CREDC to develop secure, resilient cyber systems for oil and gas industry
2/8/2018
Major storms can damage not only the conventional physical elements of the oil and gas delivery systems — such as the actual pipelines — but also the hardware that supports the cyber systems used to control those delivery systems. When cyber operations shut down, it can have far-reaching consequences, says researcher Art Conklin.
“Getting these systems back online quickly is critical to ensuring the nation’s economic stability,” says Conklin, an associate professor of information system security at the University of Houston.
Cyber networks form the backbone of the energy delivery systems that are responsible for moving natural gas, oil, and hazardous liquids through the nation’s 2.9 million miles of pipeline. The natural gas transmission pipelines connect to about 1,400 distribution systems that service more than 67 million customers, according to the U.S. Dept. of Energy, which funds CREDC’s research with support from the Dept. of Homeland Security.
In addition to natural disasters like Hurricane Harvey, malicious attacks against the energy sector have grown in frequency and severity. While the electric grid has faced the majority of these threats, there is concern that the growing connectivity of pipeline systems to the Internet, to other communications systems, and to the electric grid itself make it increasingly vulnerable to attack. In 2011, a DHS report indicated that terrorist groups have discussed attacking certain pipeline systems.
“Most of the pipeline’s infrastructure has been isolated until the past five years or so, when people realized that network connectivity helped automate processes and improve efficiencies,” Conklin said. “It’s just that at the same time, it also introduced new risks.”
Unlike the power grid, which operates at the speed of light but whose local failures have relatively minor repercussions, pipelines move products through much slower, but with the potential for catastrophic failures due to the combustible properties of the chemicals. A case in point: The 2012 pipeline explosion in a residential neighborhood in San Bruno, Calif., which killed eight people.
To help mitigate those risks, Conklin’s team is creating technology and methodology that provides better security and access controls for processes, equipment, and data. The biggest challenge, he says, is the sheer size of the oil and gas industry’s footprint. The industry, which is involved in everything from to refining to shipping, has thousands of systems worldwide and is in the early stages of upgrading its legacy systems to state-of the-art.
Another challenge are the number of employees and contractors who might have access to these huge, often-global systems.
Still, Conklin believes that the oil and gas sector — which he says has been proactive in addressing the changing risk environment — is uniquely poised to contribute to more secure and resilient cyber systems, ultimately benefitting the nation.
“These companies are looking at this problem holistically, even though their business structure is very complex,” Conklin said. “It’s not unthinkable that as we solve resilience problems for oil and gas, we could be developing solutions that have applications for other industries as well.”
Source: Information Trust Institute