TECH SHOWCASE: Promoting 'Cybersecurity Hygiene'
Oil and gas companies across the value chain are increasingly integrating “smarter” digital technologies into their onshore and offshore facilities. These sophisticated technologies – manifestations of digitalization and the Internet of Things (IoT) – provide robust, real-time operations and maintenance data that give users unprecedented insights about their facilities.
Despite digital and IoT systems’ growing list of capabilities, they can succumb to an ongoing threat. Because they rely on Internet Protocol (IP)-based networks to transmit data, cyber-criminals can hack into them.
“As more connected systems and smarter technologies continue to be applied in a variety of applications and systems, including oil and gas, there is greater risk for cybersecurity vulnerabilities,” said Max Wandera, director of the Cybersecurity Center of Excellence at Eaton, a power management company. “As recent security breaches have demonstrated, cybersecurity continues to evolve and vulnerabilities in both software and hardware continue to be identified.”
Eaton and Underwriters Laboratories (UL) recently teamed up to form a two-tiered line of defense for oil and gas players, along with other industries, that are increasingly operating in this digital landscape. Through this collaboration:
- Eaton is working with UL to advance cybersecurity for power management technologies.
- The organizations are helping establish measurable cybersecurity standards for network-connected power management products and systems.
“It’s critical that organizations practice comprehensive cybersecurity hygiene, making their assets less vulnerable to attacks,” said Wandera. “Further, providing rigorous standards, testing and methodologies to reduce risk is critical.”
Read on for more of Wandera’s insights about power management cybersecurity challenges and Eaton and UL’s efforts to help the oil and gas industry overcome them.
Rigzone: What are the goals of this cybersecurity partnership as it relates to the oil and gas industry?
Wandera: As oil and gas customers seek ways to reduce risk and optimize their investments in exploration and drilling, reducing cybersecurity risk by relying on tested industry engineering and design expertise is critical in broad terms. This collaboration helps provide and drive robust standards, testing and technologies to reduce risk. Through our rigorous cybersecurity processes and having the first lab approved to participate in the UL Data Acceptance Program, Eaton is developing products to meet stringent specifications, regulations and expectations for safe, secure power management.
Further, our work with UL will help establish measurable cybersecurity criteria for network-connected power management products and systems. As we introduce more intelligent and connected systems, and our customers apply these technologies to support electrical power management, this collaboration will help build trust and backup claims supporting the highest level of defense against emerging cybersecurity threats.
Rigzone: What are the shortcomings of existing power management cybersecurity standards that necessitate new ones?
Wandera: UL established a standard for network-connectable devices. At the device level, this is a comprehensive standard. Of course, there are a variety of safety, reliability and other standards for equipment. Yet, to date, no other organization in the U.S. has provide guidance on third-party cybersecurity certification for electrical power management technologies.
There are unique considerations for power management systems specifically and industrial control systems in general. There are very specific real-time performance, safety, and reliability functions that need to be balanced with cybersecurity. Existing standards attempt to drive this but are not as prescriptive as the UL 2900 standard.
Rigzone: Eaton has stated the Pittsburgh lab is the first such facility that UL has authorized for cybersecurity validation of UL 2900-1 and UL 2900-2-2. What’s the importance of these standards in the context of oil and gas operations?
Wandera: First, for clarity, the UL Cybersecurity Assurance program aims to reduce cybersecurity risk by creating comprehensive, standardized, testable criteria for assessing vulnerabilities in devices and applications. Last summer, UL published the general requirements for the UL 2900 Standard for Software Cybersecurity for Network-Connectable Products. These guidelines include processes to test devices for security vulnerabilities, software weaknesses and malware. To comply with the standard, Eaton has demonstrated thorough understanding of the scope of the standards and the ability to meet them throughout the product development lifecycle.
View Full Article
WHAT DO YOU THINK?
Generated by readers, the comments included herein do not reflect the views and opinions of Rigzone. All comments are subject to editorial review. Off-topic, inappropriate or insulting comments will be removed.