Page 48: of Offshore Engineer Magazine (Sep/Oct 2013)

47 49

a competitive edge for nation state a critical piece of infrastructure on an control model, the main brain of the corporations, the latest attacks—rep- offshore installation like the master system.

resenting a serious escalation have control station (MSC), which acts as Another case feared by many would tried to gain the ability to manipulate the interface between the operator and involve hackers, state-sponsored agents,

HSEQ

America’s critical infrastructure: power the subsea equipment, could become or terrorists using a malicious code grids and other utilities. This all leads infected by a virus brought on board that could send false on-screen read- back to the digitally-weaponized by unsuspecting platform workers that ings to operators of subsea wells. This world of Stuxnet, SCADA infltra- simply just downloaded some music could be similar to the Stuxnet attack, tion, destroyed machinery and net- or video. The virus would then attack where the virus seized control of Iran’s works—in other words, literal warfare, the electronic messages from a human/ centrifuges at Natanz and yet continued

Cannistraro says. machine interface to the subsea unit, to give Iranian operators false readings

The nightmare that many fear is that sending false readings to the subsea that masked the fact the machines were running wildly out of control.

Offshore oil and gas systems are not immune to malicious cyber attacks.

Another congressional source says oil companies have to take all the steps necessary to remove malware from off- shore facilities and protect them from any future attacks. Users could prevent quite a few of these malware attacks with anti-virus systems and updated system software, the source says.

Fighting back

Oil rig operators and strategists have done good analyses of the breaching techniques used by hackers, and they are learning steps to counter or fore- stall them. Yet, company owners have not used that information to prevent attacks. Lewis says oil companies consistently make the grave mistake of underestimating the risks of hacking they face, especially as dependence on computer systems continues to grow.

The New York Times reported only one of 45 types of malware ended up detected by companies’ anti-virus defense. Lewis says while companies are spending more money on cyber defense, it is used in many cases on measures and activities that are ineffective.

Shawn Henry agrees address- ing vulnerabilities just does not work.“Instead of addressing vulner- abilities, you have to know who your adversaries are,” says the former head of the FBI Counterintelligence

Division and president of CrowdStrike

Services. “Our digital DNA is all stored or transmitted electronically

A leader in offshore topsides design.

and it is riding on an inherently insecure network,” Henry said dur- ® ing his keynote address at the ABB

People Oriented...Project Driven www.mustangeng.com

Automation and Power World confer- ence in Orlando, Florida, this past

March.

OE | September 2013 oedigital.com 50 044_OE0913_HSEQ_4_AdvPerThreat.indd 50 8/18/13 12:16 PM