Wednesday, January 29, 2014

When an "air gap" isn't enough

The remote nature of offshore drilling platforms used to ensure the safety of their networks from the world wide web with three W's of another sort: a physical barrier of waves, wind and water. On-board, the "air gap" between vessel control systems, process control systems and data networks is shrinking as these become increasingly linked to the outside world over common communication lines. High speed satellite connections, underwater fiber links and cheap cellular meshes have made offshore platforms into mere branch offices from an IT perspective.

Bringing rigs into closer contact also means that they are more susceptible to the dangers of mainstream IT.

A recent Digital Energy Journal article entitled "Cyber attacks to drill rigs - understanding the threats" takes a look at where old school thinking opens up new world risks:
On conventional data networks (for example in your office), information security and data protection take a significant priority over system up time and availability.
The exact opposite is true of a control system. System uptime is paramount. Any downtime is effectively Non Productive Time (NPT), and prohibitively expensive. This polar variation in business drivers is important to recognize as it drives funding and security solution fit.
And in the past, control systems were isolated and relatively safe. Years might go by between software updates. As these systems become more sophisticated and precise, data is pumped onshore for analysis, and changes are sent back. In some cases, a few experts onshore control systems on number of vessels at sea.

Manufacturer patches face a double edged sword -- installation might mean downtime and testing, but not installing patches on these now networked systems could mean vulnerability. Think Stuxnet. "PLC level attacks are a slightly different animal than a typical data network attack... PLCs do not typically have viruses that impact operation in the same way that Apple OS is relative virus free. PLCs can however, be the subject of targeted, focused and damaging attack."

So, as drilling platforms become remote offices from an IT perspective, they'll lock down data systems against common viruses and Windows OS attacks. In this case, better connectivity means better ability to download current virus definitions and software. For the control systems, PLCs have not been targets of hackers, but that seems to be changing for drilling platforms and the energy infrastructure as a whole. In recent months the US Department of Homeland Security has raised warning levels and is asking companies to be prepared.

Drilling platforms are familiar environments for Uplogix Local Management. While commonly used in the communications stack for management of satellite and networking gear, the next logical step might be serving as a secure gateway to control systems. With strong security features for granular access, multiple options for out-of-band, and configuration management capabilities like SurgicalRollback, remote experts can maintain rig systems with the confidence of being out there on the high seas.

For more information, please visit the Uplogix website: