Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 블로그

구독

The Implications of DHS-TSA Directive Pipeline 2021-1

The Department of Homeland Security has issued key guidance for oil and gas operations in the wake of recent cyberthreats. Here are three practical ways to disrupt attack paths in your OT infrastructure. 

The oil and gas industry heavily depends on automation for a variety of different operations. The symphony of operations required to find, extract, refine, mix, collaborate and ultimately deliver oil and gas all rely on operational technology (OT) infrastructure.

Recent disruptions in critical infrastructure OT environments, including the Colonial Pipeline incident, have underscored the susceptibility of critical infrastructure to cybersecurity vulnerabilities, threats and potential outages. 

Other attacks against the oil and gas sector include:

  • February 2020 - A cyberattack was launched against a natural gas facility concurrently encrypting both the IT and OT networks and locking access to the human-machine interface (HMI), data historians and polling servers. The pipeline was forced to shut down for two days.

  • December 2018 - An Italian oil and gas industry contractor fell victim to a cyberattack that hit servers based in the Middle East, India, Scotland and Italy.

  • April 2018 - A cyberattack on a shared data 
network forced four U.S. natural-gas pipeline operators to temporarily shut down computer communications with their customers.

  • August 2017 -  A Saudi Arabian oil and natural gas facility was shut down by the Xenotime group of hackers.


The DHS- TSA 2021-1 Pipeline Directive

On May 28, 2021, the U.S. Department of Homeland Security (DHS) - Transportation Security Administration (TSA) issued Security Directive 2021-1 specifically for pipeline operations. While other oil and gas industry standards have previously been enacted (see list below), this directive was issued due to an ongoing security threat to U.S. pipeline operations. It represents an important inflection point in securing critical infrastructure environments that might otherwise be at risk.

Security Directive Pipeline 2021-1 gives guidance to pipeline operators in three key areas:

  1. Owners and operators of pipeline operations must report security incidents to the Cybersecurity and Infrastructure Security Agency (CISA).

  2. A cybersecurity coordinator must be assigned and available 24/7 to coordinate security practices, meet specific requirements outlined in the directive and react when incidents occur.

  3. Oil and gas facilities must assess their current cybersecurity practices and activities to address cyber risks against the TSA's 2018 Pipeline Security Guidelines, identify gaps between their current cybersecurity practices and those listed in the guidelines, and develop remediation plans to fill those gaps. 


Key standards relevant to the oil and gas industry

National Institutes of Standards and Technology (NIST) Cybersecurity Framework (CSF): The pre-eminent framework adopted by companies in all industry sectors. Natural gas and oil companies increasingly orient enterprise-wide programs around NIST CSF.


International Electrotechnical Commission (IEC) 62443. Family of standards for industrial control systems (ICS) security. Widely adopted by the production segment of the natural gas and oil industry. Applicable to any type of natural gas and oil ICS.


API Standard 1164: Content unique to pipelines not covered by the NIST CSF and IEC 62443.


Department of Energy Cybersecurity Capability Maturity Model: Voluntary process using industry-accepted best practices to measure the maturity of an organization's cybersecurity capabilities and strengthen operations.


International Organization for Standardization (ISO) 27000: Leading standard providing requirements for an information security management system (ISMS).


Three Key OT Security Best Practices to Reduce Risk

While the DHS-TSA 2021-1 Directive highlights key needs relevant to oil and gas operators, the biggest challenge for most organizations is how to operationalize the three key components of the directive:

  • identifying risk; 

  • rooting out gaps in security; and

  • mitigating incidents when they occur. 


Here are three key OT security best practices we believe should be implemented thoroughly and with urgency to secure pipeline operations and keep them resilient.

  1. Gain visibility and deep insight. The oil and gas industry requires synchronized operations across the entire infrastructure as well as access to credentials by a wide, heterogeneous audience. Active Directory (AD) occupies a key role here and, in the case of Colonial Pipeline, the ransomware attack took advantage of this attack vector. Individuals that utilize AD may include authorized employees, partners, agents and subcontractors. Access requirements may extend beyond the actual plant to offsite and remote drilling locations or pipelines across the globe. Consequently, it is essential to maintain access and configuration control that spans from the main facility to all locations, regardless of how remote or distributed they are. The OT security solution must always have the intelligence of individual devices at all locations, including but not limited to programmable logic controllers (PLCs), HMI controllers, engineering stations, networking equipment, gateways and any other devices critical to  regular network operations. Deep knowledge, including visibility into all types of devices, patch levels, firmware versions and backplane information, is essential. It is also critical to account for dormant devices that are not communicating regularly over the network.

  2. Identify threats. While the OT operations of oil and gas providers were once isolated, today they are connected to IT and are accessible anywhere. This convergence creates an environment that can impact the integrity of oil exploration, extraction, refining and delivery. The elimination of air gapping enables bad actors to penetrate parts of the operations environment from either the IT or the OT side. To identify a variety of suspicious behaviors it is essential to leverage three detection engines:

    • Traffic mapping and traffic visualization to identify and alert against communication attempts from external sources, in addition to devices that should not be talking to one another.

    • Anomaly detection to pinpoint traffic patterns that are outside of the regular network operation.

    • Signature-based detection to identify known threats which are used by attackers.

  3. Close vulnerabilities faster. Most oil and gas environments contain a mix of older devices typically not found in IT environments. With various patch levels across each device type, it is difficult to maintain an up-to-date patch management program. Because oil and gas environments may not have frequent or long enough  maintenance windows, known vulnerabilities may not be patched for an extended time period. It's critical to maintain deep awareness of the state and characteristics of all devices. This includes accurate matching between specific device conditions and the available vulnerability knowledge base that has associated exploits. Because of the dynamic nature of oil and gas environments, this body of knowledge must be kept in sync with newly discovered vulnerabilities. Tenable's Vulnerability Priority Rating (VPR), for example, can provide a triaged list of vulnerabilities from most-  to least-serious, based on a variety of factors such as Common Vulnerability Scoring System (CVSS) score, vulnerability severity and exploitability,  and much more. 


In Summary

OT cybersecurity is now widely recognized as a core ingredient to ensuring a reliable, efficient and safe critical infrastructure that society relies on. You need full visibility, security and control into all of your operational assets. Best-in-class approaches to OT security are more critical than ever both with respect to complying with existing  standards as well as this newly released DHS directive, but also as part of a duty of care to our communities. Constantly changing threat conditions require deep situational awareness in real time, both at the network and devices level. Situational awareness should be updated regularly and kept in sync with newly discovered vulnerabilities, threats and gaps. Any deviation must be captured in real time and documented. Full paper trails, capturing all changes to the environment, are essential. Capturing and maintaining this detailed information can help speed incident response, highlight and prioritize newly discovered vulnerabilities and demonstrate proactive compliance both internally and to the required compliance organizations.

자세히 알아보기:

관련 기사

도움이 되는 사이버 보안 뉴스

이메일을 입력하여 Tenable 전문가에게서 적시에 알림을 받고 보안 참고 자료를 놓치지 마십시오.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable Vulnerability Management 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

100 자산

구독 옵션 선택:

지금 구매

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable Vulnerability Management 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

100 자산

구독 옵션 선택:

지금 구매

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오.

Tenable Vulnerability Management 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Vulnerability Management

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

100 자산

구독 옵션 선택:

지금 구매

Tenable Web App Scanning 사용해보기

Tenable One - 위험 노출 관리 플랫폼의 일부분으로 최근의 애플리케이션을 위해 설계한 최신 웹 애플리케이션 제공 전체 기능에 액세스하십시오. 많은 수작업이나 중요한 웹 애플리케이션 중단 없이, 높은 정확도로 전체 온라인 포트폴리오의 취약성을 안전하게 스캔합니다. 지금 등록하십시오.

Tenable Tenable Web App Scanning 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Web App Scanning 구입

비교할 수 없는 정확도로 모든 자산을 확인하고 추적할 수 있는 최신 클라우드 기반 취약성 관리 플랫폼 전체에 액세스하십시오. 지금 연간 구독을 구매하십시오.

5 FQDN

$3,578

지금 구매

Tenable Lumin 사용해 보기

Tenable Lumin으로 위험 노출 관리를 시각화하여 파악하고 시간에 걸쳐 위험 감소를 추적하고 유사한 조직과 대비하여 벤치마킹하십시오.

Tenable Lumin 평가판은 Tenable Lumin 및 Tenable Web App Scanning을 포함합니다.

Tenable Lumin 구매

영업 담당자에게 문의하여 어떻게 Tenable Lumin이 전체 조직에 대한 통찰을 얻고 사이버 위험을 관리하는 도움이 되는지 알아보십시오.

무료로 Tenable Nessus Professional 사용해보기

7일 동안 무료

Tenable Nessus는 현재 구입 가능한 가장 종합적인 취약성 스캐너입니다.

신규 - Tenable Nessus Expert
지금 사용 가능

Nessus Expert는 외부 공격 표면 스캔닝과 같은 더 많은 기능 및 도메인을 추가하고 클라우드 인프라를 스캔하는 기능을 추가합니다. 여기를 클릭하여 Nessus Expert를 사용해보십시오.

아래 양식을 작성하여 Nessus Pro 평가판을 사용해보십시오.

Tenable Nessus Professional 구입

Tenable Nessus는 현재 구입 가능한 가장 종합적인 취약성 스캐너입니다. Tenable Nessus Professional은 취약성 스캔 절차를 자동화하고 컴플라이언스 주기의 시간을 절감하고 IT 팀과 참여할 수 있도록 합니다.

여러 해 라이선스를 구매하여 절감하십시오. 연중무휴 전화, 커뮤니티 및 채팅 지원에 액세스하려면 Advanced 지원을 추가하십시오.

라이선스 선택

여러 해 라이선스를 구매하여 절감하십시오.

지원 및 교육 추가

무료로 Tenable Nessus Expert 사용해보기

7일간 무료

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

이미 Tenable Nessus Professional을 보유하고 계십니까?
7일간 Nessus Expert로 무료 업그레이드하십시오.

Tenable Nessus Expert 구입

최신 공격 표면을 방어하기 위해 구축된 Nessus Expert를 사용하면 IT부터 클라우드까지, 더 많은 것을 모니터링하고 조직을 취약성으로부터 보호할 수 있습니다.

라이선스 선택

여러 해 라이선스를 구매하여 비용을 더 절감하십시오.

지원 및 교육 추가