Opinion

Need protection against potentially catastrophic hacks in the digital oilfield? Blockchain is the innovative new solution

Posted by art adair

09-Aug-2018

xage.com


 

by Duncan Greatwood, CEO, Xage Security

 

Introduction

As the digital oilfield continues to progress and evolve across upstream, midstream, and downstream, oilfield cyberattacks are increasing, while the industry's cybersecurity preparedness remains low.

 

In fact, oil and gas is the nation's second most targeted industry, with more than seven out of every ten companies reporting a minimum of one cyber incident per year. Even so, many companies have yet to raise the urgency of their cybersecurity upgrades. Reality check: Increasingly digitized control systems, the growth in malware, denial of service attacks, and spyware aimed at capturing field data are just a sampling of the challenges the industry faces. As a result, the timing is right for an innovative cybersecurity solution that fits well with the structure of oil and gas operations and is quickly proving its value across industries: blockchain.

 

The Threat of Vulnerable Systems

The driving force of the current cybersecurity threat lies in industry's dependence on systems that are not up to the challenge of fending off today's continually evolving cyberattacks. As digitization and connectivity promise a new era of productivity, including in-field automation and IoT, companies reliant on IoT endpoints, IoT apps, SCADA, PLC, RTU and HMI systems are not properly safeguarded and are left vulnerable to attack.

 

When combined with the ever-growing exposure risks from connected, transient devices and applications, such as smartphones, laptops and a host of online tools, the attack surface, as compared to even five years ago, has increased significantly. What's more, potential hackers are not necessarily only Russian, Chinese, or other state-backed actors, but can simply be disgruntled employees, utilizing saved passwords to access a system and cause catastrophic damage.

 

Building Blocks of Security

While various techniques have been deployed in combating cyber threats, it has become clear that additional innovation is required. Blockchain, a technology made into a household name by the financial industry, has already begun making oil and gas companies' systems safer.

 

Blockchain is essentially a robust distributed database that functions as a central ledger of information. It is inherently decentralized, which makes it an ideal fit for the oil and gas industry's distributed sites, wells, and other equipment located globally from upstream to downstream.

 

Blockchain has no single central data store that is vulnerable to attack and is structured instead with individual data blocks saved to many different places. How does this chain of electronic blocks protect oil and gas operations against malicious actions? The blockchain computers (or nodes) cooperate to approve, verify, and record any change to a system. Because the system's nodes must work together to synchronize and authenticate information, the entire system becomes tamperproof and redundant.

 

Blockchain's strength and ability to tamperproof is centered on one paramount attribute – since no central point exists, correspondingly no central point of failure exists. With traditional, centralized security systems, once an intruder gains access at a single point of vulnerability, they can then gain access to the entire system. With a blockchain-protected security system, nodes will collectively identify and expel false information, healing the system and preventing an attack from migrating from one entry point to other devices, control systems and locations.

 

Bounty of Benefits

Blockchain's ability to tamperproof an oil and gas operator's entire system has many benefits. For one, such comprehensive protection means that system integrity is ensured from deployment through operation.

 

By requiring login through blockchain for device and controller access, not only are ransomware attacks stemming from compromised controllers prevented, but all devices can be protected, including ones that do not have their own password protection. Passwords and fingerprints for individual devices and control systems are hidden from users, access is granted via local or remote authentication for the oilfield worker or control application based on individual identities and work roles, and access and change actions are recorded in the tamperproof blockchain log.

 

What's more, the more nodes within a company's system, the stronger it is. This “strength in numbers” is achieved because an attack would only succeed if all nodes were compromised precisely at once. Therefore, with more nodes added to a system, contributing a virtual blizzard of credential verification and expelling false information in real-time, a simultaneous system compromise becomes all but impossible.

 

Replication and redundancy in the blockchain also provide important protections. Replicating field information to the cloud not only keeps the information secured and readily available, it allows for reproduction of nodes in the event they are damaged. By having copies in a company's system, passwords and logs can be totally reconstructed, which is of immeasurable value if a disruption does occur.

 

Digital Oilfield Security for a New Age

Blockchain is changing the cybersecurity paradigm. Already, forward-thinking oil and gas companies are utilizing blockchain-based technology to control access to critical equipment, expose dormant malware, and automate system-wide security.

 

It is critical that others in the oil and gas industry follow in step, embracing this technology to address today's risks, rather than just thinking of it as a promising future technology. With oilfield cyber attacks constantly increasing, the industry must assign a higher priority to implementing security that can truly protect the scope and nature of their increasingly digitized and connected operations, ensuring long-term stability and productivity.

  

###   Duncan Greatwood is CEO of Silicon Valley-based Xage Security (www.xage.com)


Visit source site

xage.com

Cybersecurity