Protecting Critical Infrastructure in the Oil and Gas Industry: Key Challenges and Solutions with BlastShield

Protecting critical infrastructure, such as the systems used in the oil and gas industry, is increasingly concerning due to the rising threats posed by cyberattacks. The Colonial Pipeline cyberattack was a stark reminder of the potential vulnerabilities in our critical infrastructure.

In response to such threats, the Transportation Security Administration (TSA) issued a new cybersecurity directive (SD-O2D) in July 27, 2023. Non-compliance with this directive could lead to fines of up to $14,950 per day per incident, a liability that no Risk and Compliance Director would want to take. Let's simplify this complex issue and see how BlastShield can help.

Key Security Challenges in Critical Infrastructure Protection

Protecting critical infrastructure poses numerous challenges, from technical issues to organizational problems to the ever-changing threat landscape.

• Technical Vulnerabilities: One big challenge is dealing with technical vulnerabilities. These can come from outdated systems, flat networks, and legacy technology. Many SCADA (Supervisory Control and Data Acquisition) systems were built before modern cyber threats even existed, making them an easy target for cybercriminals.  And, according to SynSaber’s most recent 1H23 [ICS/OT report], over one-third of vulnerabilities (CVE’s) reported in the first half of the year are not able to be patched.  So, asset owners need to have a mechanism to protect unpatchable systems, other than disconnecting them. 

• Organizational Issues: Organizational issues present another challenge. The enterprise IT organization has very different requirements from the OT side of the house.  IT frequently uses modern operating systems and cloud-hosted services, including SaaS applications.  OT often times does not even want their infrastructure connected to the IT systems, much less connected to the cloud. These differing requirements create quite a bit of friction, leading to misunderstandings and mis-alignment. 

• Evolving Threat Landscape: The threat landscape is constantly changing, as cybercriminals become more intelligent and more resourceful. They continuously devise new methods to breach security defenses, making it challenging for organizations to keep pace and ensure their defenses remain up to date.  But, ultimately, even these newer threats require NETWORK ACCESS.  The ability to thwart unauthorized network access is a critical pillar to defend current and future threats. 

Why SCADA Security Matters 

SCADA systems are like the brains behind many operations in industries like oil and gas. They control and watch over processes, from generating power to running production lines. Because they're so important, keeping SCADA systems safe is a top priority.

The Role of Regulations in Critical Infrastructure Protection

Regulations are essential for safeguarding critical infrastructure, particularly in the oil and gas industry. These rules cover everything from securing SCADA systems and protecting data to implementing cybersecurity measures.

One such regulation is the TSA directive (SDO2C), issued in response to the increasing threats to critical infrastructure. [Note: TSA SD02D was issued in late July of 2023 and we will share our comparison between the two in a subsequent blog post.]  This directive outlines the need to conduct cyber assessments (CAP or cyber assessment plan), the need to have an incident response plan (IRP) approved by TSA and an approved implementation plan (CADR or Cyber Architecture Design Review) meeting specific requirements for network segmentation, secure remote access, patch risk reduction, and continuous monitoring. Non-compliance with this directive could lead to substantial fines, making it a top priority for Risk and Compliance Directors.

The TSA directive emphasizes four key areas:

1.    Network Segmentation: Ensuring Operational Technology (OT) systems can continue running safely even if an Information Technology (IT) system gets compromised, and vice versa.

2.    Secure Remote Access: Setting up secure access controls to keep out unauthorized users.

3.    Patch Risk Reduction: Keeping systems updated. Patching and updating operating systems, applications, drivers, and firmware as soon as possible.

4.    Continuous Monitoring: Constant vigilance on systems to spot cybersecurity threats and anomalies that could disrupt critical cyber system operations.

Overcoming Security Challenges with BlastShield

‍BlastShield provides an excellent solution to these security challenges. The good news is that BlastShield can help you fulfill three out of four TSA requirements for the implementation plan: Zero Trust Remote Access, Segmentation, and Protection against unpatched systems. 

• Network Segmentation
  BlastShield can help you segment your network without breaking the bank. It's way cheaper than traditional firewalls, and you won't need to hire extra tech wizards to manage it. Our solution is super easy to use, with a drag-and-drop interface that means you don't need to be a computer programmer to get it working.

• Secure Remote Access
  BlastShield gives you secure remote access with tight control to keep unauthorized users out. We've got built-in protection against phishing, and our system is fast and way quicker than VPNs.

• Patch Risk Reduction
  BlastShield can protect systems that can't be patched, and we do it without any downtime. Our solution makes your devices invisible to the bad guys, giving you the upper hand. Even in cases where a patch is unavailable, rest assured that you remain protected and compliant.

• Continuous Monitoring
  Although BlastShield doesn't do continuous monitoring directly, you can seamlessly integrate it with other tools like Splunk, Verge, Nozomi, and Dragos to ensure comprehensive oversight of your systems.

In addition to the TSA directive, there are other guidelines, such as NIST 800-82. While this guideline doesn't carry the same enforcement power as the TSA directive, it serves as a valuable resource for best practices in industrial control system security. Following this guideline can help beef up your organization’s security.

And if you're someone who reports to the CFO, you know how important insurance considerations are. Cyber insurance has been getting pricier lately. But the good news is that solutions like BlastShield can help bring those costs down. BlastShield checks all the boxes insurance companies want to see, which could simplify the long, onerous forms and questionnaires as well as lowering premiums.

By satisfying all the criteria for insurance companies, BlastShield enhances organizations' security and significantly impacts the financial management of cyber risks. This makes it an excellent choice for organizations seeking to fortify their critical infrastructure protection while maintaining cost-effectiveness.

Ready to Secure Your Infrastructure?

Compliance with TSA SD02C doesn't have to be a headache. With BlastShield, you can easily meet many of the TSA requirements, save on staffing costs, and even reduce your cyber insurance premiums.

Understanding the challenges and using robust security measures like BlastShield, we actively protect your critical infrastructure from emerging threats.

Ready to discover how BlastShield can make a difference for you? Dive deeper into BlastShield's features by downloading our TSA solutions brief, Achieve TSA Compliance in Days, Not Years - Without Downtime! Or sign up for a free trial at https://www.blastwave.com/free-trial.