Page 110: of Offshore Engineer Magazine (Sep/Oct 2014)

109 111

considered. For the bad guys, it is all considered. For the bad guys, it is all less). Running old, out of date software among others, but they can also suffer about ? nding the weakest link. For the about ? nding the weakest link. For the coupled with more interconnected from the weaknesses. The real challenge platform owner/operator, it is all about platform owner/operator, it is all about networks, often indirectly connected to is how to prevent unwanted malicious making sure there is no weakest link in making sure there is no weakest link in the Internet, is exposing these systems software from affecting the critical sys- all the partners and suppliers connectiv-all the partners and suppliers connectiv- to more and more risks which is likely tems offshore.

ity systems. And when trouble does hap-ity systems. And when trouble does hap- to result in off shore platforms expe- “When computing systems are new pen, having a way to quickly quarantine pen, having a way to quickly quarantine riencing security issues and potential they are ideally secure and we can off the infected components or systems off the infected components or systems unexpected outages.” supplement that security with anti-virus, without impacting the whole platform,” without impacting the whole platform,” whitelisting, among others,” Knapp

Dollars can add up says. “But over time vulnerabilities are

Byres says.Byres says.

One highly likely effect of a malware “Platforms are having greater and greater discovered, and patched. It’s hard enough bandwidth allocation, often through dedi- infection offshore is unplanned down- bandwidth allocation, often through dedi- deploying patches in a production ICS. cated ? ber cables,” Speake said. “The cyber time. As it is in any industry, downtime cated ? ber cables,” Speake said. “The cyber When your system is offshore it is com- security issues that need to be addressed means money, and offshore the millions security issues that need to be addressed pounded. You need to have regular visits when deploying these networks has been add up fairly quickly. when deploying these networks has been or a reliable and secure network connec- lagging behind, often due to a lack of “Even something that could be con- lagging behind, often due to a lack of tion to the platform. And then you need skilled engineers in the industrial cyber sidered ‘minor’ in business IT could skilled engineers in the industrial cyber to apply the patches. security ? eld and partly due to a conscious have signi? cant cost impact offshore. A security ? eld and partly due to a conscious “That’s one reason why application decision to reduce security and complexity dropped packet could skew visibility and decision to reduce security and complexity whitelisting is well suited for these envi- to ensure greater uptime. impact automated systems to where pro- to ensure greater uptime. ronments: It only needs to be updated duction slips from its optimal state,” says “Typically, oil and gas platforms when a system update or new applica- have limited cyber security profession- Eric Knapp, director of cyber security have limited cyber security profession- tion is installed, which keeps the system als on their staff, and the pressures to solutions and technology at Honeywell als on their staff, and the pressures to better protected for longer periods of time keep the platform up and the workers Process Solutions. “Worst case, of course, keep the platform up and the workers than traditional AV,” Knapp says.

happy (through Internet connections) happy (through Internet connections) there is a loss of visibility or a broader often mean that security will take a often mean that security will take a impact that halts production altogether.

Taking control lesser priority. Security updates such as Regardless, to address any issue is more lesser priority. Security updates such as That all means offshore platform opera- anti-virus signatures ? les and updates expensive when it’s miles offshore on a anti-virus signatures ? les and updates tors need to start working to identify to the operating systems (typically controlled facility.” to the operating systems (typically weaknesses and take a proactive stand

Microsoft-based) and vendor software As communications systems advance, Microsoft-based) and vendor software against possible infections.

are usually a low priority and often may companies reap the bene? ts of real-time are usually a low priority and often may “One challenge is not making your only be upgraded once a year (or even analysis and quicker decision making only be upgraded once a year (or even process control system so convoluted a risk assessment and associated failure creates a mesh network interconnect-

Separating modes and e