Cybersecurity A Growing Safety Issue for Oil, Gas Industrial Plants

Cybersecurity A Growing Safety Issue for Oil, Gas Industrial Plants
Cybersecurity is increasingly being thought of as a safety issue for oil and gas industry industrial plants, Honeywell officials tell Rigzone.

The oil and gas industry is increasingly thinking about cybersecurity as a safety issue for industrial plants, officials with Honeywell told Rigzone on the sidelines of the IHS CERAWeek Conference this week in Houston.

Just a few years ago, cybersecurity was viewed as an expense and an intangible problem; that thinking is changing. Growing interest by the hacker community in industrial control systems has made them a target for cyberthreats.

"What you're seeing in the public corporate sector is a rising number of and severity of attacks; we're seeing the same type of things in the industrial environment," said Jeff Zindel, global business leader Cyber Security at Honeywell Process Solutions (HPS), in an interview with Rigzone. Last year was a noisy year for cyberattacks against industry, with cyber-risks for a host of industries, including oil and gas, expected to keep growing.

The market for cybersecurity solutions for the industrial environment is nascent, but people are becoming more aware of the issues they face here and are starting to act. The lack of visibility into cyber-risks makes it difficult for oil and gas companies to answer the question of what risks they face and how to address them. Companies may do an annual site assessment on an annual basis, which provides a level of understanding on insight on a point basis.

“Security risks are evolving and changing by the minute, which makes the question of the cybersecurity threats a company faces difficult to answer,” said Zindel.

Greater automation and use of digital technologies in industrial sites such as production sites and refineries means that oil and gas companies face greater risk of cyberattacks. According to the findings of a study conducted by Ipsos Public Affairs in September 2014 for Honeywell, three-quarters of 5,000 adults in 10 countries feared that cyber criminals could hack into and control major sectors and elements of the economy. Two-thirds of those surveyed thought that the oil and gas, chemicals and power industries were particularly vulnerable to cyberattacks.

To give oil and gas companies more visibility into their cybersecurity posture and how to address risks, Honeywell released a new cybersecurity tool April 21 for industrial facilities in the upstream, midstream and downstream oil and gas industries, the Honeywell Industrial Cyber Security Risk Manager. Zindel said the Honeywell Industrial Cyber Security Risk Manager is aimed at helping customers proactively identify, monitor, measure and provide understanding about cyber-risks for industrial plants and environments.


View Full Article


Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.

Byron Angel  |  April 27, 2015
Interesting. Bolting the gate after the horses have run out...typical. The state of IT services provided for operations by the oil majors is a joke. Friends make sure their pals have access to anything they want, while restricting others to the point of hindering their ability to perform their job. Time the industry took a close look at the new breed of cronyism rampant in its field and office environments, let alone any worry of outside attacks.
Cris DeWitt  |  April 27, 2015
Excellent article! Im glad you and other authors are highlighting the need for cyber security management in the oilfield, and in particular, rigs. I took a look at the Demo of the Honeywell software on their website - most of the screenshots included IT security elements - windows systems that needed patching, antivirus scan results, border security metrics - all important, but not really the Big Data approach to the control systems I was hoping for. Control systems are mostly custom, and therefore generic software is hard to build that provides sufficient awareness of the cyber health of the network. Its great that Honeywell is attacking that issue. For rigs, and specifically complex rigs (ultra deepwater), we need to start with architectures that are protective in design, but resilient in nature. From my experience, the control systems rely on isolation as the best defense, but more and more, holes are poked in the network to allow for increased monitoring. Software Management of Change doesnt happen consistently so changes made today may not cause problems tomorrow - a ticking time-bomb from my perspective. Some standards are relevant (NIST 800-53, 82, IEC 62443. . .) to measure against. I would hope an automated tool will be brought forth that can perform real-time regression testing of the software, and monitoring of the control network from a control protocol and configuration perspective (as opposed to adapting an IT model). Hats off to Honeywell for making their tool Risk Based though.