Cyber protection in midstream oil & gas, SCADA seems like too esoteric to engage interest of industry outsiders. However, if the spill, explosion or gaseous release are big enough – that focus will change.
SCADA is the system of sensors that measure and control the flows of natural gas and crude oil produced in thousands of oil & gas wells around the nation. They are digital, computer controlled, and widely accessible to a moderately capable hacker.
Disable a level sensor and a tank overflows. Spoof a flow meter input and the computer opens a valve. Over-speeding a compressor risks an electrical failure, spark and explosion.
In a recent study from the Ponemon Institute – The State of Cybersecurity in the Oil & Gas Industry: United States it was reported that, on average, 46 percent of cyber attacks are believed by respondents to go undetected, and nearly 70 percent of oil and gas companies were hacked in the past year.
Every operator has to deal with tens of thousands of these systems and sub-systems. Most have no specific records of what equipment exists, how it’s configured or how it’s secured. Sure, they run OK – but that’s not the concern. So does your PC and smartphone. The difference is your PC and smartphone have passwords, filters and firewalls. This is not the case with most of those producing wells, gathering systems and pipeline sections.
It’s a HUGE task to protect these systems and the only way to start is to establish a cyber protection program that mirrors the safety program. Safety is culturally ingrained in oil & gas operations. It’s a system that works and can be successfully modeled to accommodate cyber protection issues.