Midstream oil and gas companies have digitized and comprehensively networked their systems to increase efficiency. Unfortunately, this move towards digitization increases the risk of a major security breach unless companies act to secure their connected systems. Meanwhile, some companies view cyber-attacks as threats only for “other” companies and thus do not feel compelled to ramp up their cybersecurity protection with an appropriate sense of urgency.
The pipeline industry, in particular, faces significant risk given its technological landscape and what is at stake — including human, environmental and economic safety — should a cyber-attack occur.
Recently, innovative blockchain technology has begun being deployed to protect distributed systems such as pipelines, changing the face of cyber protection and creating a new opportunity to continue improving efficiency while also increasing protection for critical infrastructure.
Why Computer Vulnerability?
Sensors, pressure controllers and measurement devices are deployed along the length of pipelines, as well as at entry and exit points. This has created a sophisticated digital system that crisscrosses the United States and communicates over a variety of networks, from high bandwidth Wi-Fi to low bandwidth cellular, spanning significant distances. This interconnected system creates a broad cyber security attack surface, an inviting opportunity for hackers. Pipeline control, measurement systems and other connected devices are in danger of a variety attack that, given connectivity, will no longer be isolated.
In midstream oil and gas, ransomware attacks are a particular threat. Hackers can claim to have compromised pressure controllers, threatening spills or explosions and demand that ransom is paid by the pipeline owner or operator in return for not causing serious damage.
Other risks, such as data tampering or outright data theft, are not as direct but can be just as damaging. In addition, many data-generating systems lack passwords or have only simple passwords, left unchanged indefinitely. Combine poorly protected devices and controllers with widespread connectivity driven by operators’ desire for access to data for control or visibility and the door is open to cyber-attacks.
Within pipeline digital systems, if a hacker can penetrate — which may require as little as a few seconds — and compromise one component, they are often able to use the compromised component to launch additional attacks on other devices within the system. Given that devices within a network tend to electronically “trust” each other, once one component is tainted, the infection can spread widely and quickly. Distributed by nature, pipelines are vulnerable to physical attacks at myriad locations or, if even a single LAN or device is not well-secured, to digital attack.
How are industries protecting themselves from these hacks? Some pipeline owners and operators have employed “air gapping” or data diode strategies, completely separating pipeline control systems from all outside networks. Unfortunately, technological mobility poses a threat to air-gapped networks. Technicians and other personnel routinely connect transient devices — laptops, smartphones, iPads, USB drives — which may already be compromised, to networks connecting industrial control systems, limiting the possibilities of separation. With increased data sharing and connection, air gapping or reliance on data diodes is not only obsolete but is at best a porous barrier creating a false sense of security for the pipeline company.
Hackers Triggering Actual Damage
It’s impossible to fully know the cause and extent of damage currently facing pipeline companies via cyber actors. However, in recent years, several pipeline incidents indicate possible hacker involvement, including:
In addition, the following accidents provide examples of just how dangerous these systems can be when compromised:
Whether or not hackers were responsible, these are graphic reminders of what can happen if systems are compromised and hackers take control.
Blockchain: the Game-Changer
Blockchain innovation provides hope for a more securely connected industrial Internet of Things (IoT). Blockchain is a unique cyber security approach, as it is distributed by nature and gains strength as more devices are added to a network.
Blockchain does not rely on individual components within a network to be completely secure. Instead, components communicate internally and reach a consensus regarding acceptable and unacceptable device activity. Within blockchain-protected networks, if attackers want to compromise a system, they cannot simply compromise a few subcomponents; they must instead compromise most or all system nodes in order to sabotage the system as a whole.
In a network that uses blockchain security, stealing a password will not give hackers access because the password can be blockchain-protected across a system’s nodes. Effectively, a password is broken into tiny bits and widely scattered among different components. Therefore, accessing a device or instrumentation requires getting a majority of nodes to agree. This makes successful hacks of blockchain-protected industrial IoT networks a virtually gargantuan challenge.
To improve security, pipeline owners and operators can also encrypt data and put encryption keys into the blockchain. As a result, data access is only possible if most participants agree the device or application requesting data is a rightful owner of sensitive information. Plus, the data can be moved and processed in a company’s preferred venue in a way that prevents data from being exposed or tinkered with.
Blockchain lets owners and operators gather data from pipelines cohesively, combine them and run analytics to better understand maintenance and other internal processes. Blockchain is also capable of replicating information in an approved and secure way. This makes it the ideal go-between for corporate headquarters and control centers and, of course, between the pipeline equipment itself.
Policies such as defining which technicians can log in to which equipment are defined centrally and then blockchain replication spreads information across the entire field and the entire pipeline architecture, so that the policies can be enforced locally at the pipeline. Even if connectivity were lost, local blockchain nodes continue to determine who can and cannot access devices according to the centrally defined policy.
Finally, once the nodes have reached their access decision within a network that employs blockchain security, authorized users are not dependent on any individual database to help recover information no matter how serious a disaster. A loss of nodes in the field will not compromise nodes in corporate headquarters when adequate blockchain-protected security is employed.
A vertically integrated pipeline company, relatively unversed in cybersecurity, had key unaddressed data access issues. The company was running a sophisticated analytics application for predictive maintenance on their pipelines and adjacent equipment. This meant that access to data and data validity was crucial. As a distributed product, the analytics application was gathering data from about two thousand points before centralizing and processing it.
The company moved to blockchain-secured data access control for their data-gathering points and central processing system. To avoid data tampering, the data was encrypted and assigned a hash at source. While corporate ran analytics using the encryption keys to prevent data theft, the security system automatically cross-checked data hashes to eliminate the risk of data tampering. In other words, the blockchain ledger took the hashes generated and committed to the blockchain at source and checked them against the data that was being processed centrally, allowing the team to determine whether tampering had occurred, while controlling data access via encryption keys that were also stored in the blockchain.
A conventional protection system for two thousand gas sensors in the field is not adequate. Without a managed identity system and instead with simply a username/password set manually on each sensor, the system is vulnerable to compromise at any of the two thousand measurement points via a compromised or stolen password. The use of blockchain allowed the operator to switch to using all managed identities with complex passwords hidden from users and concealed and tamper-proofed in the blockchain. Following the new implementation, users were able to log into the data fabric using their personal identities without needing to know the password of any individual device and the data fabric was completely blockchain-protected. Access was based on policies set centrally by the pipeline company, giving the company a more secure and fully-automated security approach.
Although blockchain is a fairly new technology, thanks to its capability to solve distributed information problems, its outlook in the pipeline industry is strong.
Blockchain implementation is most impactful when bundling the blockchain solution with the overall software security solution. It’s not necessary for pipeline personnel to become experts in blockchain’s internal operations because the tool functions underneath authentication and identity management, password control, logins, enrollment and data replication.
Blockchain security is the best suited solution to securing industrial IoT, specifically within oil and gas, enabling a reinvention of cyber protection and providing a new platform for optimized operational performance.
Duncan Greatwood is CEO of Silicon Valley-based Xage Security (www.xage.com).