Dragonstone Strategy – State of Cybersecurity in the Oil & Natural Gas Sector
- Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
The oil & natural gas (ONG) system touches every corner of the nation and increased communications & control capabilities have not only allowed for greater efficiency of system operation, but have also created a massive target for adversaries to launch cyber-attacks. Like any other heavy industrial process, the ONG system relies on a complex system of information technology (IT) and operational technology (OT) devices. The current state of cyber-preparedness across the ONG industry varies from organization to organization. Among the most common challenges that ONG companies face are remote locations, longlived field assets, and lacking capabilities to find and track malware on their systems. ONG companies tend to be concerned with lack of cyber-awareness from employees, risk stemming from remote access for operations & maintenance, and software vulnerabilities within third-party equipment. Various industry and government organizations are performing research and development activities to address some of these challenges, but in many cases industry stakeholders are not aware of solutions that already exist. It is clear that a need exists for a coherent, comprehensive, multi-layered strategy for assuring the security and resilience of the nation's pipeline infrastructure against cyber threats. For a variety of reasons, the general consensus from stakeholders interviewed by LLNL is that the state of cyber-security within the electric grid is currently outpacing its ONG cousin. Existing strategies for the resilience and cyber-security of the electric grid can and should be leveraged to provide immediate benefits to the ONG system. In LLNL’s view, there are two key factors currently limiting the development of necessary cyber-practices within the ONG industry: The sheer number of differing regulatory bodies and trade groups offering both standards and best-practice recommendations for ONG cyber-security makes it difficult to create a comprehensive, directed, and coherent strategy that is applicable to all players within the ONG industry. The ONG industry is unaware of potentially useful technologies that have been developed for ensuring cyber-security of other infrastructure systems, such as the electric grid. Leveraging these technologies—and the science and engineering behind them—can provide some low-hanging fruit that can greatly improve cyber-security in the ONG industry without significant investments in terms of time and money. In the months following this report, LLNL will continue to perform outreach to key oil & gas industry stakeholders in a continual effort to identify the most pressing cyber-resilience issues in the industry. This outreach will be supplemented with LLNL’s threat intelligence capabilities to begin painting a clearer picture of the overall threat landscape faced by this sector. This assessment will be threat-informed and while the strategy itself will not be classified we will leverage intelligence analysis and adversary capabilities to identify gaps in current cybersecurity practices for oil & gas pipeline systems. Recommended efforts will be compiled into a cyber-resilience roadmap for the oil & gas pipeline sector, in which LLNL will highlight priority activities to immediately improve the state of cyber-resilience in the industry.
- Research Organization:
- Lawrence Livermore National Lab. (LLNL), Livermore, CA (United States)
- Sponsoring Organization:
- USDOE National Nuclear Security Administration (NNSA)
- DOE Contract Number:
- AC52-07NA27344
- OSTI ID:
- 1602649
- Report Number(s):
- LLNL-TR-805864; 1009152
- Country of Publication:
- United States
- Language:
- English
Similar Records
Assessing Vulnerabilities, Risks, and Consequences of Damage to Critical Infrastructure
Autonomous Tools for Attack Surface Reduction (Final Report)