Keeping the Flow:  Cyber-Proofing Oil & Gas Production

Need to “cyber proof” Oil & Gas production operations? Imagine safely keeping production running, even during an ongoing cyberattack. This article explains how.
Picture of Kevin J. Rittie

Kevin J. Rittie

Cyberproofing Oil and Gas Production

In our everything-goes-digital era, the upstream Oil & Gas industry finds itself at the crossroads of innovation and vulnerability. Securing upstream Oil & Gas operations goes beyond the frameworks commonly addressed in IT security. This blog post begins to peel back the layers of OT security in Oil & Gas, unveiling the approach needed to maintain production, even during an ongoing cyberattack on the IT network. 

Something, Something, Cyber Kill Chain

While Lockheed Martin’s Cyber Kill Chain is commonly (over) used to understand the anatomy of an IT cyberattack, it is important to note that the goals of such attacks differ greatly when compared to OT cyberattacks. While generic IT attacks involve tactics such as data exfiltration or ransomware, attacks on OT and industrial operations generally target the functionality of the operation itself, with the goal of causing a disruption that makes headlines, as well as having a noticeable impact as it ripples through society. Unfortunately, the attacker’s objectives are becoming more dangerous, as some attacks are designed to cause bodily harm to workers at the site, negating the elaborate safety protocols designed to prevent such incidents, or to cause harm at a community level such as seen in recent water system attacks. 

The stakes of the game are much higher when dealing with OT security, thus, preventing cyberattacks from successfully traversing the cyber kill chain becomes a matter of life and death. We are no longer just protecting information; we are protecting physical assets and human lives. 

“The stakes of the game are much higher when dealing with OT security, thus, preventing cyberattacks from successfully traversing the cyber kill chain becomes a matter of life and death.”

The Shutdown Showdown

Within the context of cyber resilience, Unidirectional Gateways have proven to be an instrumental component. Unidirectional Gateways inherent unbreachability allows for continued operation even during an ongoing IT cyberattack.  This ensures that production continues as IT responds to identify and contain the attack and how to best respond.  

Now, realistically, production may still need to be stopped since commercial support systems, for example, billing, typically reside within the IT networks.  The unavailability of these support systems might negate the ideal situation of keeping operations up and running.  Fortunately, Unidirectional Gateways remove the urgency to abruptly shut down operations, providing time to calmly consider the next steps in incident response versus a crisis system shutdown.  Following the proper triage of the incident, if no system shutdown is warranted, operations can securely remain running, or an operationally sound shutdown and restart process can be executed, reducing safety and commercial risks. 

Compliance throughout other industry sectors

Before the infamous Colonial pipeline shutdown, the Midstream sector was fundamentally self-regulated with regard to cybersecurity, with little to no regulations from authorities. Once the Colonial incident happened, the regulations and compliances began rolling out, with many in the industry frustrated that IT concepts were being improperly applied to OT

Unidirectional Gateways offer such a high level of OT security, that when regulations start rolling out, many of the compliance points are already met. In some cases, some of the details for compliance with the regulation are explicitly not required when there is an Unidirectional Gateway.

Cloud and IT connectivity.

An expanding desire for O&G companies is the ability to leverage their industrial data in order to perform complex analysis as they seek to find new values, reduce costs, or achieve operational efficiencies.  These analysis tools are often cloud-based, meaning that information from the isolated/segmented OT environment must be made available to these tools, therefore, a secure means of transferring information across network boundaries is a must, keeping OT networks isolated from the internet as a means of reducing the risk of cyber attacks.  Firewalls mitigate but do not remove these risks, thus, the deployment of a UDG for these operations can ensure safe exchanges of data to corporate and the cloud.   

Unidirectional Gateways are the safest way to connect industrial systems to The Cloud and the internet, facilitating the flow of data from OT to the desired analytics environments, without letting any information flow back into the industrial system. This allows OT to be “connected” to The Cloud with a secure intermediary that reduces the attack surface while expanding functionality. 

The journey to cyber-proofing O&G production operations requires a multifaceted approach. By prioritizing OT security, leveraging Unidirectional Security Gateways, and staying ahead of regulatory developments, the industry can navigate the challenges posed by cyber threats while embracing the opportunities presented by digital innovation. In doing so, Oil & Gas companies can not only safeguard their operations but also pave the way for a resilient and connected future. 


About the author
Picture of Kevin J. Rittie

Kevin J. Rittie

With over 30 years in the control system market, Kevin Rittie is a seasoned software and cybersecurity professional who has led diverse development groups with budgets up to $10M. He has a comprehensive background, starting as a project engineer and software developer, and has excelled in roles such as Product Management, Cybersecurity, Sales, and Marketing. Kevin's innovative contributions include leading the design of a patented control visualization architecture and driving the development of energy management solutions, culminating in the establishment of his own business, RevelationSCS, focused on change management, software practices, and securing critical infrastructure.

Stay up to date

Subscribe to our blog and receive insights straight to your inbox