THE SOURCE - Summer 2018 - 14

feature

The Result of Not
Addressing Increasing

Cybersecurity Risk

T

By Travis Rosiek, Chief Technology and Strategy Officer, BluVector

he increased potential of blurring boundaries between
Information Technology (IT) networks and Operational
Technology (OT), for example Industrial Control Systems

could include destruction of plants
or pipelines, loss of life, oil spills and
financial loss. Proactive attention is
needed by organizations to prevent
these tragic scenarios from becoming
a reality.

(ICS), poses a huge risk to the oil and gas industry. As the
industry increases its efficiency with automation, companies
are significantly increasing their cyber attack surface.

Internally, changes due to human error, misconfiguration, insider threat, or supply chain
can change one part of the business indirectly and have major consequences. These
changes need to be considered when mitigating cybersecurity risks.
The oil and gas industry has been
at risk of losing competitive advantage
in several areas, including exploration
information or bidding information, by
way of intellectual property theft at the
hands of a cyber threat adversary. The
most significant wake-up call occurred in
2012 with the Shamoon attack on Saudi
Aramco that was destructive in nature
as more than 30,000 Windows-based
machines began to be overwritten- a
significant problem for the company
which provides 10 percent of the globe's
oil supply and caused impacts to their
IT systems.
What's more alarming is that
2017 saw the unauthorized release
of sophisticated national state cyber
tools to the masses, which were then
weaponized for multiple destructive

campaigns, including WannaCry and
Not-Petya, which impacted hundreds of
thousands of computer systems globally.
With a heightened awareness of
cyber breaches and their impacts, it's still
alarming that many IT teams are taking
a reactive approach to cybersecurity.
Meeting regulation or compliance
requirements that don't evolve rapidly
enough to keep pace with adaptive
cyber threat adversaries is no longer an
option. There is too much political and
financial gain to be had by threats and
cyber is becoming their choice avenue
of attack, because in many cases, it is
the easiest path and cheapest way to
achieve success.
Organizations, especially in the oil
and gas industry, are huge targets with
very significant consequences that

14 THE SOURCE | THE VOICE AND CHOICE OF PUBLIC GAS

What can the Oil and Gas Industry do?
Technological advancements
and cloud adoption don't eliminate
cyber risk, they only change the roles
and responsibilities for mitigating
cyber risk. That change, especially in
large enterprise environments, can
unknowingly open opportunities
for an adversary to gain access to
an organization's assets. They also
increase the stakes when organizations
go through IT consolidation. The
consolidation of an organization's
information and business critical data
offers many advantages, but it can also
consolidate the time and effort used
by a threat adversary if a breach were
to occur.
While there is no standard set of
cybersecurity rules for the oil and gas
industry, organizations should start with
a set of requirements for narrowing the
risk of breaches and restricting access to
parts of the organization that, formerly,
were not connected:
- Isolate (or "air gap") OT/ICS systems
from IT systems (especially webfacing systems)
- Implement emerging security
technologies to better keep pace with
adversarial innovation



Table of Contents for the Digital Edition of THE SOURCE - Summer 2018

APGA Events
First Person
2018 Starts off with Gas Records
Energy Regulatory Update
The Result of Not Addressing Increasing Cybersecurity Risk
Conversation with an APGA Member
APGA Leads Charge to Lower Pipeline Rates to Match Lower Tax Rates
Legislative Outlook
Enhancing Resilience of Critical Infrastructure with Combined Heat and Power
The Pipeline
The Importance of Getting Involved with State and Local Building Code Developments
At Last
Advertisers’ Index/Advertiser.com
THE SOURCE - Summer 2018 - Intro
THE SOURCE - Summer 2018 - bellyband1
THE SOURCE - Summer 2018 - bellyband2
THE SOURCE - Summer 2018 - cover1
THE SOURCE - Summer 2018 - cover2
THE SOURCE - Summer 2018 - 3
THE SOURCE - Summer 2018 - 4
THE SOURCE - Summer 2018 - 5
THE SOURCE - Summer 2018 - 6
THE SOURCE - Summer 2018 - APGA Events
THE SOURCE - Summer 2018 - First Person
THE SOURCE - Summer 2018 - 9
THE SOURCE - Summer 2018 - 2018 Starts off with Gas Records
THE SOURCE - Summer 2018 - 11
THE SOURCE - Summer 2018 - Energy Regulatory Update
THE SOURCE - Summer 2018 - 13
THE SOURCE - Summer 2018 - The Result of Not Addressing Increasing Cybersecurity Risk
THE SOURCE - Summer 2018 - 15
THE SOURCE - Summer 2018 - 16
THE SOURCE - Summer 2018 - 17
THE SOURCE - Summer 2018 - Conversation with an APGA Member
THE SOURCE - Summer 2018 - 19
THE SOURCE - Summer 2018 - APGA Leads Charge to Lower Pipeline Rates to Match Lower Tax Rates
THE SOURCE - Summer 2018 - 21
THE SOURCE - Summer 2018 - Legislative Outlook
THE SOURCE - Summer 2018 - Enhancing Resilience of Critical Infrastructure with Combined Heat and Power
THE SOURCE - Summer 2018 - 24
THE SOURCE - Summer 2018 - 25
THE SOURCE - Summer 2018 - The Pipeline
THE SOURCE - Summer 2018 - The Importance of Getting Involved with State and Local Building Code Developments
THE SOURCE - Summer 2018 - 28
THE SOURCE - Summer 2018 - At Last
THE SOURCE - Summer 2018 - Advertisers’ Index/Advertiser.com
THE SOURCE - Summer 2018 - cover3
THE SOURCE - Summer 2018 - cover4
THE SOURCE - Summer 2018 - divider1
THE SOURCE - Summer 2018 - divider2
THE SOURCE - Summer 2018 - 35
THE SOURCE - Summer 2018 - 36
THE SOURCE - Summer 2018 - 40
THE SOURCE - Summer 2018 - 41
THE SOURCE - Summer 2018 - 42
THE SOURCE - Summer 2018 - 43
THE SOURCE - Summer 2018 - 44
THE SOURCE - Summer 2018 - 45
THE SOURCE - Summer 2018 - 46
THE SOURCE - Summer 2018 - 47
http://www.nxtbook.com/naylor/PGAQ/PGAQ0218
http://www.nxtbook.com/naylor/PGAQ/PGAQ0118
http://www.nxtbook.com/naylor/PGAQ/PGAQ0417
http://www.nxtbook.com/naylor/PGAQ/PGAQ0317
http://www.nxtbook.com/naylor/PGAQ/PGAQ0217
http://www.nxtbook.com/naylor/PGAQ/PGAQ0117
http://www.nxtbook.com/naylor/PGAQ/PGAQ0416
http://www.nxtbook.com/naylor/PGAQ/PGAQ0316
http://www.nxtbook.com/naylor/PGAQ/PGAQ0216
http://www.nxtbook.com/naylor/PGAQ/PGAQ0116
http://www.nxtbook.com/naylor/PGAQ/PGAQ0415
http://www.nxtbook.com/naylor/PGAQ/PGAQ0315
http://www.nxtbook.com/naylor/PGAQ/PGAQ0215
http://www.nxtbook.com/naylor/PGAQ/PGAQ0115
http://www.nxtbook.com/naylor/PGAQ/PGAQ0414
http://www.nxtbook.com/naylor/PGAQ/PGAQ0314
http://www.nxtbook.com/naylor/PGAQ/PGAQ0214
http://www.nxtbook.com/naylor/PGAQ/PGAQ0114
http://www.nxtbook.com/naylor/PGAQ/PGAQ0413
http://www.nxtbook.com/naylor/PGAQ/PGAQ0313
http://www.nxtbook.com/naylor/PGAQ/PGAQ0213
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0113
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0412
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0312
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0212
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0112
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0411
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0311
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0211
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0111
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0410
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0310
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0210
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0110
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0409
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0309
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0209
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0109
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0408
http://www.nxtbook.com/nxtbooks/naylor/PGAQ0308
http://www.nxtbookMEDIA.com