Critical Infrastructure Protection (CIP) relates to the challenges posed by ‘High Impact, Low Frequency Risks’.1  World-wide critical infrastructure interdependencies also exist across the globe.2 

The risk of a coordinated cyber, physical, or blended attack against CIP systems has become more acute over the past 15 years as digital communicating equipment has introduced cyber vulnerability to the system, and resource optimization trends have allowed some inherent physical redundancy within the system to be reduced. The specific concern with respect to these threats is the targeting of multiple key nodes on the system that, if damaged, destroyed, or interrupted in a coordinated fashion, could bring the system outside the protection provided by traditional planning and operating criteria. Such an attack would behave very differently than traditional risks to the system in that an intelligent attacker could mount an adaptive attack that would manipulate assets and potentially provide misleading information to system operators attempting to address the issue.

More comprehensive work is needed, however, to realize the vision of a secure CIP system. Better technology solutions for the cyber portion of the threat needs to be developed, with specific focus on forensic tools and network architectures to support graceful system degradation that would allow operators to "fly with fewer controls." Component and system design criteria also need to be re-evaluated with respect to these threats with an eye toward designing for survivability. Prioritization of key assets for protection will be a critical component of a successful mitigation approach.

Consequently, there needs to be a significant shift in industry specific standards by referencing active security monitoring, security intelligence and specially designed forensics tools. The review will address the latest developments in information protection, threat mitigation, behavioural and intrusion detection, situational awareness and defending against advanced persistent threats (APT’s) 3 .

The global oil and gas businesses cannot close their eyes to this threat and hope it will go away or won’t happen to them. They must begin defending themselves now against the Perfect Storm.4,5,6,7,8 

Keywords:
infrastructure, critical infrastructure, US government, Effectiveness, attacker, pipeline, data security, information, knowledge, san
Subjects:
Security, Information Management and Systems, Data and communications security, Data security
Copyright 2014, Society of Petroleum Engineers
You can access this article if you purchase or spend a download.