Page 137: of Offshore Engineer Magazine (May/Jun 2015)

136 138

that all data, whether production statistics, a right on it,’ and knowing that it could be two or

Microsoft Windows security update, or a movie three days before the change is made. You have on Netfix, has to be carried by a satellite link to bolster the system ahead of time to be able to that may be little better than a residential In- tolerate that amount of downtime, because if it ternet connection. Platforms relatively close to is truly a security event, there needs to be some the shore might have a fber-optic connection, kind of mitigation strategy in place to contain the but even those can be slow depending on the event for the time it takes to get the personnel out confguration. there,” Cornelius said.

First and foremost, the limited human resource

BANDWIDTH’S IMPACT options on a platform normally precludes keeping a cyber security expert on a permanent basis. This Why is bandwidth so important? Why don’t is arguably the most signifcant single element the same communication limitations impede a of the larger discussion. At the same time, the hacker and actually make defense easier? Corne- conventional wisdom says it is not practical to lius offers a clear example scenario: “The lack of support a platform remotely due to the bandwidth bandwidth primarily affects the security person- limitations. So where does that leave an operator? nel’s ability to gain visibility into what’s actually “When I was with BP, there were times when we going on. Let’s say a third-party engineer comes knew we would have to do some upgrades, even in from his contracting frm to do some sort of simple Windows updates, and we would have logic update or maintenance. He brings his thumb somebody on the phone talking platform opera- drive, inserts it into the system and creates a tors through the process, or we would have to malware outbreak. So the malware spreads and send somebody out there,” said Graham Speake, starts to cause problems. More traditional opera- chief product architect for NexDefense. “If it’s a tional troubleshooting will have to occur, under- vendor upgrade, doing that remotely is diffcult. taken by the on-site personnel. Only once they

So a vendor would send a service engineer out, determine that a security event has happened and he’d have to go through the will they loop the security team into whole process: book the helicopter, the situation. Whereas if we had a get training in offshore safety, and higher bandwidth connection, say get all the equipment; it’s not a quick to the onshore facility, I would have process.” been gathering a lot more logs and

Each platform is different, and the putting them into an alerting sys- mix of resources and limitations can tem within my site. I, as a security be all over the map. Eric Cornelius practitioner, even if I were not on the is consulting director for Cylance platform, would have been the one and has also spent much time on to identify the incident and it would platforms. “I’ve seen some platforms have happened much sooner.” that have pretty good bandwidth, and With more conventional security

Graham Speake some that don’t,” he said. “That leads infrastructure, such as would be avail- to a lot of interesting security decisions that have able on a similar onshore facility, it would be to be made because most platforms do not have easier to spot a malware outbreak before more a resident security guru on site. That brings up damage is done. But what about the idea that the the question of how much automation we can same limited communication might slow down get away with in a platform environment versus the invader? Speake said that’s true, at least to having to send somebody out to make all sorts of some extent, assuming the invader is actually little changes. We also know that complexity is the coming from the outside. “What’s your biggest enemy of security, but in this case, we might have threat vector,” he asked. “Is it the external person, to tolerate a little more complexity to avoid the or someone on the inside? You’ve got to look at headache of having to shuttle manpower back and both. Certainly to the external one, the limited forth. Even if you have people available, there’s the bandwidth helps the defender. But an attacker can timeliness of the matter. see where the route is going and then adjust. Even “We’ve grown so accustomed to our security with low bandwidth, there’s a lot he can still do teams being able to take action and the result to map out the network. A skilled attacker won’t of that action being felt instantaneously. So how mind taking a week, a month or more to map out do we stomach it when somebody says, ‘We’ll get the entire network if he really wants to get in. oedigital.com

May 2015 | OE REVIEW 139 137_OE0515_REVIEW_Safety&Security.indd 139 4/20/15 10:35 PM