Three Strategies to Implement More Cybersecure Pipeline Operations

by , , | Feb 27, 2023 | Chemical, Control & Safety Systems, Cybersecurity, Oil & Gas

Todd Walden

Todd Walden

Public Relations, Advertising & Social Media Consultant

Managing the cybersecurity of thousands of miles of pipelines can be difficult for even the largest teams.

It used to be safe to assume that pipelines would fly under the radar for cyberattacks. Even though they are a critical infrastructure element, they weren’t something hackers focused on. However, a recent series of high-profile attacks on pipeline infrastructure has changed that outlook, and today, the organizations that operate them must spend more effort and resources actively securing their operations.

As Eric Cytrynowicz and Martin Johnson explain in their recent article in Pipeline and Gas Journal, the concern for pipeline security has increased so much that the U.S. Transportation and Security Agency (TSA) has stepped in to issue mandatory security directives for pipeline owners and operators. While every organization will secure their infrastructure differently, there are some similarities for every pipeline. Eric and Martin explain,

“To accomplish this shift to increased cybersecurity, companies must focus on building layers of defense from the supervisory control and data acquisition (SCADA) system all the way down to the individual field devices.”

To help companies meet this goal, Eric and Martin have put together three key guidelines to help teams create more secure operations.

Tip One: Develop Secure Practices

When companies were less worried about cyberattacks, many organizations simply left remote terminal units (RTUs) with default usernames and passwords. In fact, the RTUs themselves often had limitations on password complexity that prevented teams from setting requirements that would meet today’s higher standards. But now, RTUs should be able to handle more robust password standards. Eric and Martin suggest that—at the bare minimum—teams implement unique passwords, following common complexity guidelines. Moreover,

“Today’s high-performing organizations are ensuring each person on the network has an individual username and password. In addition, role-based security measures are recommended to ensure each person is assigned access rights based on his or her role or function.”

Tip Two: Enact Solutions to Ensure Compliance

Not only does a company need a cybersecurity plan, but they also need concentrated effort to keep that plan alive. One key element of this plan is to designate a cybersecurity coordinator. In fact, having a coordinator is a requirement under the TSA guidelines. However, as Eric and Martin share,

“Many organizations have thousands of miles of pipelines, so managing the security of RTUs and flow computers in the field often requires sending engineers or field technicians hundreds of miles to remote sites to check on equipment, perform calibration, or collect data”

Even with a cybersecurity champion, this amount of travel often becomes untenable, especially if the primary need is to change a password or manage an account. But industrial software applications like Emerson’s credential management tools enable field managers to handle account control from a central location. With the push of a button, teams can update credentials and instantly replicate those changes across any device in the fleet.

Simple, concrete strategies can have a massive impact on cybersecure operations.

Tip Three: Use More Secure Protocols

Better passwords and account management are not the only way to help secure a SCADA infrastructure. Modbus, the most well-known protocol used in pipeline systems is an insecure protocol, providing no protection against unauthorized control actions. To provide better protection, many organizations are looking to Distributed Network Protocol 3 (DNP3), a more modern, more secure protocol for pipeline communication. Martin and Eric explain,

“DNP3 offers operators the best of both worlds: improved cybersecurity across the pipeline’s SCADA system and field equipment, but without the overhead and delays that come with increased network traffic.”

A Deeper Dive

There are many things a pipeline company can do to help ensure operation continues without incident 24/7. In the full article, Eric and Martin go into much more detail, providing additional tools and strategies to better secure pipeline operations.

Popular Posts

Comments

Related Posts

Follow Us

We invite you to follow us on Facebook, LinkedIn, Twitter and YouTube to stay up to date on the latest news, events and innovations that will help you face and solve your toughest challenges.

Do you want to reuse or translate content?

Just post a link to the entry and send us a quick note so we can share your work. Thank you very much.

Our Global Community

Emerson Exchange 365

The opinions expressed here are the personal opinions of the authors. Content published here is not read or approved by Emerson before it is posted and does not necessarily represent the views and opinions of Emerson.

PHP Code Snippets Powered By : XYZScripts.com