Page 101 - Intelligent Digital Oil And Gas Fields
P. 101

70                                        Intelligent Digital Oil and Gas Fields


          •  Lifetime of equipment: The lifetime of the equipment, tools with built-
             in communication channels have a much longer life than IT systems, and
             as a result can become incompatible with the new IT system leaving
             holes for attackers to get into the systems and network.
          •  Machine-to-machine communication: The communication between
             sensors and devices in control systems is vulnerable to data spoofing that
             can lead to unpredictable behavior of the device and create a domino
             effect in an operational environment.
          •  Communication networks: Many communication channels are now
             available, including traditional WiFi, Bluetooth, protocols like Zigbee
             and others. While there are standards on how to use these protocols,
             there are no industry-wide standards and thus provides a mechanism
             for someone to exploit gaps in updates in these protocols.
          •  Traditional Internet Protocol: While the Internet Protocol (IP) has
             existed for a long time, vulnerabilities like denial of service (DoS) attacks
             are getting sophisticated, larger, and more frequent, because they are
             hard for anyone to predict. The increased connectivity of field systems
             through the IP increases the chances of attacks like DoS.
          •  Globally distributed stakeholders: Typical O&G field operations use
             large, diverse teams of company staff, vendors, and contractors who
             are globally distributed and who have varied degrees of training and
             experience. Weak communication between stakeholders can lead to
             bad decisions that could leave vulnerabilities to increases in the threat
             of insider attacks.



          2.4.3 The Actors, Their Motivation, and Kinds of Attacks

          Irrespective of known and unknown vulnerabilities, it is good to understand
          the main category of attackers and the motivation of these actors.
             Intellectually curious: These non-malicious attackers take it as a hobby to
          solve challenges associated with vulnerabilities they discover accidently or
          from published reports by various cybersecurity industry experts. While
          such attackers have no malice, their activity could lead to disaster for
          O&G industry operations.
             Former employees: If disgruntled or turned rogue, former employees can
          sabotage a business based on what they learned about system vulnerabilities
          while being employees.
   96   97   98   99   100   101   102   103   104   105   106