Reliable Cybersecurity for Oil and Gas Pipelines

Reliable Cybersecurity for Oil and Gas Pipelines

No one wants to repeat the week-long Colonial Pipeline shutdown, or—even worse—see a critical infrastructure cyber attack that manages to infiltrate a pipeline’s operational technology network and cause physical damage. In the aftermath of the Colonial ransomware attack, oil and gas pipeline operators, terminal management system providers, and federal regulators are all taking a close look at pipeline cybersecurity standards and practices.

The pipeline industry—at least for now—lacks an equivalent to the North American Electric Reliability Corporation (NERC), which sets cybersecurity requirements for power generation, transmission, and distribution companies. Even so, some pipeline operators (including Owl Cyber Defense customers) already have robust, multi-level cyber defenses in place. The rest of the industry will need to catch up quickly to comply with the Department of Homeland Security’s new pipeline security directive, which mandates new cybersecurity assessments and mitigation plans for the country’s largest pipelines.

Which leads us to the question: what needs to change to prevent a repeat of the Colonial Pipeline shutdown?

There’s no single answer to that question. There were multiple issues with Colonial’s cyber defenses that permitted the successful attack. But the biggest problem was Colonial’s uncertainty as to whether the attack had penetrated to the OT systems that physically control pipeline operations. Without assurance that its OT systems were secure, Colonial had no choice but to shut down. And so, a ransomware attack that might have been a minor inconvenience became a national disruption.

The key to secure, resilient pipeline infrastructure is maintaining rigorous segmentation between enterprise IT networks and OT networks. If operational technology doesn’t need to be connected to external networks, it should be completely isolated. But when (as is usually the case) OT systems need to be connected to IT networks for monitoring, command and control, software patching, or other purposes, the connections should be as tightly controlled as possible.

Owl Cyber Defense solutions have been trusted by pipeline operators and other critical infrastructure customers for more than 20 years. Owl’s hardware-enforced security solutions provide one-way data transfer, segmented two-way transfer, data filtering, and other capabilities that allow operators to transfer OT data while minimizing cyber threats, even when an organization’s IT systems have been compromised.

To learn more about how Owl Cyber Defense is helping pipeline operators protect their critical systems, contact us for a consultation today.

Insights to your Inbox

Stay informed with the latest cybersecurity news and resources.

Paul Nguyen DoD Account Director

Proven Solutions for Navy “Data Maneuverability” @ AFCEA WEST

Hi, I’m Paul Nguyen, one of the new leaders of Owl’s DoD Mission Support team. I joined Owl Cyber Defense (Owl) earlier this month, just in time to be a part of our annual corporate o...
January 31, 2024

Owl SEER Lab MiniBlog 1: CVE-2023-21093

Hello and welcome to the launch of the Owl Cyber Defense System Evaluation, Exploitation, and Research (SEER) Laboratory miniblog! This is the very first in a line of forthcoming posts. ...
September 26, 2023

Reduce Cyber Stress (at least at work) by Implementing Data Diode Enforced Segmentation

In today's digital age, cybersecurity professionals play a crucial role in ensuring the safety and security of an organization's sensitive information. With the rise of cyberattacks, it's...
April 20, 2023