American Oil and Gas Reporter - November 2022 - 59

SpecialReport: Computing & Cybersecurity
processes rather than trying to bolt it on afterward, "
Lundgren advises. " They ask how
an attacker can take advantage of their digital
infrastructure, then put controls in place
to prevent or mitigate those attacks. For example,
they may set up guardrails that issue
alarms if a system begins operating outside
expected parameters so the company can
fix the issue or take the system off line. "
It's important to have enough visibility
into newly automated infrastructure to
identify potential attacks, Lundgren says.
He recommends that companies think
about how they should respond to attacks
ahead of time and rehearse those processes.
Culture's Role
According to Lundgren, the most resilient
organizations embrace self-reflection.
" These organizations' senior
leaders realize cybercriminals have time
and resources on their side and understand
that even the best companies cannot
become completely safe, " he says.
" Instead of getting angry and asking who
needs to be fired when someone discovers
a weakness, they celebrate the discovery
and act on it. "
To help companies find those weaknesses,
Lundgren says BreachBits has developed
tools that automatically search
for ways attackers can gain access to a
company's systems or data. These threat
vectors often come from vulnerabilities
in software; weak, reused or exposed
passwords; and configuration errors.
" While attacks based on vulnerabilities
remain common, they have become
less frequent as companies have gotten
more diligent about patching software, "
Lundgren observes. " However, attacks
that exploit weak credentials have risen.
It is dangerous to rely on a user name and
password as the sole means of authenticating
someone. "
Multifactor authentication has such an
outsize chance of thwarting attacks that
Lundgren suggests implementing it
wherever possible. " When MFA is not in
place, companies should have an honest
discussion about what makes it impractical
and what else they can do to mitigate
their risks, " he urges.
Configuration issues also can expose
One-way data diodes enable companies to get information from critical infrastructure
without exposing that infrastructure to infection from the less secure information
technology environment, Owl Cyber Defense says. The company explains that the diodes
transmit data using light that only the IT network has the hardware to interpret. This
makes it physically impossible for the diodes to send data the other way.
companies' data. " For example, sometimes
our customers upload files to cloud
resources that are configured to be public, "
he illustrates. " If attackers can steal
an organization's sensitive data without
breaking into its system, the company
may be subject to ransom demands. "
Frequent testing is vital to enforcing
best practices and keeping pace with
changes in digital infrastructure and cybercriminals'
techniques, Lundgren advises.
" With automated assessments, we can
look for threat vectors continuously,
weekly, monthly or at whatever cadence
makes sense for the organization, " he says.
" Once testing has identified and confirmed
the potential threat vectors, organizations
can decide how to respond. Usually, organizations
start by addressing the vectors
that have the highest impact potential and
likelihood of being exploited. "
When companies evaluate the risks
associated with each threat vector, they
need to involve representatives from
across the business. " If people from IT
are the only ones in the room, they sometimes
incorrectly assume that disrupting
a particular piece of software will have a
minor impact, " he explains. " The owner
of that software is in a much better position
to describe how a disruption would
impact the overall organization. "
Because so many attacks on operational
technology originate in the information
technology environment, Lundgren
says a company with a well-protected IT
environment can reduce OT infrastructure's
exposure significantly.
Protecting OT From IT
In many facilities, operational technology
is isolated from the IT environment
through air gapping. In other words,
the equipment is not connected physically
or digitally to the company's IT infrastructure,
notes Ron Brown, senior
solutions engineer at Owl Cyber Defense.
" In some especially sensitive applications,
air-gapping will continue to be
used, " he assesses. " But as oil and gas
companies try to become more efficient,
many are closing air gaps to gain realtime
visibility into their facilities' operations
and easier access to data.
Unfortunately, this IT/OT convergence
may allow malicious software to migrate
from IT systems to OT equipment. "
Although firewalls can provide some
protection to critical OT infrastructure,
Brown cautions that they can be unreliable.
" As software, firewalls can be bypassed
if they are improperly configured
or if they have an unpatched vulnerability, "
he explains.
Instead, Brown recommends using
data diodes, physical hardware that
only allows information to move in one
direction. " With a data diode, it is impossible
for any data to travel from the
less secure IT network to the OT system
unless a second, separate diode
connection is set up, " he emphasizes.
" This hardware-based approach offers
such high protection to critical equipment
that it is widely applied in sensitive
government systems and the
nuclear industry. "
❒
NOVEMBER 2022 59

American Oil and Gas Reporter - November 2022

Table of Contents for the Digital Edition of American Oil and Gas Reporter - November 2022

Contents
American Oil and Gas Reporter - November 2022 - Intro
American Oil and Gas Reporter - November 2022 - Cover1
American Oil and Gas Reporter - November 2022 - Cover2
American Oil and Gas Reporter - November 2022 - Contents
American Oil and Gas Reporter - November 2022 - 4
American Oil and Gas Reporter - November 2022 - 5
American Oil and Gas Reporter - November 2022 - 6
American Oil and Gas Reporter - November 2022 - 7
American Oil and Gas Reporter - November 2022 - 8
American Oil and Gas Reporter - November 2022 - 9
American Oil and Gas Reporter - November 2022 - 10
American Oil and Gas Reporter - November 2022 - 11
American Oil and Gas Reporter - November 2022 - 12
American Oil and Gas Reporter - November 2022 - 13
American Oil and Gas Reporter - November 2022 - 14
American Oil and Gas Reporter - November 2022 - 15
American Oil and Gas Reporter - November 2022 - 16
American Oil and Gas Reporter - November 2022 - 17
American Oil and Gas Reporter - November 2022 - 18
American Oil and Gas Reporter - November 2022 - 19
American Oil and Gas Reporter - November 2022 - 20
American Oil and Gas Reporter - November 2022 - 21
American Oil and Gas Reporter - November 2022 - 22
American Oil and Gas Reporter - November 2022 - 23
American Oil and Gas Reporter - November 2022 - 24
American Oil and Gas Reporter - November 2022 - 25
American Oil and Gas Reporter - November 2022 - 26
American Oil and Gas Reporter - November 2022 - 27
American Oil and Gas Reporter - November 2022 - 28
American Oil and Gas Reporter - November 2022 - 29
American Oil and Gas Reporter - November 2022 - 30
American Oil and Gas Reporter - November 2022 - 31
American Oil and Gas Reporter - November 2022 - 32
American Oil and Gas Reporter - November 2022 - 33
American Oil and Gas Reporter - November 2022 - 34
American Oil and Gas Reporter - November 2022 - 35
American Oil and Gas Reporter - November 2022 - 36
American Oil and Gas Reporter - November 2022 - 37
American Oil and Gas Reporter - November 2022 - 38
American Oil and Gas Reporter - November 2022 - 39
American Oil and Gas Reporter - November 2022 - 40
American Oil and Gas Reporter - November 2022 - 41
American Oil and Gas Reporter - November 2022 - 42
American Oil and Gas Reporter - November 2022 - 43
American Oil and Gas Reporter - November 2022 - 44
American Oil and Gas Reporter - November 2022 - 45
American Oil and Gas Reporter - November 2022 - 46
American Oil and Gas Reporter - November 2022 - 47
American Oil and Gas Reporter - November 2022 - 48
American Oil and Gas Reporter - November 2022 - 49
American Oil and Gas Reporter - November 2022 - 50
American Oil and Gas Reporter - November 2022 - 51
American Oil and Gas Reporter - November 2022 - 52
American Oil and Gas Reporter - November 2022 - 53
American Oil and Gas Reporter - November 2022 - 54
American Oil and Gas Reporter - November 2022 - 55
American Oil and Gas Reporter - November 2022 - 56
American Oil and Gas Reporter - November 2022 - 57
American Oil and Gas Reporter - November 2022 - 58
American Oil and Gas Reporter - November 2022 - 59
American Oil and Gas Reporter - November 2022 - 60
American Oil and Gas Reporter - November 2022 - 61
American Oil and Gas Reporter - November 2022 - 62
American Oil and Gas Reporter - November 2022 - 63
American Oil and Gas Reporter - November 2022 - 64
American Oil and Gas Reporter - November 2022 - 65
American Oil and Gas Reporter - November 2022 - 66
American Oil and Gas Reporter - November 2022 - 67
American Oil and Gas Reporter - November 2022 - 68
American Oil and Gas Reporter - November 2022 - 69
American Oil and Gas Reporter - November 2022 - 70
American Oil and Gas Reporter - November 2022 - 71
American Oil and Gas Reporter - November 2022 - 72
American Oil and Gas Reporter - November 2022 - 73
American Oil and Gas Reporter - November 2022 - 74
American Oil and Gas Reporter - November 2022 - 75
American Oil and Gas Reporter - November 2022 - 76
American Oil and Gas Reporter - November 2022 - 77
American Oil and Gas Reporter - November 2022 - 78
American Oil and Gas Reporter - November 2022 - 79
American Oil and Gas Reporter - November 2022 - 80
American Oil and Gas Reporter - November 2022 - 81
American Oil and Gas Reporter - November 2022 - 82
American Oil and Gas Reporter - November 2022 - 83
American Oil and Gas Reporter - November 2022 - 84
American Oil and Gas Reporter - November 2022 - 85
American Oil and Gas Reporter - November 2022 - 86
American Oil and Gas Reporter - November 2022 - 87
American Oil and Gas Reporter - November 2022 - 88
American Oil and Gas Reporter - November 2022 - 89
American Oil and Gas Reporter - November 2022 - 90
American Oil and Gas Reporter - November 2022 - Cover3
American Oil and Gas Reporter - November 2022 - Cover4
https://www.nxtbook.com/nxtbooks/aogr/202501
https://www.nxtbook.com/nxtbooks/aogr/202412
https://www.nxtbook.com/nxtbooks/aogr/202411
https://www.nxtbook.com/nxtbooks/aogr/202410
https://www.nxtbook.com/nxtbooks/aogr/202409
https://www.nxtbook.com/nxtbooks/aogr/202408
https://www.nxtbook.com/nxtbooks/aogr/202407
https://www.nxtbook.com/nxtbooks/aogr/202406
https://www.nxtbook.com/nxtbooks/aogr/202405
https://www.nxtbook.com/nxtbooks/aogr/202404
https://www.nxtbook.com/nxtbooks/aogr/202403
https://www.nxtbook.com/nxtbooks/aogr/202402
https://www.nxtbook.com/nxtbooks/aogr/202401
https://www.nxtbook.com/nxtbooks/aogr/202312
https://www.nxtbook.com/nxtbooks/aogr/202311
https://www.nxtbook.com/nxtbooks/aogr/pbios_202310
https://www.nxtbook.com/nxtbooks/aogr/202309
https://www.nxtbook.com/nxtbooks/aogr/202308
https://www.nxtbook.com/nxtbooks/aogr/202307
https://www.nxtbook.com/nxtbooks/aogr/202306
https://www.nxtbook.com/nxtbooks/aogr/202305
https://www.nxtbook.com/nxtbooks/aogr/202304
https://www.nxtbook.com/nxtbooks/aogr/202303
https://www.nxtbook.com/nxtbooks/aogr/202302
https://www.nxtbook.com/nxtbooks/aogr/202301
https://www.nxtbook.com/nxtbooks/aogr/202212
https://www.nxtbook.com/nxtbooks/aogr/202211
https://www.nxtbook.com/nxtbooks/aogr/202210
https://www.nxtbook.com/nxtbooks/aogr/202209
https://www.nxtbook.com/nxtbooks/aogr/202208
https://www.nxtbook.com/nxtbooks/aogr/202207
https://www.nxtbook.com/nxtbooks/aogr/202206
https://www.nxtbook.com/nxtbooks/aogr/202205
https://www.nxtbook.com/nxtbooks/aogr/202204
https://www.nxtbook.com/nxtbooks/aogr/202203
https://www.nxtbook.com/nxtbooks/aogr/202202
https://www.nxtbook.com/nxtbooks/aogr/202201
https://www.nxtbook.com/nxtbooks/aogr/202112
https://www.nxtbook.com/nxtbooks/aogr/202111
https://www.nxtbook.com/nxtbooks/aogr/pbios_202110
https://www.nxtbook.com/nxtbooks/aogr/202109
https://www.nxtbook.com/nxtbooks/aogr/202108
https://www.nxtbook.com/nxtbooks/aogr/202107
https://www.nxtbook.com/nxtbooks/aogr/202106
https://www.nxtbook.com/nxtbooks/aogr/202105
https://www.nxtbook.com/nxtbooks/aogr/202104
https://www.nxtbook.com/nxtbooks/aogr/202103
https://www.nxtbook.com/nxtbooks/aogr/202102
https://www.nxtbook.com/nxtbooks/aogr/202101
https://www.nxtbook.com/nxtbooks/aogr/202012
https://www.nxtbook.com/nxtbooks/aogr/202011
https://www.nxtbook.com/nxtbooks/aogr/202010
https://www.nxtbook.com/nxtbooks/aogr/202009
https://www.nxtbook.com/nxtbooks/aogr/202008
https://www.nxtbook.com/nxtbooks/aogr/202007
https://www.nxtbook.com/nxtbooks/aogr/202006
https://www.nxtbook.com/nxtbooks/aogr/202005
https://www.nxtbook.com/nxtbooks/aogr/202004
https://www.nxtbook.com/nxtbooks/aogr/202003
https://www.nxtbook.com/nxtbooks/aogr/202002
https://www.nxtbook.com/nxtbooks/aogr/202001
https://www.nxtbook.com/nxtbooks/aogr/201912
https://www.nxtbook.com/nxtbooks/aogr/201911
https://www.nxtbook.com/nxtbooks/aogr/201910
https://www.nxtbook.com/nxtbooks/aogr/201909
https://www.nxtbook.com/nxtbooks/aogr/201908
https://www.nxtbook.com/nxtbooks/aogr/201907
https://www.nxtbook.com/nxtbooks/aogr/201906
https://www.nxtbook.com/nxtbooks/aogr/201905
https://www.nxtbook.com/nxtbooks/aogr/201904
https://www.nxtbook.com/nxtbooks/aogr/201903
https://www.nxtbook.com/nxtbooks/aogr/201902
https://www.nxtbook.com/nxtbooks/aogr/201901
https://www.nxtbook.com/nxtbooks/aogr/201812
https://www.nxtbook.com/nxtbooks/aogr/201811
https://www.nxtbook.com/nxtbooks/aogr/201810
https://www.nxtbook.com/nxtbooks/aogr/pbios_201810
https://www.nxtbook.com/nxtbooks/aogr/201809
https://www.nxtbook.com/nxtbooks/aogr/201808
https://www.nxtbook.com/nxtbooks/aogr/201807
https://www.nxtbook.com/nxtbooks/aogr/201806
https://www.nxtbook.com/nxtbooks/aogr/201805
https://www.nxtbook.com/nxtbooks/aogr/201804
https://www.nxtbook.com/nxtbooks/aogr/201803
https://www.nxtbook.com/nxtbooks/aogr/201802
https://www.nxtbook.com/nxtbooks/aogr/201801
https://www.nxtbook.com/nxtbooks/aogr/201712
https://www.nxtbook.com/nxtbooks/aogr/201711
https://www.nxtbook.com/nxtbooks/aogr/201710
https://www.nxtbook.com/nxtbooks/aogr/201709
https://www.nxtbook.com/nxtbooks/aogr/201708
https://www.nxtbook.com/nxtbooks/aogr/201707
https://www.nxtbook.com/nxtbooks/aogr/201706
https://www.nxtbook.com/nxtbooks/aogr/201705
https://www.nxtbook.com/nxtbooks/aogr/201704
https://www.nxtbook.com/nxtbooks/aogr/201703
https://www.nxtbook.com/nxtbooks/aogr/201702
https://www.nxtbook.com/nxtbooks/aogr/201701
https://www.nxtbook.com/nxtbooks/aogr/201612
https://www.nxtbook.com/nxtbooks/aogr/201611
https://www.nxtbook.com/nxtbooks/aogr/201610
https://www.nxtbook.com/nxtbooks/aogr/pbios2016_programguide
https://www.nxtbook.com/nxtbooks/aogr/201609
https://www.nxtbook.com/nxtbooks/aogr/201608
https://www.nxtbook.com/nxtbooks/aogr/201607
https://www.nxtbook.com/nxtbooks/aogr/201606
https://www.nxtbook.com/nxtbooks/aogr/201605
https://www.nxtbook.com/nxtbooks/aogr/201604
https://www.nxtbook.com/nxtbooks/aogr/201603
https://www.nxtbook.com/nxtbooks/aogr/201602
https://www.nxtbook.com/nxtbooks/aogr/201601
https://www.nxtbook.com/nxtbooks/aogr/201512
https://www.nxtbook.com/nxtbooks/aogr/201511
https://www.nxtbook.com/nxtbooks/aogr/201510
https://www.nxtbook.com/nxtbooks/aogr/201509
https://www.nxtbook.com/nxtbooks/aogr/201508
https://www.nxtbook.com/nxtbooks/aogr/201507
https://www.nxtbook.com/nxtbooks/aogr/201506
https://www.nxtbook.com/nxtbooks/aogr/201505
https://www.nxtbook.com/nxtbooks/aogr/201504
https://www.nxtbook.com/nxtbooks/aogr/201503
https://www.nxtbook.com/nxtbooks/aogr/201502
https://www.nxtbook.com/nxtbooks/aogr/201501
https://www.nxtbook.com/nxtbooks/aogr/201412
https://www.nxtbook.com/nxtbooks/aogr/201411
https://www.nxtbook.com/nxtbooks/aogr/201410
https://www.nxtbook.com/nxtbooks/aogr/201409
https://www.nxtbook.com/nxtbooks/aogr/pbios2014_programguide
https://www.nxtbook.com/nxtbooks/aogr/201408
https://www.nxtbook.com/nxtbooks/aogr/201407
https://www.nxtbook.com/nxtbooks/aogr/201406
https://www.nxtbook.com/nxtbooks/aogr/201405
https://www.nxtbook.com/nxtbooks/aogr/201404
https://www.nxtbook.com/nxtbooks/aogr/201403
https://www.nxtbook.com/nxtbooks/aogr/201402
https://www.nxtbook.com/nxtbooks/aogr/201401
https://www.nxtbook.com/nxtbooks/aogr/201312
https://www.nxtbook.com/nxtbooks/aogr/201311
https://www.nxtbook.com/nxtbooks/aogr/201310
https://www.nxtbook.com/nxtbooks/aogr/201309
https://www.nxtbook.com/nxtbooks/aogr/201308
https://www.nxtbook.com/nxtbooks/aogr/201307
https://www.nxtbook.com/nxtbooks/aogr/201306
https://www.nxtbook.com/nxtbooks/aogr/201305
https://www.nxtbook.com/nxtbooks/aogr/201304
https://www.nxtbook.com/nxtbooks/aogr/201303
https://www.nxtbook.com/nxtbooks/aogr/201302
https://www.nxtbook.com/nxtbooks/aogr/201301
https://www.nxtbook.com/nxtbooks/aogr/201212
https://www.nxtbook.com/nxtbooks/aogr/201211
https://www.nxtbook.com/nxtbooks/aogr/201210
https://www.nxtbook.com/nxtbooks/aogr/201209
https://www.nxtbook.com/nxtbooks/aogr/2012_pbios
https://www.nxtbook.com/nxtbooks/aogr/201208
https://www.nxtbook.com/nxtbooks/aogr/201207
https://www.nxtbook.com/nxtbooks/aogr/201206
https://www.nxtbook.com/nxtbooks/aogr/201205
https://www.nxtbook.com/nxtbooks/aogr/201204
https://www.nxtbook.com/nxtbooks/aogr/201203
https://www.nxtbook.com/nxtbooks/aogr/201202
https://www.nxtbook.com/nxtbooks/aogr/201201
https://www.nxtbook.com/nxtbooks/demo/aogr_clone
https://www.nxtbook.com/nxtbooks/aogr/201112
https://www.nxtbookmedia.com