A unified approach
STEVE GREEN REPORTS ON THE MOST IMPORTANT SECURITY PROBLEMS WITH IOT DEVICES
The Internet of Things, IoT, has had a significant impact on almost all areas of the oil and gas industry. Connected sensors have been developed and deployed to improve efficiencies, to alert staff to equipment failures and to predict possible trouble before it happens. All of these have helped to give companies an unrivalled real-time view of operational performance.
More data and insights are available to organizations than at any other time in the history of the industry and this has resulted in creating better connected businesses, capable of responding effectively to rapidly changing situations. The information collected by these connected devices has quickly become vital operational data, but has a full appreciation and understanding of the security concerns around this connected eco-system been investigated?
Physical security concerns
By their very nature, energy companies must operate across wide geographies. Naturally, this means organizations have difficulty maintaining oversight into operations. For example, many companies have outsourced asset maintenance to third parties, requiring them to look after valuable equipment, often located far from the main facility. However, this approach often leaves no audit trail of who has accessed what equipment.
Physical keys also present logistical complexities, as the master key is usually stored at head office, requiring those who need access to pick it up and return it afterwards – adding travel time to billing. The alternative, cutting multiple keys then increases risk, as just one rogue employee could cause untold damage that it could be very difficult to discover, investigate or prove.
For this reason, it’s time to digitize the security of energy infrastructure. With IoT wireless locks and the appropriate security platform there is no reason why access to vital unmanned assets shouldn’t be controlled and granted in just the same way it is to a centralized facility such as a head office, data center or bank. Intelligent digital keys allow organizations to automatically grant access to any kind of facility or cabinet based on an employee’s role, work schedule and requirements.
Furthermore, external contractors can be granted access in real-time upon reaching the site. In each case this automatically provides evidence of the site visit, and an accurate log of how long – which streamlines the billing process, and more importantly, ensures an audit trail. Access control has long been a key requirement to manage to entryways of buildings, but now it needs to be translated into all critical national infrastructure in all its forms.
Greater connectivity, greater risk?
Every IoT enabled device, however, can become a potential entry point for cyber intrusions. It has become vital to actively manage the configuration of these devices, to ensure, for example, that they are not deployed with factory pre-set passwords. That there are limits placed on which other applications or systems the IoT devices are allowed to connect with and that regular updates are carried out on the firmware running on the devices.
The other concern for oil and gas companies is nature of the assets being monitored by the IoT enabled devices, often geographically remote, unmanned and in some cases protected by limited physical security measures. With the increasingly critical role that utilities infrastructure plays in supporting many other industries, ensuring an integrated physical and cyber security approach is becoming vital.
Additional cyber challenge
The security manager also needs to take into consideration the fact that many of these devices are using wireless connectivity 3G, 4G, 5G as well as WLAN. Often, they have a communication channel to their manufacturers for maintenance and troubleshooting, which can easily become a backdoor into your network.
The ubiquitous connectivity among devices, users and distributed networks presents a substantial challenge for a traditional siloed security approach. A successful attack on any part of an energy company’s infrastructure can have a potentially far-reaching impact.
A balanced approach
Cyber security and physical security therefore need to be complementary, consistent, and most importantly supportive of commercial objectives. Organizations in the energy sector must deal with a unique mix of challenges, remote locations, legacy facilities, rising connectivity and real and present threats to infrastructure. Increased digitization is transforming the industry, but it is vital that organizations ensure their drive towards digitization is carried out in conjunction with advanced physical and cybersecurity practices.
In today’s digital era, organizations require a security solution that enables them to bring together the management of both physical and cyber risks.
By blending security systems within a single platform and unifying devices such as access control, automatic number plate recognition (ANPR), and intrusion, a unified solution can help organizations improve their physical security and, as a result, increase their operational efficiency.
A unified system can provide security personnel a clearer picture of events and enable them to quickly respond to threats and incidents within their environment. It can also give them a clearer view of the health of their security systems and devices, so that they can implement the latest cybersecurity protection measures as soon as they become available. This will in turn enhance their overall cybersecurity posture, and create a higher standard of visibility, accountability, and confidence across the whole organization.
Steve Green is a Business Development Manager at Genetec. Steve brings over 20 years of experience in the IT and Physical Security sectors, and in that time has worked for some of the industry-leading software manufacturers and solutions providers. Genetec Inc. is an innovative technology company with a broad solutions portfolio that encompasses security, intelligence, and operations. The company’s flagship product, Security Center, is an open-architecture platform that unifies IP-based video surveillance, access control, automatic license plate recognition (ANPR), communications, and analytics. Genetec also develops cloud-based solutions and services designed to improve security, and contribute new levels of operational intelligence for governments, enterprises, transport, and the communities in which we live.
For further information please visit: www.genetec.com