The 2017 TRITON attack that compromised Safety Instrumented Systems (SIS) in a Middle Eastern petrochemical facility, and twice shut down the facility, shows that cyber threats with physical consequences are very relevant to the refining industry. The problem is that increased digitization and network connectivity used by modern automation open opportunities for cyber attacks. Given this worsening threat environment, oil and gas cyber security programs that are able to keep the world’s refineries running safely, reliably and efficiently have become a high priority for owners and operators.
Four incidents shut down industrial operations in 2019. Nine did so in 2020. 22 shut-down operations last year. Shutdowns due to cyber attacks are no longer a theoretical problem. Worse, the sophistication of these attacks continues to increase rapidly. In this report, we address the issue of oil and gas cyber security for refineries and dig into two examples of how refining sites achieve network visibility, enable automation and protect themselves with the strongest OT security from modern cyber threats.
Cyber-sabotage attacks are information that breaches the industrial network boundary, this will never change. When we control the flow of information with physical, unidirectional hardware, we control the flow of attacks, no matter how sophisticated or powerful such attacks may become in the future.