the design and construction of hydroelectric dams from the hydrologist’s survey of the valley before construction, all aspects and involved disciplines, fluid dynamics, structural engineering, generation and mains frequency regulation to the very transmission of power through the network in the United Kingdom.
Author: Robbie Edward Sayers
Collaborators and co editors: Charlie Sims and Connor Healey.
(C) 2024 Robbie E. Sayers
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERSveerababupersonal22
It consists of cw radar and fmcw radar ,range measurement,if amplifier and fmcw altimeterThe CW radar operates using continuous wave transmission, while the FMCW radar employs frequency-modulated continuous wave technology. Range measurement is a crucial aspect of radar systems, providing information about the distance to a target. The IF amplifier plays a key role in signal processing, amplifying intermediate frequency signals for further analysis. The FMCW altimeter utilizes frequency-modulated continuous wave technology to accurately measure altitude above a reference point.
Hierarchical Digital Twin of a Naval Power SystemKerry Sado
A hierarchical digital twin of a Naval DC power system has been developed and experimentally verified. Similar to other state-of-the-art digital twins, this technology creates a digital replica of the physical system executed in real-time or faster, which can modify hardware controls. However, its advantage stems from distributing computational efforts by utilizing a hierarchical structure composed of lower-level digital twin blocks and a higher-level system digital twin. Each digital twin block is associated with a physical subsystem of the hardware and communicates with a singular system digital twin, which creates a system-level response. By extracting information from each level of the hierarchy, power system controls of the hardware were reconfigured autonomously. This hierarchical digital twin development offers several advantages over other digital twins, particularly in the field of naval power systems. The hierarchical structure allows for greater computational efficiency and scalability while the ability to autonomously reconfigure hardware controls offers increased flexibility and responsiveness. The hierarchical decomposition and models utilized were well aligned with the physical twin, as indicated by the maximum deviations between the developed digital twin hierarchy and the hardware.
Forklift Classes Overview by Intella PartsIntella Parts
Discover the different forklift classes and their specific applications. Learn how to choose the right forklift for your needs to ensure safety, efficiency, and compliance in your operations.
For more technical information, visit our website https://intellaparts.com
Immunizing Image Classifiers Against Localized Adversary Attacksgerogepatton
This paper addresses the vulnerability of deep learning models, particularly convolutional neural networks
(CNN)s, to adversarial attacks and presents a proactive training technique designed to counter them. We
introduce a novel volumization algorithm, which transforms 2D images into 3D volumetric representations.
When combined with 3D convolution and deep curriculum learning optimization (CLO), itsignificantly improves
the immunity of models against localized universal attacks by up to 40%. We evaluate our proposed approach
using contemporary CNN architectures and the modified Canadian Institute for Advanced Research (CIFAR-10
and CIFAR-100) and ImageNet Large Scale Visual Recognition Challenge (ILSVRC12) datasets, showcasing
accuracy improvements over previous techniques. The results indicate that the combination of the volumetric
input and curriculum learning holds significant promise for mitigating adversarial attacks without necessitating
adversary training.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
6th International Conference on Machine Learning & Applications (CMLA 2024)ClaraZara1
6th International Conference on Machine Learning & Applications (CMLA 2024) will provide an excellent international forum for sharing knowledge and results in theory, methodology and applications of on Machine Learning & Applications.
6th International Conference on Machine Learning & Applications (CMLA 2024)
Digital danger zone tackling cyber security
1. Contact john@ifluids.com (or) info@ifluids.com
Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com
Digital danger zone: Tackling cyber
security
Old Repost from 2012 Arabian oil and gas
The protection of critical national infrastructure has long been a serious concern to
governments in this region, but an all-encompassing approach means achieving this is no
longer limited to physical security. The widespread use of interconnected networks and
control systems in national oil, gas, power, water and electricity sectors, means there is now a
very real and growing need to enhance cyber security, highlighted by an ever increasing
number of international attacks.
Indeed, as a region responsible for much of the world’s energy, GCC countries are placing
cyber defence as one of their priority areas for development. Saudi Arabia has plans to spend
$3.3Bn on oil and gas infrastructure security and Qatar, Oman, Kuwait and the UAE are set
to follow suit over the coming years.
“The cyber security threat to energy installations is surprisingly widespread, running across
utilities and distribution networks to generation, refining, and even drilling and exploration.
Most security professionals now say that if you think you have not had your security
breached then you just haven’t detected it,” says Professor Paul Dorey, director at CSO
Confidential.
“Wherever there is digital technology there is the potential of cyber threat. What can change
between industry sectors is the nature of the motivation of attack. Basic utilities have less
information of commercial value to steal than do exploration companies bidding for assets,
however both have the potential to create widespread disruption if their operations are
stopped or disrupted by attack on critical cyber systems such as Industrial control,” Dorey
adds.
2. Contact john@ifluids.com (or) info@ifluids.com
Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com
Governments and large corporations all over the world should be wary of a growing cyber
menace in 2012 in particular, according to experts at Kaspersky Lab. Not only will there be a
dramatic increase in the number of targeted attacks on state institutions and large companies,
it is also likely that a wider range of organizations will bear the brunt of the expected
onslaught.
“At the moment, the majority of incidents affect companies and state organizations involved
in arms manufacturing, financial operations, or hi-tech and scientific research activities. In
2012 companies in the natural resource extraction, energy and transport industries will be
affected, as well as information security companies,” warns Alexander Gostev, headed of the
global research and analysis team at Kaspersky Lab. Attacks will range over more of the
world than ever before, spreading beyond Western Europe and the US and affecting Eastern
Europe, the Middle East and South-East Asia.
It has been reported that there was more than a 40% increase across the Middle East in
computers infected by malware in 2011. The threat of such viruses was highlighted by the
discovery in 2010 of the most sophisticated cyber attack to date, Stuxnet. It was a vicious
computer worm with highly specialised malware coded to target specific Supervisory Control
and Data Acquisition (SCADA) systems and disrupt their operational activities but without
the operators being aware of such changes.
“SCADA networks are widely used in all industrial sectors and provide essential services and
commodities in a very efficient manner,” explains Dr Nick Coles, founder and organiser of
the International Forum to discuss the cyber security of energy and utilities sectors in the
Middle East.
“However, they were originally designed to maximize functionality with little attention paid
to security. Consequently performance, reliability and safety of these highly complex and
interconnected systems are invariably robust, but the security is weak, making them
vulnerable to disruption of service, process redirection or manipulation of operational data
that could result in public safety concerns and even loss of life,” adds Coles.
The management need for information and remote control in the modern energy business has
led to the adoption of common network protocols and the connection of many of these
SCADA and Industrial Control Systems (ICS) to the corporate network.
While these changes have resulted in business benefits they also have meant that control
system security is even more prone to the same cyber threats faced by corporate networks.
The Stuxnet worm demonstrated that it can cause real damage to public safety, the economy
and the environment. On the other hand, Stuxnet drew attention to the enhanced cyber
security needs for ICS systems.
As a result of this Stuxnet attack, which had a profound influence on cyber security, countries
have published national cyber strategies and programmes in order to regulate and clarify their
3. Contact john@ifluids.com (or) info@ifluids.com
Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com
security risks and threats. An example of intergovernmental cooperation is the recent US-EU
joint cyber security exercise to defend against potential attacks.
The cyber threats are by no means limited to the Stuxnet concern. The Night Dragon virus
drew attention to the ability of such viruses to steal highly sensitive competitive information
from oil and gas companies especially, and are now being superseded by a new type of digital
infection, the Advanced Persistent Threat (APT). These viruses can upload and propagate
themselves into IT/ICS systems without any immediate noticeable affect and can collect
intelligence data over a long period of time without detection.
The Night Dragon attacks work by methodical and progressive intrusions into the targeted
infrastructure. Using several locations in China, Night Dragon attackers leveraged command
and control servers on purchased hosted services in the United States and compromised
servers in the Netherlands to wage attacks against global oil, gas, and petrochemical
companies, as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the
United States to acquire proprietary and highly confidential information.
The primary operational technique used by the attackers comprised a variety of hacker tools,
including privately developed and customized RAT tools that provided complete remote
administration capabilities to the attacker. RATs provide functions similar to Citrix or
Microsoft Windows Terminal Services, allowing a remote individual to completely control
the affected system.
Most recently another new virus, Duqu, has appeared in the Middle East and potentially
differs from its predecessors in that it gathers intelligence data such as design documents and
assets from ICS systems for example in order to plan for a future cyber attack.
If Stuxnet was a wakeup call for industry, then Duqu is further evidence of the severity of
attacks. So it can be seen there is an exponential increase in cyber attacks from increasingly
sophisticated malware and what is needed to combat such threats are robust yet simple to
implement cyber security technology, sustained, consistent and updated education in this
area, enhanced public-private partnerships and well thought out cyber security standards that
industry can easily follow in order to truly protect industry plants and assets.
The Aggressors
The scope of motivation potentially behind a cyber-attack on a nation’s energy infrastructure
is a broad remit. “At the forefront of popular consciousness are of course other nation states,
criminals, terrorists, hackers and even disgruntled employees,” explains Justin Lowe, a smart
energy expert at PA Consulting Group. “This makes cyber attacks difficult to defend against
because the attacker could be located anywhere in the world, and could even be internal to
the impacted organisation,” he adds.
Despite the huge variety in aggressor origins, Eric Byres, CTO and VP Engineering of Tofino
Security Product Group, Belden Inc. and the world’s foremost authority on ICS security says
that often the real dangers are overlooked. “People tend to focus on terrorists and hackers, but
4. Contact john@ifluids.com (or) info@ifluids.com
Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com
currently criminal groups are a more likely aggressor. There are lots of financial motivations.
Impacting the production of a competitor, short selling the shares of a company undergoing a
production, environmental or safety incident or extorting money under the threat of a
disruption are all potentially profitable activities for a criminal group.”
These same motivations could also be attractive to nation-states or political groups. However,
unlike terrorist or state-sponsored sabotage, which still tends to be accompanied by violence
and a tendency for the spectacular, Dorey notes that unless attackers admit to perpetrating an
attack victims are left with complicated difficult forensic tracing which could lead to an
involuntary accomplice (like someone’s computer owned by a botnet) as much as the real
perpetrator.
“However, good intelligence work does tell us that the attackers do tend to fall into 3 groups
categorized by motives and capability: State Actors – concerned with economic espionage,
possibly also carrying out intelligence into the possibility of disrupting critical national
infrastructure. Secondly, organised crime, which is typically looking for opportunity for fraud
or information theft. And finally, Hactivists, individuals or organisations often protesting
against the political, economic, social or environmental activities of companies of
governments. This includes both highly connected and capable attackers but also a whole raft
of technically unsophisticated and inexperienced attackers,” says Dorey.
Vulnerabilities
As touched on above, the vast majority of control systems were not built with security in
mind. The introduction and proliferation of standardised IT systems and IT networks in
industrial control systems has brought the possibility of cyber attacks deeper into focus.
The criticality to Middle Eastern nation states, and their customers for a reliable and
uninterrupted, predictable oil supply has never been sharper. Looking at the growth of
upstream asset management and production expectations, the importance of rolling out
intelligent systems which can deliver this requires technology which many see as the core
vulnerability to cyber attack.
“This is taking place in the context of a time when many existing oil and gas reserves are
going into or are already in decline and new reserves are more difficult to find, develop or
produce. These changes result in a more complex, integrated energy infrastructure with a
greater reliance on information technology, operations technology, and communications,”
explains Lowe. As a result, this evolving energy infrastructure is more vulnerable to cyber
security issues.
Improve efficiency and increase production from oil and gas assets is driving adoption of
wider digital oilfield implementation is gaining value . With these changes comes the extra
threat of cyber attack and it is imperative to understand what E&P data exists, where it needs
to flow and where the security risks are in order to keep DOF implementation secure.
5. Contact john@ifluids.com (or) info@ifluids.com
Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com
“To coincide with this need for more integrated I, there has been a dramatic increase in cyber
security risks. There are now well publicized security incidents affecting oil, gas, electricity
and water companies and infrastructures. The sophistication of these attacks has increased
over the last few years and it is now time for all energy companies to identify and evaluate
the risks they and how they address them,” he adds.
The vulnerabilities in the oil and gas business are very real, adds Byres. “There are real
weaknesses. The systems deployed in the energy sectors were never designed to be secure –
they were designed to be safe, reliable and productive. Unfortunately the hackers have
discovered this in the past year and the list of known product vulnerabilities has exploded,”
he warns.
Of course, failures in computer systems can and do happen by accident, but these should be
managed separately to a cyber security strategy, stresses Dorey.
“A security incident comes from deliberate malicious intent and needs defence and detection
mechanisms that look to outthink a deliberate adversary - this is not the case with mistakes
and is why safety risk management does not automatically extend to security concerns.
“Some security attacks (like propagating viruses) spread to and impact systems that the
attacker did not intend to attack, and many industrial control systems have suffered from this
type of ‘collateral damage’ rather than being deliberately targeted. Accidental or not, it is still
key that ICS systems are defended against unintentional spread,” he adds.
Right approach
Despite the myriad threats, experts largely agree on the approach necessary to avoid a
catastrophe, be it commercial, environmental or otherwise.
“The very first place to start is to do a risk analysis to determine exactly what is the “worst-
case scenario” for a specific plan or company,” says Byres. “Then companies need to develop
mitigation strategies to make sure those scenarios never occur. For example, in the oil and
gas industry, the Safety Integrated System (SIS) is the last line of defense against a major
process disaster. Unfortunately these systems are often only loosely secured, if at all, so
protecting these needs to be a priority.
In industrial control systems the main weaknesses that are exploited are the connections with
other business, industrial or engineering systems, and even the internet. In many cases these
systems were not originally designed with cyber security in mind, so weaknesses around
access control and communications resilience can be straightforward to find and exploit. This
is further exacerbated by the fact that updating or patching these systems to address known
weaknesses can be logistically challenging in production environments.
“It is also important to understand that even where systems are isolated there are still risks –
attacks can still be performed by individuals or by intentionally planting or accidentally
transferring malicious code into these systems,” says Lowe.
6. Contact john@ifluids.com (or) info@ifluids.com
Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com
“A common security approach is to secure the connection between systems but often the
systems themselves remain vulnerable behind these secure connections. The vulnerability of
the core systems is the real issue as it is very difficult to manage the ongoing security of these
systems,” he adds.
A key area to focus on are new projects where new systems and technologies are being
deployed. It is essential that cyber security risks are identified and addressed as part of these
projects as bolting on security later is costly and less effective than getting it right from the
start.
Throughout the local upstream industry there is an understanding of the risks, and the need
for a coordinated security strategy, however the cross-over responsibilities between project
engineers and senior managers can lead to confusion over where best to start.
Dorey says the biggest management challenge in industrial control systems is the gulf
between security expertise – usually held within the IT function – and deep engineering and
industrial control knowledge, held by the plant engineers and technology team.
“Some IT security solutions work well in the ICS environment and others are disastrous.
Getting teams cross-trained and skilled with hybrid security and ICS knowledge must be a
priority. Security vendors also need to significantly improve their understanding and build
industrial strength security solutions, a few key suppliers understand the requirements but
most just offer standard IT solutions which could even create rather than solve security
problems,” he warns.
Safeguards
The security challenges are significant, and there is no silver bullet solution to cyber security
either in the corporate environment or industrial operational environment.
“New technology solutions are being developed all the time – many of which are very useful
in securing systems. However, many organizations naturally focus on technology as the main
method of dealing with security risk. However, the best safeguard is understanding the risk
and establishing a security culture within the organization to address the risks. Ultimately,
organisations rely on people, process and technology to be secure,” explains Lowe.
“One of the most effective safeguards an organization can invest in is being prepared to
detect and respond to a security incident. This can be as simple as developing some pragmatic
procedures and can be more valuable than spending significant funds on the latest security
technology solution,” he adds.
The upstream industry may have some advantages over other process-reliant industries such
as the utilities and telecoms sectors, says Byres. “Compared to the other industries, oil and
gas companies and operators are probably more likely to embrace the necessary cyber
security steps once they are aware of the risks they are facing, because most of them actually
have a solid risk management culture. They can quantify what bad security could cost them
7. Contact john@ifluids.com (or) info@ifluids.com
Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com
and then make the decision to do something. In contrast, the power industry and
manufacturing industry tends to be lost when it comes to moving to address the risk until they
have a problem or are legislated to do something.”
Wireless Concerns
Additionally, the step to wireless, which has always raised security related questions from the
industry, may actually be helping migrate upstream firms into safer territory.“Frankly most of
the wireless deployments I see are better than the wired ones in terms of security. People see
the word “wireless” and they immediate ask themselves: What do I need to do about
security? With wired systems, security never crosses their mind,” Byres states.
Whilst wireless networking can introduce potential security risks to networks and facilities,
many secure wireless solutions have been developed. It is, however, easy to implement
wireless solutions in an insecure way that can introduce security weaknesses.
“Companies implementing wireless solutions in the industrial environment should only do so
having been informed by a thorough risk assessment and should design the wireless solution
to address the identified risks,” explains Lowe. “These should be reviewed on a regular basis
and action taken as required to maintain security levels against an evolving threat and risk
landscape.”
Outlook
Many local energy companies are only just beginning to recognise the cyber security risks.
However, that recognition has kick-started an appetite to address, explore and counter future
threats. The upcoming Abu Dhabi International Forum to discuss the cyber security of energy
and utilities sectors in the Middle East is proof that the threat is being taken seriously by
energy and utility players throughout the region.
With participation from leading cyber security luminaries, and their local upstream energy
and utility counterparts, means local business leaders are embracing the need for rapid, but
planned adoption of a cyber security framework.
The Middle Eastern energy industry could not be more vital to meeting the Gulf’s aspirations,
as well as the stability and general wellbeing of the global economic system. The threat is
being tackled, but the oil and gas industry, and its utilities counterparts cannot pause for
deliberation. Action to match good intentions is now as critical as the challenge.
Article Source: http://www.arabianoilandgas.com/article-9868-digital-danger-zone-tackling-
cyber-security/1/
Cyber Security Services Provided by iFluids Engineering < To know more send email to
john@ifluids.com>
•IT Security Awareness
8. Contact john@ifluids.com (or) info@ifluids.com
Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com
•ISO 27001 Introduction & ISMS Primer
•Essentials of ICS Engineering
•Essentials of SIS and Safety Life Cycle
•ICS Security and Network Management
•Identity and Access Management
For more information regarding iFluids Engineering Services & Past Project Track Record
please visit here
Disclaimer: All information and content contained in this website are provided solely for
general information and reference purposes. TM information, Images & any copyrighted
9. Contact john@ifluids.com (or) info@ifluids.com
Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com
material inadvertently published or depicted belong to rightfull owner and iFluids doesnt claim
to be its own
#NIST SP 800-53 #NERC #CIP #CyberSecurity #ISO27002 #IEC27002 #ISO27001
#IEC27002 #NIST #ISA62443 #IEC62443 #ISA99 #IACS #iFluids #InfoSec
#NetworkSecurity #ICS #Automation #ControlSystem #GIACS #PEBC #Protection
#Endpoint #Firewall #Routers #Switch #ISO31000 #DMZ #Layer3.5