SlideShare a Scribd company logo

Digital danger zone tackling cyber security

John Kingsley
John Kingsley

The protection of critical national infrastructure has long been a serious concern to governments in this region, but an all-encompassing approach means achieving this is no longer limited to physical security. The widespread use of interconnected networks and control systems in national oil, gas, power, water and electricity sectors, means there is now a very real and growing need to enhance cyber security, highlighted by an ever increasing number of international attacks. Indeed, as a region responsible for much of the world’s energy, GCC countries are placing cyber defence as one of their priority areas for development. Saudi Arabia has plans to spend $3.3Bn on oil and gas infrastructure security and Qatar, Oman, Kuwait and the UAE are set to follow suit over the coming years. “The cyber security threat to energy installations is surprisingly widespread, running across utilities and distribution networks to generation, refining, and even drilling and exploration. Most security professionals now say that if you think you have not had your security breached then you just haven’t detected it,” says Professor Paul Dorey, director at CSO Confidential. #NIST SP 800-53 #NERC #CIP #CyberSecurity #ISO27002 #IEC27002 #ISO27001 #IEC27002 #NIST #ISA62443 #IEC62443 #ISA99 #IACS #iFluids #InfoSec #NetworkSecurity #ICS #Automation #ControlSystem #GIACS #PEBC #Protection #Endpoint #Firewall #Routers #Switch #ISO31000 #DMZ #Layer3.5

Engineering
1 of 9
Download to read offline
Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com Digital danger zone: Tackling cyber security Old Repost from 2012 Arabian oil and gas The protection of critical national infrastructure has long been a serious concern to governments in this region, but an all-encompassing approach means achieving this is no longer limited to physical security. The widespread use of interconnected networks and control systems in national oil, gas, power, water and electricity sectors, means there is now a very real and growing need to enhance cyber security, highlighted by an ever increasing number of international attacks. Indeed, as a region responsible for much of the world’s energy, GCC countries are placing cyber defence as one of their priority areas for development. Saudi Arabia has plans to spend $3.3Bn on oil and gas infrastructure security and Qatar, Oman, Kuwait and the UAE are set to follow suit over the coming years. “The cyber security threat to energy installations is surprisingly widespread, running across utilities and distribution networks to generation, refining, and even drilling and exploration. Most security professionals now say that if you think you have not had your security breached then you just haven’t detected it,” says Professor Paul Dorey, director at CSO Confidential. “Wherever there is digital technology there is the potential of cyber threat. What can change between industry sectors is the nature of the motivation of attack. Basic utilities have less information of commercial value to steal than do exploration companies bidding for assets, however both have the potential to create widespread disruption if their operations are stopped or disrupted by attack on critical cyber systems such as Industrial control,” Dorey adds.
Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com Governments and large corporations all over the world should be wary of a growing cyber menace in 2012 in particular, according to experts at Kaspersky Lab. Not only will there be a dramatic increase in the number of targeted attacks on state institutions and large companies, it is also likely that a wider range of organizations will bear the brunt of the expected onslaught. “At the moment, the majority of incidents affect companies and state organizations involved in arms manufacturing, financial operations, or hi-tech and scientific research activities. In 2012 companies in the natural resource extraction, energy and transport industries will be affected, as well as information security companies,” warns Alexander Gostev, headed of the global research and analysis team at Kaspersky Lab. Attacks will range over more of the world than ever before, spreading beyond Western Europe and the US and affecting Eastern Europe, the Middle East and South-East Asia. It has been reported that there was more than a 40% increase across the Middle East in computers infected by malware in 2011. The threat of such viruses was highlighted by the discovery in 2010 of the most sophisticated cyber attack to date, Stuxnet. It was a vicious computer worm with highly specialised malware coded to target specific Supervisory Control and Data Acquisition (SCADA) systems and disrupt their operational activities but without the operators being aware of such changes. “SCADA networks are widely used in all industrial sectors and provide essential services and commodities in a very efficient manner,” explains Dr Nick Coles, founder and organiser of the International Forum to discuss the cyber security of energy and utilities sectors in the Middle East. “However, they were originally designed to maximize functionality with little attention paid to security. Consequently performance, reliability and safety of these highly complex and interconnected systems are invariably robust, but the security is weak, making them vulnerable to disruption of service, process redirection or manipulation of operational data that could result in public safety concerns and even loss of life,” adds Coles. The management need for information and remote control in the modern energy business has led to the adoption of common network protocols and the connection of many of these SCADA and Industrial Control Systems (ICS) to the corporate network. While these changes have resulted in business benefits they also have meant that control system security is even more prone to the same cyber threats faced by corporate networks. The Stuxnet worm demonstrated that it can cause real damage to public safety, the economy and the environment. On the other hand, Stuxnet drew attention to the enhanced cyber security needs for ICS systems. As a result of this Stuxnet attack, which had a profound influence on cyber security, countries have published national cyber strategies and programmes in order to regulate and clarify their
Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com security risks and threats. An example of intergovernmental cooperation is the recent US-EU joint cyber security exercise to defend against potential attacks. The cyber threats are by no means limited to the Stuxnet concern. The Night Dragon virus drew attention to the ability of such viruses to steal highly sensitive competitive information from oil and gas companies especially, and are now being superseded by a new type of digital infection, the Advanced Persistent Threat (APT). These viruses can upload and propagate themselves into IT/ICS systems without any immediate noticeable affect and can collect intelligence data over a long period of time without detection. The Night Dragon attacks work by methodical and progressive intrusions into the targeted infrastructure. Using several locations in China, Night Dragon attackers leveraged command and control servers on purchased hosted services in the United States and compromised servers in the Netherlands to wage attacks against global oil, gas, and petrochemical companies, as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the United States to acquire proprietary and highly confidential information. The primary operational technique used by the attackers comprised a variety of hacker tools, including privately developed and customized RAT tools that provided complete remote administration capabilities to the attacker. RATs provide functions similar to Citrix or Microsoft Windows Terminal Services, allowing a remote individual to completely control the affected system. Most recently another new virus, Duqu, has appeared in the Middle East and potentially differs from its predecessors in that it gathers intelligence data such as design documents and assets from ICS systems for example in order to plan for a future cyber attack. If Stuxnet was a wakeup call for industry, then Duqu is further evidence of the severity of attacks. So it can be seen there is an exponential increase in cyber attacks from increasingly sophisticated malware and what is needed to combat such threats are robust yet simple to implement cyber security technology, sustained, consistent and updated education in this area, enhanced public-private partnerships and well thought out cyber security standards that industry can easily follow in order to truly protect industry plants and assets. The Aggressors The scope of motivation potentially behind a cyber-attack on a nation’s energy infrastructure is a broad remit. “At the forefront of popular consciousness are of course other nation states, criminals, terrorists, hackers and even disgruntled employees,” explains Justin Lowe, a smart energy expert at PA Consulting Group. “This makes cyber attacks difficult to defend against because the attacker could be located anywhere in the world, and could even be internal to the impacted organisation,” he adds. Despite the huge variety in aggressor origins, Eric Byres, CTO and VP Engineering of Tofino Security Product Group, Belden Inc. and the world’s foremost authority on ICS security says that often the real dangers are overlooked. “People tend to focus on terrorists and hackers, but
Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com currently criminal groups are a more likely aggressor. There are lots of financial motivations. Impacting the production of a competitor, short selling the shares of a company undergoing a production, environmental or safety incident or extorting money under the threat of a disruption are all potentially profitable activities for a criminal group.” These same motivations could also be attractive to nation-states or political groups. However, unlike terrorist or state-sponsored sabotage, which still tends to be accompanied by violence and a tendency for the spectacular, Dorey notes that unless attackers admit to perpetrating an attack victims are left with complicated difficult forensic tracing which could lead to an involuntary accomplice (like someone’s computer owned by a botnet) as much as the real perpetrator. “However, good intelligence work does tell us that the attackers do tend to fall into 3 groups categorized by motives and capability: State Actors – concerned with economic espionage, possibly also carrying out intelligence into the possibility of disrupting critical national infrastructure. Secondly, organised crime, which is typically looking for opportunity for fraud or information theft. And finally, Hactivists, individuals or organisations often protesting against the political, economic, social or environmental activities of companies of governments. This includes both highly connected and capable attackers but also a whole raft of technically unsophisticated and inexperienced attackers,” says Dorey. Vulnerabilities As touched on above, the vast majority of control systems were not built with security in mind. The introduction and proliferation of standardised IT systems and IT networks in industrial control systems has brought the possibility of cyber attacks deeper into focus. The criticality to Middle Eastern nation states, and their customers for a reliable and uninterrupted, predictable oil supply has never been sharper. Looking at the growth of upstream asset management and production expectations, the importance of rolling out intelligent systems which can deliver this requires technology which many see as the core vulnerability to cyber attack. “This is taking place in the context of a time when many existing oil and gas reserves are going into or are already in decline and new reserves are more difficult to find, develop or produce. These changes result in a more complex, integrated energy infrastructure with a greater reliance on information technology, operations technology, and communications,” explains Lowe. As a result, this evolving energy infrastructure is more vulnerable to cyber security issues. Improve efficiency and increase production from oil and gas assets is driving adoption of wider digital oilfield implementation is gaining value . With these changes comes the extra threat of cyber attack and it is imperative to understand what E&P data exists, where it needs to flow and where the security risks are in order to keep DOF implementation secure.
Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com “To coincide with this need for more integrated I, there has been a dramatic increase in cyber security risks. There are now well publicized security incidents affecting oil, gas, electricity and water companies and infrastructures. The sophistication of these attacks has increased over the last few years and it is now time for all energy companies to identify and evaluate the risks they and how they address them,” he adds. The vulnerabilities in the oil and gas business are very real, adds Byres. “There are real weaknesses. The systems deployed in the energy sectors were never designed to be secure – they were designed to be safe, reliable and productive. Unfortunately the hackers have discovered this in the past year and the list of known product vulnerabilities has exploded,” he warns. Of course, failures in computer systems can and do happen by accident, but these should be managed separately to a cyber security strategy, stresses Dorey. “A security incident comes from deliberate malicious intent and needs defence and detection mechanisms that look to outthink a deliberate adversary - this is not the case with mistakes and is why safety risk management does not automatically extend to security concerns. “Some security attacks (like propagating viruses) spread to and impact systems that the attacker did not intend to attack, and many industrial control systems have suffered from this type of ‘collateral damage’ rather than being deliberately targeted. Accidental or not, it is still key that ICS systems are defended against unintentional spread,” he adds. Right approach Despite the myriad threats, experts largely agree on the approach necessary to avoid a catastrophe, be it commercial, environmental or otherwise. “The very first place to start is to do a risk analysis to determine exactly what is the “worst- case scenario” for a specific plan or company,” says Byres. “Then companies need to develop mitigation strategies to make sure those scenarios never occur. For example, in the oil and gas industry, the Safety Integrated System (SIS) is the last line of defense against a major process disaster. Unfortunately these systems are often only loosely secured, if at all, so protecting these needs to be a priority. In industrial control systems the main weaknesses that are exploited are the connections with other business, industrial or engineering systems, and even the internet. In many cases these systems were not originally designed with cyber security in mind, so weaknesses around access control and communications resilience can be straightforward to find and exploit. This is further exacerbated by the fact that updating or patching these systems to address known weaknesses can be logistically challenging in production environments. “It is also important to understand that even where systems are isolated there are still risks – attacks can still be performed by individuals or by intentionally planting or accidentally transferring malicious code into these systems,” says Lowe.
Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com “A common security approach is to secure the connection between systems but often the systems themselves remain vulnerable behind these secure connections. The vulnerability of the core systems is the real issue as it is very difficult to manage the ongoing security of these systems,” he adds. A key area to focus on are new projects where new systems and technologies are being deployed. It is essential that cyber security risks are identified and addressed as part of these projects as bolting on security later is costly and less effective than getting it right from the start. Throughout the local upstream industry there is an understanding of the risks, and the need for a coordinated security strategy, however the cross-over responsibilities between project engineers and senior managers can lead to confusion over where best to start. Dorey says the biggest management challenge in industrial control systems is the gulf between security expertise – usually held within the IT function – and deep engineering and industrial control knowledge, held by the plant engineers and technology team. “Some IT security solutions work well in the ICS environment and others are disastrous. Getting teams cross-trained and skilled with hybrid security and ICS knowledge must be a priority. Security vendors also need to significantly improve their understanding and build industrial strength security solutions, a few key suppliers understand the requirements but most just offer standard IT solutions which could even create rather than solve security problems,” he warns. Safeguards The security challenges are significant, and there is no silver bullet solution to cyber security either in the corporate environment or industrial operational environment. “New technology solutions are being developed all the time – many of which are very useful in securing systems. However, many organizations naturally focus on technology as the main method of dealing with security risk. However, the best safeguard is understanding the risk and establishing a security culture within the organization to address the risks. Ultimately, organisations rely on people, process and technology to be secure,” explains Lowe. “One of the most effective safeguards an organization can invest in is being prepared to detect and respond to a security incident. This can be as simple as developing some pragmatic procedures and can be more valuable than spending significant funds on the latest security technology solution,” he adds. The upstream industry may have some advantages over other process-reliant industries such as the utilities and telecoms sectors, says Byres. “Compared to the other industries, oil and gas companies and operators are probably more likely to embrace the necessary cyber security steps once they are aware of the risks they are facing, because most of them actually have a solid risk management culture. They can quantify what bad security could cost them
Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com and then make the decision to do something. In contrast, the power industry and manufacturing industry tends to be lost when it comes to moving to address the risk until they have a problem or are legislated to do something.” Wireless Concerns Additionally, the step to wireless, which has always raised security related questions from the industry, may actually be helping migrate upstream firms into safer territory.“Frankly most of the wireless deployments I see are better than the wired ones in terms of security. People see the word “wireless” and they immediate ask themselves: What do I need to do about security? With wired systems, security never crosses their mind,” Byres states. Whilst wireless networking can introduce potential security risks to networks and facilities, many secure wireless solutions have been developed. It is, however, easy to implement wireless solutions in an insecure way that can introduce security weaknesses. “Companies implementing wireless solutions in the industrial environment should only do so having been informed by a thorough risk assessment and should design the wireless solution to address the identified risks,” explains Lowe. “These should be reviewed on a regular basis and action taken as required to maintain security levels against an evolving threat and risk landscape.” Outlook Many local energy companies are only just beginning to recognise the cyber security risks. However, that recognition has kick-started an appetite to address, explore and counter future threats. The upcoming Abu Dhabi International Forum to discuss the cyber security of energy and utilities sectors in the Middle East is proof that the threat is being taken seriously by energy and utility players throughout the region. With participation from leading cyber security luminaries, and their local upstream energy and utility counterparts, means local business leaders are embracing the need for rapid, but planned adoption of a cyber security framework. The Middle Eastern energy industry could not be more vital to meeting the Gulf’s aspirations, as well as the stability and general wellbeing of the global economic system. The threat is being tackled, but the oil and gas industry, and its utilities counterparts cannot pause for deliberation. Action to match good intentions is now as critical as the challenge. Article Source: http://www.arabianoilandgas.com/article-9868-digital-danger-zone-tackling- cyber-security/1/ Cyber Security Services Provided by iFluids Engineering < To know more send email to john@ifluids.com> •IT Security Awareness
Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com •ISO 27001 Introduction & ISMS Primer •Essentials of ICS Engineering •Essentials of SIS and Safety Life Cycle •ICS Security and Network Management •Identity and Access Management For more information regarding iFluids Engineering Services & Past Project Track Record please visit here Disclaimer: All information and content contained in this website are provided solely for general information and reference purposes. TM information, Images & any copyrighted
Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com material inadvertently published or depicted belong to rightfull owner and iFluids doesnt claim to be its own #NIST SP 800-53 #NERC #CIP #CyberSecurity #ISO27002 #IEC27002 #ISO27001 #IEC27002 #NIST #ISA62443 #IEC62443 #ISA99 #IACS #iFluids #InfoSec #NetworkSecurity #ICS #Automation #ControlSystem #GIACS #PEBC #Protection #Endpoint #Firewall #Routers #Switch #ISO31000 #DMZ #Layer3.5

Recommended

Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
William McBorrough
 
News letter aug 13
News letter aug 13News letter aug 13
News letter aug 13
Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
sunnyjoshi88
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
at MicroFocus Italy ❖✔
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
Matthew Rosenquist
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza Belayneh
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
Talwant Singh
 

Recommended

Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
William McBorrough
 
News letter aug 13
News letter aug 13News letter aug 13
News letter aug 13
Capt SB Tyagi, COAC'CC*,FISM,CSC,
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
sunnyjoshi88
 
Volume2 chapter1 security
Volume2 chapter1 securityVolume2 chapter1 security
Volume2 chapter1 security
at MicroFocus Italy ❖✔
 
2022 Cybersecurity Predictions
2022 Cybersecurity Predictions2022 Cybersecurity Predictions
2022 Cybersecurity Predictions
Matthew Rosenquist
 
Beza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza belayneh information_warfare_brief
Beza belayneh information_warfare_briefBeza Belayneh
 
AI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRAI-Cyber-Security-White-Papers-06-15-LR
AI-Cyber-Security-White-Papers-06-15-LRBill Besse
 
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITYCYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
CYBERWAR: THE NEXT THREAT TO NATIONAL SECURITY
Talwant Singh
 
CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018
Confederation of Indian Industry
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industryNumaan Huq
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoJoão Rufino de Sales
 
Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...
Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...
Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...
Clifton M. Hasegawa & Associates, LLC
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
NTT Innovation Institute Inc.
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
Booz Allen Hamilton
 
A STUDY ON CYBER SECURITY AND ITS RISKS K. Jenifer
A STUDY ON CYBER SECURITY AND ITS RISKS K. JeniferA STUDY ON CYBER SECURITY AND ITS RISKS K. Jenifer
A STUDY ON CYBER SECURITY AND ITS RISKS K. Jenifer
AM Publications
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
David Sweigert
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
Insights success media and technology pvt ltd
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 c
Aanchal579958
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
Cyberwar: (R)evolution?
Cyberwar: (R)evolution?Cyberwar: (R)evolution?
Cyberwar: (R)evolution?
zapp0
 
Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Mantenso Skido-Achulo
 
07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed
IAESIJEECS
 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Mark Raduenzel
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Information Security Awareness Group
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 
Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdf
ssuserc1c354
 
L479096.pdf
L479096.pdfL479096.pdf
L479096.pdf
American Research Journal of Humanities & Social Science
 

More Related Content

What's hot

CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018
Confederation of Indian Industry
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0varun4110
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industryNumaan Huq
 
Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...
Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...
Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...
Clifton M. Hasegawa & Associates, LLC
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
NTT Innovation Institute Inc.
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
Booz Allen Hamilton
 
A STUDY ON CYBER SECURITY AND ITS RISKS K. Jenifer
A STUDY ON CYBER SECURITY AND ITS RISKS K. JeniferA STUDY ON CYBER SECURITY AND ITS RISKS K. Jenifer
A STUDY ON CYBER SECURITY AND ITS RISKS K. Jenifer
AM Publications
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
David Sweigert
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdSusan Darby
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
Insights success media and technology pvt ltd
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 c
Aanchal579958
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
ITDogadjaji.com
 
Cyberwar: (R)evolution?
Cyberwar: (R)evolution?Cyberwar: (R)evolution?
Cyberwar: (R)evolution?
zapp0
 
07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed
IAESIJEECS
 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Mark Raduenzel
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Information Security Awareness Group
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Erik Ginalick
 

What's hot (20)

CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018CII Whitepaper India Cyber Risk & Resilience Review 2018
CII Whitepaper India Cyber Risk & Resilience Review 2018
 
MainPaper_4.0
MainPaper_4.0MainPaper_4.0
MainPaper_4.0
 
wp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industrywp-cyber-threats-to-the-mining-industry
wp-cyber-threats-to-the-mining-industry
 
Delusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceoDelusions of-safety-cyber-savvy-ceo
Delusions of-safety-cyber-savvy-ceo
 
Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...
Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...
Oracle America,Iinc. - GAO Protest - DOD JEDI - Network Segmentation - Cybers...
 
2015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i32015 Global Threat Intelligence Report Executive Summary | NTT i3
2015 Global Threat Intelligence Report Executive Summary | NTT i3
 
Mobile Application Security
Mobile Application Security Mobile Application Security
Mobile Application Security
 
A STUDY ON CYBER SECURITY AND ITS RISKS K. Jenifer
A STUDY ON CYBER SECURITY AND ITS RISKS K. JeniferA STUDY ON CYBER SECURITY AND ITS RISKS K. Jenifer
A STUDY ON CYBER SECURITY AND ITS RISKS K. Jenifer
 
American Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standardsAmerican Bar Association guidelines on Cyber Security standards
American Bar Association guidelines on Cyber Security standards
 
Cyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sdCyber Resilience white paper 20160401_sd
Cyber Resilience white paper 20160401_sd
 
Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...Insights success the 10 best performing cyber security solution providers 4th...
Insights success the 10 best performing cyber security solution providers 4th...
 
Cyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 cCyfirma cybersecurity-predictions-2022-v1.0 c
Cyfirma cybersecurity-predictions-2022-v1.0 c
 
Security in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and CloudSecurity in Web 2.0, Social Web and Cloud
Security in Web 2.0, Social Web and Cloud
 
Cyberwar: (R)evolution?
Cyberwar: (R)evolution?Cyberwar: (R)evolution?
Cyberwar: (R)evolution?
 
Trends_in_my_profession(revised)
Trends_in_my_profession(revised)Trends_in_my_profession(revised)
Trends_in_my_profession(revised)
 
07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed07 20251 latest trends, challenges ed
07 20251 latest trends, challenges ed
 
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
Raduenzel_Mark_FinalAssignment_NSEC506_Fall2015
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
 
Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112Five Network Security Threats And How To Protect Your Business Wp101112
Five Network Security Threats And How To Protect Your Business Wp101112
 

Similar to Digital danger zone tackling cyber security

Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdf
ssuserc1c354
 
L479096.pdf
L479096.pdfL479096.pdf
L479096.pdf
American Research Journal of Humanities & Social Science
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
Spark Security
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityThreat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
IRJET Journal
 
cyber security guidelines.pdf
cyber security guidelines.pdfcyber security guidelines.pdf
cyber security guidelines.pdf
VarinSingh1
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
ijtsrd
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Booz Allen Hamilton
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
William McBorrough
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
OPSWAT
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
bagotjesusa
 
From One Crisis to the Next: Supply Chain Issues and Climate Change
From One Crisis to the Next: Supply Chain Issues and Climate ChangeFrom One Crisis to the Next: Supply Chain Issues and Climate Change
From One Crisis to the Next: Supply Chain Issues and Climate Change
Digital Devices LTD: Top B2B IT Reseller in UK | Digital Devices
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
RAHUL126667
 
Cyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxCyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptx
SharifulShishir
 
What Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk AdvisoryWhat Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk Advisory
CR Group
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
Fas (Feisal) Mosleh
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonEljay Robertson
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive Measures
IOSR Journals
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Con
karenahmanny4c
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
croysierkathey
 

Similar to Digital danger zone tackling cyber security (20)

Strengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdfStrengthening Critical Infrastructure Security.pdf
Strengthening Critical Infrastructure Security.pdf
 
L479096.pdf
L479096.pdfL479096.pdf
L479096.pdf
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber SecurityThreat, Attack and Vulnerability Play a Key Role in Cyber Security
Threat, Attack and Vulnerability Play a Key Role in Cyber Security
 
cyber security guidelines.pdf
cyber security guidelines.pdfcyber security guidelines.pdf
cyber security guidelines.pdf
 
Cyber Security Intelligence
Cyber Security IntelligenceCyber Security Intelligence
Cyber Security Intelligence
 
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
Shifting Risks and IT Complexities Create Demands for New Enterprise Security...
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
Protecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email ThreatsProtecting the Oil and Gas Industry from Email Threats
Protecting the Oil and Gas Industry from Email Threats
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
From One Crisis to the Next: Supply Chain Issues and Climate Change
From One Crisis to the Next: Supply Chain Issues and Climate ChangeFrom One Crisis to the Next: Supply Chain Issues and Climate Change
From One Crisis to the Next: Supply Chain Issues and Climate Change
 
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docxBulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
Bulletinof theAtomicScientistsIT IS 5 MINUTES TO MID.docx
 
Cyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptxCyber Security – Indian Perspective.pptx
Cyber Security – Indian Perspective.pptx
 
What Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk AdvisoryWhat Are Cyber Attacks All About? | Cyberroot Risk Advisory
What Are Cyber Attacks All About? | Cyberroot Risk Advisory
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
 
Securing Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay RobertsonSecuring Cyber Space- Eljay Robertson
Securing Cyber Space- Eljay Robertson
 
Survey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive MeasuresSurvey of different Web Application Attacks & Its Preventive Measures
Survey of different Web Application Attacks & Its Preventive Measures
 
Journal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993ConJournal of Computer and System Sciences 80 (2014) 973–993Con
Journal of Computer and System Sciences 80 (2014) 973–993Con
 
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docxJournal of Computer and System Sciences 80 (2014) 973–993Con.docx
Journal of Computer and System Sciences 80 (2014) 973–993Con.docx
 

More from John Kingsley

Get yourself trained or Certified for IEC 62443 and other trainings.pdf
Get yourself trained or Certified for IEC 62443 and other trainings.pdfGet yourself trained or Certified for IEC 62443 and other trainings.pdf
Get yourself trained or Certified for IEC 62443 and other trainings.pdf
John Kingsley
 
MODIFICATION OF EXISTING FACILITIES FOR 20% ETHANOL BLENDING
MODIFICATION OF EXISTING FACILITIES FOR 20% ETHANOL BLENDINGMODIFICATION OF EXISTING FACILITIES FOR 20% ETHANOL BLENDING
MODIFICATION OF EXISTING FACILITIES FOR 20% ETHANOL BLENDING
John Kingsley
 
Reliability, availability, maintainability (RAM) study, on reciprocating comp...
Reliability, availability, maintainability (RAM) study, on reciprocating comp...Reliability, availability, maintainability (RAM) study, on reciprocating comp...
Reliability, availability, maintainability (RAM) study, on reciprocating comp...
John Kingsley
 
Introduction to oil and gas exploration and processing
Introduction to oil and gas exploration and processingIntroduction to oil and gas exploration and processing
Introduction to oil and gas exploration and processing
John Kingsley
 
iFluids Engineering Introduction
iFluids Engineering IntroductioniFluids Engineering Introduction
iFluids Engineering Introduction
John Kingsley
 
iFluids Engineering Brochure
iFluids Engineering BrochureiFluids Engineering Brochure
iFluids Engineering Brochure
John Kingsley
 
iFluids Engienering Capability Presentation
iFluids Engienering Capability PresentationiFluids Engienering Capability Presentation
iFluids Engienering Capability Presentation
John Kingsley
 
Hazop Training - Intermediate Level Course iFluids
Hazop Training - Intermediate Level Course iFluidsHazop Training - Intermediate Level Course iFluids
Hazop Training - Intermediate Level Course iFluids
John Kingsley
 
Introduction to PSM Online Interactive Training
Introduction to PSM Online Interactive TrainingIntroduction to PSM Online Interactive Training
Introduction to PSM Online Interactive Training
John Kingsley
 
Sil assessment Risk Graph and LOPA Training iFluids
Sil assessment Risk Graph and LOPA Training iFluidsSil assessment Risk Graph and LOPA Training iFluids
Sil assessment Risk Graph and LOPA Training iFluids
John Kingsley
 
Hazop Fundamentals Online Training iFluids
Hazop Fundamentals Online Training iFluidsHazop Fundamentals Online Training iFluids
Hazop Fundamentals Online Training iFluids
John Kingsley
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
John Kingsley
 
iFluids Lean Six Sigma Case Study oil & gas
iFluids Lean Six Sigma Case Study oil & gasiFluids Lean Six Sigma Case Study oil & gas
iFluids Lean Six Sigma Case Study oil & gas
John Kingsley
 
iFluids Behaviour based safety services and training
iFluids Behaviour based safety services and trainingiFluids Behaviour based safety services and training
iFluids Behaviour based safety services and training
John Kingsley
 
iFluids Tank Inspection services
iFluids Tank Inspection servicesiFluids Tank Inspection services
iFluids Tank Inspection services
John Kingsley
 
iFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 AgendaiFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
John Kingsley
 
How to write a plant operating manual
How to write a plant operating manualHow to write a plant operating manual
How to write a plant operating manual
John Kingsley
 
Case study of dcs upgrade how to reduce stress during execution
Case study of dcs upgrade how to reduce stress during executionCase study of dcs upgrade how to reduce stress during execution
Case study of dcs upgrade how to reduce stress during execution
John Kingsley
 
Hydrocarbon leak detection in tank farms
Hydrocarbon leak detection in tank farmsHydrocarbon leak detection in tank farms
Hydrocarbon leak detection in tank farms
John Kingsley
 
Guide to specifying visual signals
Guide to specifying visual signalsGuide to specifying visual signals
Guide to specifying visual signals
John Kingsley
 

More from John Kingsley (20)

Get yourself trained or Certified for IEC 62443 and other trainings.pdf
Get yourself trained or Certified for IEC 62443 and other trainings.pdfGet yourself trained or Certified for IEC 62443 and other trainings.pdf
Get yourself trained or Certified for IEC 62443 and other trainings.pdf
 
MODIFICATION OF EXISTING FACILITIES FOR 20% ETHANOL BLENDING
MODIFICATION OF EXISTING FACILITIES FOR 20% ETHANOL BLENDINGMODIFICATION OF EXISTING FACILITIES FOR 20% ETHANOL BLENDING
MODIFICATION OF EXISTING FACILITIES FOR 20% ETHANOL BLENDING
 
Reliability, availability, maintainability (RAM) study, on reciprocating comp...
Reliability, availability, maintainability (RAM) study, on reciprocating comp...Reliability, availability, maintainability (RAM) study, on reciprocating comp...
Reliability, availability, maintainability (RAM) study, on reciprocating comp...
 
Introduction to oil and gas exploration and processing
Introduction to oil and gas exploration and processingIntroduction to oil and gas exploration and processing
Introduction to oil and gas exploration and processing
 
iFluids Engineering Introduction
iFluids Engineering IntroductioniFluids Engineering Introduction
iFluids Engineering Introduction
 
iFluids Engineering Brochure
iFluids Engineering BrochureiFluids Engineering Brochure
iFluids Engineering Brochure
 
iFluids Engienering Capability Presentation
iFluids Engienering Capability PresentationiFluids Engienering Capability Presentation
iFluids Engienering Capability Presentation
 
Hazop Training - Intermediate Level Course iFluids
Hazop Training - Intermediate Level Course iFluidsHazop Training - Intermediate Level Course iFluids
Hazop Training - Intermediate Level Course iFluids
 
Introduction to PSM Online Interactive Training
Introduction to PSM Online Interactive TrainingIntroduction to PSM Online Interactive Training
Introduction to PSM Online Interactive Training
 
Sil assessment Risk Graph and LOPA Training iFluids
Sil assessment Risk Graph and LOPA Training iFluidsSil assessment Risk Graph and LOPA Training iFluids
Sil assessment Risk Graph and LOPA Training iFluids
 
Hazop Fundamentals Online Training iFluids
Hazop Fundamentals Online Training iFluidsHazop Fundamentals Online Training iFluids
Hazop Fundamentals Online Training iFluids
 
John kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultantJohn kingsley OT ICS SCADA Cyber security consultant
John kingsley OT ICS SCADA Cyber security consultant
 
iFluids Lean Six Sigma Case Study oil & gas
iFluids Lean Six Sigma Case Study oil & gasiFluids Lean Six Sigma Case Study oil & gas
iFluids Lean Six Sigma Case Study oil & gas
 
iFluids Behaviour based safety services and training
iFluids Behaviour based safety services and trainingiFluids Behaviour based safety services and training
iFluids Behaviour based safety services and training
 
iFluids Tank Inspection services
iFluids Tank Inspection servicesiFluids Tank Inspection services
iFluids Tank Inspection services
 
iFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 AgendaiFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
iFluids Cybersecurity Seminar CIC Qatar 2018 Agenda
 
How to write a plant operating manual
How to write a plant operating manualHow to write a plant operating manual
How to write a plant operating manual
 
Case study of dcs upgrade how to reduce stress during execution
Case study of dcs upgrade how to reduce stress during executionCase study of dcs upgrade how to reduce stress during execution
Case study of dcs upgrade how to reduce stress during execution
 
Hydrocarbon leak detection in tank farms
Hydrocarbon leak detection in tank farmsHydrocarbon leak detection in tank farms
Hydrocarbon leak detection in tank farms
 
Guide to specifying visual signals
Guide to specifying visual signalsGuide to specifying visual signals
Guide to specifying visual signals
 

Recently uploaded

一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
ydteq
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
bakpo1
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
zwunae
 
Unbalanced Three Phase Systems and circuits.pptx
Unbalanced Three Phase Systems and circuits.pptxUnbalanced Three Phase Systems and circuits.pptx
Unbalanced Three Phase Systems and circuits.pptx
ChristineTorrepenida1
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
obonagu
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
Amil Baba Dawood bangali
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
Massimo Talia
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
Kamal Acharya
 
Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTSHeap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
Soumen Santra
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Teleport Manpower Consultant
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
Robbie Edward Sayers
 
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERSCW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
veerababupersonal22
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
Kerry Sado
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
Intella Parts
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
gdsczhcet
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
gerogepatton
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
ClaraZara1
 

Recently uploaded (20)

一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
一比一原版(UofT毕业证)多伦多大学毕业证成绩单如何办理
 
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
一比一原版(SFU毕业证)西蒙菲莎大学毕业证成绩单如何办理
 
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
一比一原版(IIT毕业证)伊利诺伊理工大学毕业证成绩单专业办理
 
Unbalanced Three Phase Systems and circuits.pptx
Unbalanced Three Phase Systems and circuits.pptxUnbalanced Three Phase Systems and circuits.pptx
Unbalanced Three Phase Systems and circuits.pptx
 
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
在线办理(ANU毕业证书)澳洲国立大学毕业证录取通知书一模一样
 
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
NO1 Uk best vashikaran specialist in delhi vashikaran baba near me online vas...
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024Nuclear Power Economics and Structuring 2024
Nuclear Power Economics and Structuring 2024
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
Student information management system project report ii.pdf
Student information management system project report ii.pdfStudent information management system project report ii.pdf
Student information management system project report ii.pdf
 
Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTSHeap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
Heap Sort (SS).ppt FOR ENGINEERING GRADUATES, BCA, MCA, MTECH, BSC STUDENTS
 
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdfTop 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
Top 10 Oil and Gas Projects in Saudi Arabia 2024.pdf
 
HYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generationHYDROPOWER - Hydroelectric power generation
HYDROPOWER - Hydroelectric power generation
 
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERSCW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
CW RADAR, FMCW RADAR, FMCW ALTIMETER, AND THEIR PARAMETERS
 
Hierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power SystemHierarchical Digital Twin of a Naval Power System
Hierarchical Digital Twin of a Naval Power System
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
 
Gen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdfGen AI Study Jams _ For the GDSC Leads in India.pdf
Gen AI Study Jams _ For the GDSC Leads in India.pdf
 
Immunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary AttacksImmunizing Image Classifiers Against Localized Adversary Attacks
Immunizing Image Classifiers Against Localized Adversary Attacks
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)6th International Conference on Machine Learning & Applications (CMLA 2024)
6th International Conference on Machine Learning & Applications (CMLA 2024)
 

Digital danger zone tackling cyber security

  • 1. Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com Digital danger zone: Tackling cyber security Old Repost from 2012 Arabian oil and gas The protection of critical national infrastructure has long been a serious concern to governments in this region, but an all-encompassing approach means achieving this is no longer limited to physical security. The widespread use of interconnected networks and control systems in national oil, gas, power, water and electricity sectors, means there is now a very real and growing need to enhance cyber security, highlighted by an ever increasing number of international attacks. Indeed, as a region responsible for much of the world’s energy, GCC countries are placing cyber defence as one of their priority areas for development. Saudi Arabia has plans to spend $3.3Bn on oil and gas infrastructure security and Qatar, Oman, Kuwait and the UAE are set to follow suit over the coming years. “The cyber security threat to energy installations is surprisingly widespread, running across utilities and distribution networks to generation, refining, and even drilling and exploration. Most security professionals now say that if you think you have not had your security breached then you just haven’t detected it,” says Professor Paul Dorey, director at CSO Confidential. “Wherever there is digital technology there is the potential of cyber threat. What can change between industry sectors is the nature of the motivation of attack. Basic utilities have less information of commercial value to steal than do exploration companies bidding for assets, however both have the potential to create widespread disruption if their operations are stopped or disrupted by attack on critical cyber systems such as Industrial control,” Dorey adds.
  • 2. Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com Governments and large corporations all over the world should be wary of a growing cyber menace in 2012 in particular, according to experts at Kaspersky Lab. Not only will there be a dramatic increase in the number of targeted attacks on state institutions and large companies, it is also likely that a wider range of organizations will bear the brunt of the expected onslaught. “At the moment, the majority of incidents affect companies and state organizations involved in arms manufacturing, financial operations, or hi-tech and scientific research activities. In 2012 companies in the natural resource extraction, energy and transport industries will be affected, as well as information security companies,” warns Alexander Gostev, headed of the global research and analysis team at Kaspersky Lab. Attacks will range over more of the world than ever before, spreading beyond Western Europe and the US and affecting Eastern Europe, the Middle East and South-East Asia. It has been reported that there was more than a 40% increase across the Middle East in computers infected by malware in 2011. The threat of such viruses was highlighted by the discovery in 2010 of the most sophisticated cyber attack to date, Stuxnet. It was a vicious computer worm with highly specialised malware coded to target specific Supervisory Control and Data Acquisition (SCADA) systems and disrupt their operational activities but without the operators being aware of such changes. “SCADA networks are widely used in all industrial sectors and provide essential services and commodities in a very efficient manner,” explains Dr Nick Coles, founder and organiser of the International Forum to discuss the cyber security of energy and utilities sectors in the Middle East. “However, they were originally designed to maximize functionality with little attention paid to security. Consequently performance, reliability and safety of these highly complex and interconnected systems are invariably robust, but the security is weak, making them vulnerable to disruption of service, process redirection or manipulation of operational data that could result in public safety concerns and even loss of life,” adds Coles. The management need for information and remote control in the modern energy business has led to the adoption of common network protocols and the connection of many of these SCADA and Industrial Control Systems (ICS) to the corporate network. While these changes have resulted in business benefits they also have meant that control system security is even more prone to the same cyber threats faced by corporate networks. The Stuxnet worm demonstrated that it can cause real damage to public safety, the economy and the environment. On the other hand, Stuxnet drew attention to the enhanced cyber security needs for ICS systems. As a result of this Stuxnet attack, which had a profound influence on cyber security, countries have published national cyber strategies and programmes in order to regulate and clarify their
  • 3. Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com security risks and threats. An example of intergovernmental cooperation is the recent US-EU joint cyber security exercise to defend against potential attacks. The cyber threats are by no means limited to the Stuxnet concern. The Night Dragon virus drew attention to the ability of such viruses to steal highly sensitive competitive information from oil and gas companies especially, and are now being superseded by a new type of digital infection, the Advanced Persistent Threat (APT). These viruses can upload and propagate themselves into IT/ICS systems without any immediate noticeable affect and can collect intelligence data over a long period of time without detection. The Night Dragon attacks work by methodical and progressive intrusions into the targeted infrastructure. Using several locations in China, Night Dragon attackers leveraged command and control servers on purchased hosted services in the United States and compromised servers in the Netherlands to wage attacks against global oil, gas, and petrochemical companies, as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the United States to acquire proprietary and highly confidential information. The primary operational technique used by the attackers comprised a variety of hacker tools, including privately developed and customized RAT tools that provided complete remote administration capabilities to the attacker. RATs provide functions similar to Citrix or Microsoft Windows Terminal Services, allowing a remote individual to completely control the affected system. Most recently another new virus, Duqu, has appeared in the Middle East and potentially differs from its predecessors in that it gathers intelligence data such as design documents and assets from ICS systems for example in order to plan for a future cyber attack. If Stuxnet was a wakeup call for industry, then Duqu is further evidence of the severity of attacks. So it can be seen there is an exponential increase in cyber attacks from increasingly sophisticated malware and what is needed to combat such threats are robust yet simple to implement cyber security technology, sustained, consistent and updated education in this area, enhanced public-private partnerships and well thought out cyber security standards that industry can easily follow in order to truly protect industry plants and assets. The Aggressors The scope of motivation potentially behind a cyber-attack on a nation’s energy infrastructure is a broad remit. “At the forefront of popular consciousness are of course other nation states, criminals, terrorists, hackers and even disgruntled employees,” explains Justin Lowe, a smart energy expert at PA Consulting Group. “This makes cyber attacks difficult to defend against because the attacker could be located anywhere in the world, and could even be internal to the impacted organisation,” he adds. Despite the huge variety in aggressor origins, Eric Byres, CTO and VP Engineering of Tofino Security Product Group, Belden Inc. and the world’s foremost authority on ICS security says that often the real dangers are overlooked. “People tend to focus on terrorists and hackers, but
  • 4. Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com currently criminal groups are a more likely aggressor. There are lots of financial motivations. Impacting the production of a competitor, short selling the shares of a company undergoing a production, environmental or safety incident or extorting money under the threat of a disruption are all potentially profitable activities for a criminal group.” These same motivations could also be attractive to nation-states or political groups. However, unlike terrorist or state-sponsored sabotage, which still tends to be accompanied by violence and a tendency for the spectacular, Dorey notes that unless attackers admit to perpetrating an attack victims are left with complicated difficult forensic tracing which could lead to an involuntary accomplice (like someone’s computer owned by a botnet) as much as the real perpetrator. “However, good intelligence work does tell us that the attackers do tend to fall into 3 groups categorized by motives and capability: State Actors – concerned with economic espionage, possibly also carrying out intelligence into the possibility of disrupting critical national infrastructure. Secondly, organised crime, which is typically looking for opportunity for fraud or information theft. And finally, Hactivists, individuals or organisations often protesting against the political, economic, social or environmental activities of companies of governments. This includes both highly connected and capable attackers but also a whole raft of technically unsophisticated and inexperienced attackers,” says Dorey. Vulnerabilities As touched on above, the vast majority of control systems were not built with security in mind. The introduction and proliferation of standardised IT systems and IT networks in industrial control systems has brought the possibility of cyber attacks deeper into focus. The criticality to Middle Eastern nation states, and their customers for a reliable and uninterrupted, predictable oil supply has never been sharper. Looking at the growth of upstream asset management and production expectations, the importance of rolling out intelligent systems which can deliver this requires technology which many see as the core vulnerability to cyber attack. “This is taking place in the context of a time when many existing oil and gas reserves are going into or are already in decline and new reserves are more difficult to find, develop or produce. These changes result in a more complex, integrated energy infrastructure with a greater reliance on information technology, operations technology, and communications,” explains Lowe. As a result, this evolving energy infrastructure is more vulnerable to cyber security issues. Improve efficiency and increase production from oil and gas assets is driving adoption of wider digital oilfield implementation is gaining value . With these changes comes the extra threat of cyber attack and it is imperative to understand what E&P data exists, where it needs to flow and where the security risks are in order to keep DOF implementation secure.
  • 5. Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com “To coincide with this need for more integrated I, there has been a dramatic increase in cyber security risks. There are now well publicized security incidents affecting oil, gas, electricity and water companies and infrastructures. The sophistication of these attacks has increased over the last few years and it is now time for all energy companies to identify and evaluate the risks they and how they address them,” he adds. The vulnerabilities in the oil and gas business are very real, adds Byres. “There are real weaknesses. The systems deployed in the energy sectors were never designed to be secure – they were designed to be safe, reliable and productive. Unfortunately the hackers have discovered this in the past year and the list of known product vulnerabilities has exploded,” he warns. Of course, failures in computer systems can and do happen by accident, but these should be managed separately to a cyber security strategy, stresses Dorey. “A security incident comes from deliberate malicious intent and needs defence and detection mechanisms that look to outthink a deliberate adversary - this is not the case with mistakes and is why safety risk management does not automatically extend to security concerns. “Some security attacks (like propagating viruses) spread to and impact systems that the attacker did not intend to attack, and many industrial control systems have suffered from this type of ‘collateral damage’ rather than being deliberately targeted. Accidental or not, it is still key that ICS systems are defended against unintentional spread,” he adds. Right approach Despite the myriad threats, experts largely agree on the approach necessary to avoid a catastrophe, be it commercial, environmental or otherwise. “The very first place to start is to do a risk analysis to determine exactly what is the “worst- case scenario” for a specific plan or company,” says Byres. “Then companies need to develop mitigation strategies to make sure those scenarios never occur. For example, in the oil and gas industry, the Safety Integrated System (SIS) is the last line of defense against a major process disaster. Unfortunately these systems are often only loosely secured, if at all, so protecting these needs to be a priority. In industrial control systems the main weaknesses that are exploited are the connections with other business, industrial or engineering systems, and even the internet. In many cases these systems were not originally designed with cyber security in mind, so weaknesses around access control and communications resilience can be straightforward to find and exploit. This is further exacerbated by the fact that updating or patching these systems to address known weaknesses can be logistically challenging in production environments. “It is also important to understand that even where systems are isolated there are still risks – attacks can still be performed by individuals or by intentionally planting or accidentally transferring malicious code into these systems,” says Lowe.
  • 6. Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com “A common security approach is to secure the connection between systems but often the systems themselves remain vulnerable behind these secure connections. The vulnerability of the core systems is the real issue as it is very difficult to manage the ongoing security of these systems,” he adds. A key area to focus on are new projects where new systems and technologies are being deployed. It is essential that cyber security risks are identified and addressed as part of these projects as bolting on security later is costly and less effective than getting it right from the start. Throughout the local upstream industry there is an understanding of the risks, and the need for a coordinated security strategy, however the cross-over responsibilities between project engineers and senior managers can lead to confusion over where best to start. Dorey says the biggest management challenge in industrial control systems is the gulf between security expertise – usually held within the IT function – and deep engineering and industrial control knowledge, held by the plant engineers and technology team. “Some IT security solutions work well in the ICS environment and others are disastrous. Getting teams cross-trained and skilled with hybrid security and ICS knowledge must be a priority. Security vendors also need to significantly improve their understanding and build industrial strength security solutions, a few key suppliers understand the requirements but most just offer standard IT solutions which could even create rather than solve security problems,” he warns. Safeguards The security challenges are significant, and there is no silver bullet solution to cyber security either in the corporate environment or industrial operational environment. “New technology solutions are being developed all the time – many of which are very useful in securing systems. However, many organizations naturally focus on technology as the main method of dealing with security risk. However, the best safeguard is understanding the risk and establishing a security culture within the organization to address the risks. Ultimately, organisations rely on people, process and technology to be secure,” explains Lowe. “One of the most effective safeguards an organization can invest in is being prepared to detect and respond to a security incident. This can be as simple as developing some pragmatic procedures and can be more valuable than spending significant funds on the latest security technology solution,” he adds. The upstream industry may have some advantages over other process-reliant industries such as the utilities and telecoms sectors, says Byres. “Compared to the other industries, oil and gas companies and operators are probably more likely to embrace the necessary cyber security steps once they are aware of the risks they are facing, because most of them actually have a solid risk management culture. They can quantify what bad security could cost them
  • 7. Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com and then make the decision to do something. In contrast, the power industry and manufacturing industry tends to be lost when it comes to moving to address the risk until they have a problem or are legislated to do something.” Wireless Concerns Additionally, the step to wireless, which has always raised security related questions from the industry, may actually be helping migrate upstream firms into safer territory.“Frankly most of the wireless deployments I see are better than the wired ones in terms of security. People see the word “wireless” and they immediate ask themselves: What do I need to do about security? With wired systems, security never crosses their mind,” Byres states. Whilst wireless networking can introduce potential security risks to networks and facilities, many secure wireless solutions have been developed. It is, however, easy to implement wireless solutions in an insecure way that can introduce security weaknesses. “Companies implementing wireless solutions in the industrial environment should only do so having been informed by a thorough risk assessment and should design the wireless solution to address the identified risks,” explains Lowe. “These should be reviewed on a regular basis and action taken as required to maintain security levels against an evolving threat and risk landscape.” Outlook Many local energy companies are only just beginning to recognise the cyber security risks. However, that recognition has kick-started an appetite to address, explore and counter future threats. The upcoming Abu Dhabi International Forum to discuss the cyber security of energy and utilities sectors in the Middle East is proof that the threat is being taken seriously by energy and utility players throughout the region. With participation from leading cyber security luminaries, and their local upstream energy and utility counterparts, means local business leaders are embracing the need for rapid, but planned adoption of a cyber security framework. The Middle Eastern energy industry could not be more vital to meeting the Gulf’s aspirations, as well as the stability and general wellbeing of the global economic system. The threat is being tackled, but the oil and gas industry, and its utilities counterparts cannot pause for deliberation. Action to match good intentions is now as critical as the challenge. Article Source: http://www.arabianoilandgas.com/article-9868-digital-danger-zone-tackling- cyber-security/1/ Cyber Security Services Provided by iFluids Engineering < To know more send email to john@ifluids.com> •IT Security Awareness
  • 8. Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com •ISO 27001 Introduction & ISMS Primer •Essentials of ICS Engineering •Essentials of SIS and Safety Life Cycle •ICS Security and Network Management •Identity and Access Management For more information regarding iFluids Engineering Services & Past Project Track Record please visit here Disclaimer: All information and content contained in this website are provided solely for general information and reference purposes. TM information, Images & any copyrighted
  • 9. Contact john@ifluids.com (or) info@ifluids.com Contact john@ifluids.com (or) info@ifluids.com , www.ifluids.com material inadvertently published or depicted belong to rightfull owner and iFluids doesnt claim to be its own #NIST SP 800-53 #NERC #CIP #CyberSecurity #ISO27002 #IEC27002 #ISO27001 #IEC27002 #NIST #ISA62443 #IEC62443 #ISA99 #IACS #iFluids #InfoSec #NetworkSecurity #ICS #Automation #ControlSystem #GIACS #PEBC #Protection #Endpoint #Firewall #Routers #Switch #ISO31000 #DMZ #Layer3.5