Our Platform

    Protect and safeguard your OT network and operations with the industry's most advanced, most capable cybersecurity platform.

    Learn More

      icon for visibility

      Asset and Network Visibility

      Discover and visualize every asset and every network connection in your OT environment.

      icon for policy enforcement

      Policy Enforcement

      Segment your network and enforce granular policies for true Zero Trust cybersecurity.

        icon-alert

        Anomaly and Threat Detection

        Identify unexpected or unauthorized activity, from Level 0 signals to cloud connections.

        icon for signal integrity

        Signal Integrity Validation

        Monitor physical process signals to detect threats and prevent system damage.

          Mission Secure Platform Overview

          Learn More

            Industries

            Keep your organization secure against cyber threats and take control of your OT network.

            View All Industries

              A Comprehensive Guide to Maritime Cybersecurity

              Learn More

                Resources

                Find helpful OT and ICS cybersecurity resources, guides, and downloads.

                View All Resources

                  eBook: A Comprehensive Guide to OT Cybersecurity

                  Read More

                    About Us

                    Our team of world-class OT, IT, and cybersecurity experts are setting the standard in OT cyber-protection.

                    Learn More

                      Cyber Risk: From a Hacker's Point of View

                      Listen Now
                        3 Min Read

                        Bloomberg | ‘Arm Waving’ Response to Hackers Makes Oil Industry Easy Prey

                        Written by Mission Secure News Desk

                        Bloomberg | ‘Arm Waving’ Response to Hackers Makes Oil & Gas Easy Prey featured image

                        May 12, 2021

                        • Cybersecurity spending in sector lags electric, banks and tech
                        • Industry ‘struggling with self motivation’ to defend itself

                        A few years back, a private equity firm hired the cybersecurity company Mission Secure Inc. to inspect its oil and gas operations in West Texas to make sure they were secure.

                        Everyone from the facility managers to the private equity owners assumed that the plant’s computer network was “air-gapped” -- a term referring to computers that aren’t connected to the internet or another unsecured network. But when Mission Secure installed monitoring devices to check, they discovered that a worker on the night shift was connecting his Roku device to the internet to watch episodes of “CSI: Miami.”

                        The incident reflects a historically lax cybersecurity culture in the oil and gas industry -- one that is now in the spotlight after the massive ransomware attack against Colonial Pipeline snarled fuel supplies along the East Coast. The sector has long resisted cybersecurity regulation or substantial investments in part because they haven’t seen much of a need, according to industry and cybersecurity experts.

                        The oil and gas industry, which includes the companies that own wells, pipelines and refineries, has long been a laggard in security spending and that gap has only widened in the last three years versus financial services and telecom industries, said Brian Walker, a principal at The CAP Group in Dallas, a risk advisory firm.

                        Small energy companies spend about 0.25% of their revenue on security, compared to 0.75% for big electric companies, Walker said. Big tech companies and banks, which generate significantly more revenue, spend about 1.5%.

                        “The industry is struggling with self motivation to initiate action to defend themselves,” Walker said, adding that there is no “real” regulation. “There is still only discussion and arm waving.”

                        Colonial Pipeline became aware of the attack about May 7, after attackers had stolen nearly 100 gigabytes of data and encrypted at least a portion of the company’s IT network -- the portion of its network most of its employees use to check their email, review contracts or write and distribute invoices. However the company also took much of its operational systems offline – the side of the network where machines talk to machines to actually push gas up and down the pipeline. There is no evidence Colonial’s operational technology systems -- which isn’t connected to its IT system -- were compromised by the attack, the company said.

                        A ransomware group called DarkSide is believed to be behind the attack.

                        In a response to questions from Bloomberg, Colonial, which operates the biggest U.S fuel pipeline, defended its cybersecurity practices, saying it has increased overall spending on information technology by 50% since 2017, when a new chief information officer was appointed. Colonial uses more than 20 different and overlapping cybersecurity tools to monitor and defend the company’s networks, and its third-party investigator “has acknowledged many of the best practices we had in place prior to the incident,” according to a statement provided to Bloomberg.

                        “Colonial Pipeline takes its role in the United States infrastructure very seriously,” according to a statement. “We had and continue to have robust protocols in place to detect and address threats proactively and reactively.”

                        In addition to relatively meager spending on cybersecurity, the oil and gas industry is governed by different agencies and rules. The Federal Energy Regulatory Commission was given authority to set cybersecurity standards for electric grids by Congress in 2005. Fuel pipelines, meanwhile, fall under the jurisdiction of the Transportation Security Administration -- part of the Department of Transportation -- which has provided voluntary cybersecurity guidelines.

                        “The power sector at least has defensible infrastructure, even if it’s not being adequately defended across the board,” said Rob Lee, founder of the infrastructure security firm Dragos Inc. “The gas sector is under-resourced and hasn’t been as high a priority for the federal government.”

                        Tom Fanning, chief executive officer of the electric utility Southern Co. and a member of the Cyberspace Solarium Commission, said it would be better if the energy sector all fell under the umbrella of the Department of Energy and had the same reliability standards. He said he worries that the problem may get worse as solar and wind get integrated into the system, making the job of avoiding cyber-attacks more complex.

                        “Because of the interconnectedness, we need to reimagine how we work together and how we defend ourselves in conjunction with -- this is a joint relationship between the private sector and the federal government. That’s the big point,” he said.

                        Attacks on energy infrastructure have been a persistent worry of U.S. officials for the better part of the last decade, as foreign adversaries have shown the desire and ability to do it.

                        In 2013, for instance, Iranian hackers breached the control system of a small dam in Rye Brook, New York, but weren’t able to operate the gate that controls water levels because it had been manually disconnected for maintenance. Russia, meanwhile, has repeatedly hacked into Ukraine’s electrical system.

                        It’s not yet clear whether the ransomware attack against Colonial Pipeline will force major changes in the oil and gas industry, either with additional regulations or cybersecurity spending. David Drescher, co-founder and board member of Mission Secure, was skeptical that it would become a “digital Pearl Harbor.”

                        “You’ve got to get the culture change at the top where the board is getting updated on their cybersecurity posture as often as production and revenues and EBITDA,” he said.

                        — With assistance by Gerson Freitas Jr

                        Read the original article, ‘Arm Waving’ Response to Hackers Makes Oil Industry Easy Prey.

                        Read More

                        Interested in learning more? Send us a message.