Page 132: of Offshore Engineer Magazine (Aug/Sep 2014)

131 133

Networking pros abound, but beware of cons

Gregory Hale

There is no doubt networking plays a vital role disparate systems are now able to talk to one an- in the offshore oil and gas industry right now other and get messages and commands across to and it will be even more important in the future. one another, but security remains paramount so

With the potential of remote management of you can stay up and running and take share of all multiple platforms from an onshore location, the advantages the technology has to offer. as well as cutting down on system real estate

VIGILANCE IS THE KEY that can enable users to save on time and space

One latest attack, dubbed Dragonfly – dis- to better communicate, the advantages far out- covered by Symantec and F-Secure – is a cyber weigh risks.

The latest technologies grant any offshore user espionage program targeting energy companies. the capability to view any and all aspects of the The attacker’s approach is very strategic and operation, beam back and capture data that will almost surgical in how they are able to get into ensure a safe, smooth, productive, and more proft- various systems. The Dragonfy group has a range able operation. of malware tools at its disposal and is capable of

But keep in mind there are risks. launching attacks through a number of different

First, there is the classic case of a food of data vectors. washing ashore with no apparent rhyme or reason. Dragonfy’s most ambitious attack campaign

Data without context. saw it compromise a number of industrial con-

Second, whenever you talk about networking, trol system (ICS) equipment providers, infect- whether it is over the internet, within a system ing their software with a remote access-type or wireless, you are talking about major security Trojan. This caused companies to install the concerns, which can turn into huge safety issues. malware when downloading software updates for

You can take state-of-the-art technology and computers running ICS equipment, a Symantec place it on your facility, but if you don’t have staff report said. These infections not only gave the that understand attackers a beachhead in the targeted organiza- the key compo- tions’ networks, but also gave them the means nents of what to mount sabotage operations against infected

T he answers are there, that is the they see and are

ICS computers.

able to put that

Dragonfy appears to have been in operation easy part. The hard part is making into the proper since at least 2011 and may have been active the right fundamental decisions that perspective, even longer than that, according to the report. you are firting

Dragonfy initially targeted defense and aviation take the technological results and with economic companies in the US and Canada before shifting and physical its focus to US and European energy firms in put them into perspective.

disaster.

early 2013.

This is where With the manufacturing automation industry, the human factor comes into play. People and including offshore oil and gas, losing around technology need to mesh in front of a monitor. The US$400 billion a year due to unplanned downtime answers are there, that is the easy part. The hard from safety and security incidents, operators, part is making the right fundamental decisions engineers – everyone for that matter – need to be that take the technological results and put them aware of what is happening, and keep everything into perspective. in perspective and in context.

Does the person know what to look for? Are Showing a smart approach to networking will the alerts coming in clearly enough? Is the opera- not only ensure a smoother running operation tor staying on task or thinking about what he or where everyone is in sync, it will allow users to

OE REVIEW she will be doing when the shift ends? All are key bank their share of the $400 billion. questions that should force operators to stay on top of their game. Gregory Hale is the Editor/Founder of Indus-

Those same questions need to arise when talk- trial Safety and Security Source (ISSSource.

ing about securing a network connection. Yes, com) and is the Offshore Engineer contributing the communication is available. And, yes, all the Automation Editor. oedigital.com 134

OE | August 2014REVIEW 133_OE0814_OE Review.indd 134 7/23/14 12:01 AM