Page 141: of Offshore Engineer Magazine (May/Jun 2015)

140 142

Having a profling tool on the platform makes it easier to spot.

Luallen sees similar issues when users start monitoring network traf- fic. “Once everything is configured correctly, the challenge is taking a tool that’s viewing what’s happening and matching it with a good change management program,” he said. “Ulti- mately, you can’t have cyber security without a good change management program. Otherwise you’ll look at every strange item and wonder if it’s a misconfguration. If there isn’t a clear purpose, you look what it’s doing: It’s impacting this cyber device that has network, time of day, frequency of this type of control capability. Given communications, all those things that that situation, what is our procedure? tend to be, (a) fairly static under normal Do we shut down operations? Do we operating conditions, or (b) directly contact somebody? Is there a potential attributable to an operator action. We loss-of-life scenario? Could it affect needed to turn up the pressure, turn our revenue? How do we manage it? down the pressure, or modify setpoints. Those are variables that the operator

That will have a direct effect on the has to figure out and include in an traffc and the nature of what you’ll see incident response plan.” in the environment. Those are easy to

GOING FORWARD look for with commercial off-the-shelf technologies. It’s also easy to send log- The possibility threat actors could ging information out even through the seriously disrupt a platform is becom- limited bandwidth available.” ing more real and companies should

Profling tools do more than simply extend the range of incident responses identify when an operational change beyond what might seem to be the or a cyber intrusion has taken place. most extreme scenarios.

There are other reasons why traffc “As an operator, you might have to might change, and one of the most choose which systems you think you basic is some sort of misconfguration. can defend, which platforms are the “Misconfguration is a high percentage most profitable, and shut down the of the things (these tools fnd) because rest,” Luallen said. that’s the thing that normally goes This is no action thriller movie — wrong,” Speake said. “People put in a reality is far scarier.

new controller because something has “If one control system has been failed and they don’t look at everything attacked, they probably all have. All that’s going on, they get the switches your communication channels might wrong, and rather than communicat- be compromised,” Luallen said. “Deter- ing between A and B, it starts sending mine what is essential for this opera- out broadcast messages. One thing tion, so you can maintain your process, that isn’t quite right by itself might even if you have to do it manually with not be a big issue, but if two or three people, if you have to fall back to a de- people have put something in incor- fensive position to stop this attack from rectly, those three incorrect devices occurring. If you see a tornado coming, can cause a bigger problem. If a device you go to a place that you believe is safe, sends out enough messages, it might that can withstand the effects, and you give you a denial of service and shut want to have all the things you’ll need down a platform just because some- there to manage.” thing has been misconfgured. Trying Peter Welander is a freelance writer to do something remotely takes a lot and editor specializing in indus- longer, and it is much harder to do.” trial automation.

oedigital.com

May 2015 | OE REVIEW 143 137_OE0515_REVIEW_Safety&Security.indd 143 4/20/15 10:37 PM