Security System Design in The Oil and Ga-2
Security System Design in The Oil and Ga-2
Security System Design in The Oil and Ga-2
Welcome! !أهالوسهال
INTRODUTION - Objectives
ا ألهداف- مقدمة
Source: http://www.intetics.com/wp-content/uploads/securityman.png
Differences between IT
and automated systems
Without getting too much into technical details
it is important to know the differences between
IT and automation.
• Automated systems are real-time IT are not
• Industrial Control Systems (ICS) are hybrid
systems: partially standardized, partially
developed privately.
• Anti-virus software does not function in an
automated system
IT and ICS Protection
• This is a vast and complex field and deserves a course
of its own. We shall touch the basics here.
• Theft of data and proprietary information using
personal devices such as CDs, SD cards & thumb
drives.
• Theft or damage can be intentional or come from
system breaches. In relation to the internet and IT
breaches can also result from irresponsible user
behavior such as social media practices, clicking on
links, visiting unauthorized sites.
IT and ICS Protection : 2
• “Prevention is the Holy Grail of cybersecurity, but in
many ways it is unreachable. So instead we try to
deter employees from making bad decisions by first
letting them know we're watching them and that
they're likely to be caught. That's the detection part.
We then let them know their employer cares if
they're having a rough time and has programs in
place to assist them. That's the mitigation part.”
(Stick and carrot politics).
• Deanna Caputo US MITRE program
Source:
http://www.mitre.org/publications/project-stories/the-human-factor-u
sing-behavioral-science-to-counter-insider-threats
IT and ICS Protection: 3
• The part of security design dealing with IT, Internet
and ICS systems and their interface will most often
be the domain of the ITO or CTO Information/Chief
Technology Officer.
• Technology security is one half of the security
equation, with physical security making up the
other half.
• “A carefully constructed and strategically designed
‘Defense in Depth’ model is the only viable answer.”
Source: Eric Byres, Chief Technology Officer, Belden’s Tofino Security
http://www.pipelineandgasjournal.com/defense-depth-
reliable-security-thwart-cyber-attacks
IT and ICS Protection: 4
• “Information-security experts indicate they've
been warning their companies for years that
the greatest threat to organizational databases
isn't an attack from outside hackers. Rather,
it's often disgruntled or simply dishonest
employees...Providing employees with a third-
party reporting mechanism that's confidential
and impartial is one approach being used by
companies to head off internal sabotage.”
Source: Laabs, Jennifer. 1999. "Employee Sabotage: Don't Be a Target!
(Cover story)." Workforce (10928332) 78, no. 7: 32. Academic Search
Premier, EBSCOhost (accessed December 18, 2014).
SCADA – A Beast Apart
“ SCADA (Supervisory Control and Data Acquisition)
refers to industrial control systems at the core of many
systems deployed by industries ... SCADA systems are
used to gather, monitor, and analyze critical data which is
usually managed by a centralized control center. These
systems are complex because they include a myriad of
hardware and software components using
differing communication protocols and require a number
of outside vendors and specialists to integrate the
technologies and are thus very expensive to deploy and
maintain.”
Source: http://petrocloud.com/oilfield-monitoring/
oil-and-gas-scada-system/
SCADA – A Beast Apart: 2
• Remote sites require special hazard rated equipment
• Prohibitive costs
• Only largest oil & gas companies own these
• Expensive hardware/software contracts & seat
licenses
• A 3 part framework:
-SCADA application and server(s);
-DMS applications and server(s);
-Trouble management applications and server(s)
How to Cope with Insider Threats
• Background checks and discreet surveillance can help
control this threat.
• Surveillance of social media activity can reveal valuable
insights
• Site access control
• Surveillance recording
• Training & employee awareness
• Access based on need to know authorizations
• Reporting mechanisms combined with recognizing
employee fidelity
Insider Threats –Behavior Analysis
• Behavioral analysis and surveillance can also assist
in reducing the risk of internal threats. Some
unusual behavior patterns to be aware of are:
• personnel frequently visiting in areas they are not
assigned to
• unnatural interest in unrelated areas or information
• remaining longer then the end of working shift
• attempting to gain access to plant schematics,
blueprints or layouts
Insider Threats – Behavior analysis :2
• A marked increase in personal telephone
communication, particularly if in restricted,
sensitive or unassigned areas. (colored or coded
passes can eliminate this or make it more obvious)
• entry and exit points left open and or access keys
missing (tighter control of keys and codes a must)
• using cellphones or cameras to photograph
sectors of installation.
• handmade drawings, map or sketched plans.
Insider Threats – Behavior analysis: 3
Source: http://www.lradx.com/site/content/view/294/110
Offshore – Special Considerations: 3