Over the years, cybersecurity threats have grown significantly, and securing Operations Technology (OT) assets is one of the biggest challenges within the oil and gas industry today. Poor security policies could lead to unauthorized access to business-critical assets, confidential information leakage and result in business disruptions causing HSE, financial, and reputational impacts. This paper details how advanced and robust security policies shall mitigate cybersecurity risks and enable a smooth execution of Digital Oil Filed (DOF) projects and other complex O&G projects involving high convergence between IT & OT environments.
The DOF projects include integration of Industrial Control System (ICS) network with corporate network at various levels, and this mandates consideration of multiple layers of security controls to implement a defense in depth strategy in order to secure ICS & Corporate infrastructure. It includes establishment of an integrated governance model that orchestrates the Cybersecurity Management System (CSMS) that encompasses IT & OT, define a secure architecture for ICS, lay enforcement zones to segregate ICS network from the Corporate/ Enterprise network by enabling strong firewalling/ intrusion monitoring policies, perform continuous monitoring and develop response capabilities to combat cyber-attacks/ intrusions. Additionally, the awareness level of the entire workforce should be escalated to ensure they are ‘cyber risk-aware’ and comprehend how crucial it is to incorporate ‘security sense’ at work. Since cyber-attack aimed at ICS environments heavily leverage physical security weaknesses to introduce a cyber-physical impact, it is quintessential to consider robust physical safeguards to protect marshalling rooms, control equipment, and the overall perimeter of facilities.
The "security" factor for DOF primarily focuses on the availability of the systems, minimizing downtime risks which is of paramount importance for Oil & Gas business. This paper focuses on KOC's comprehensive approach to secure its critical assets within DOF which comprises people, process and technology components that contribute towards achieving KOC's business objectives.