Welcome!

@DXWorldExpo Authors: Liz McMillan, Yeshim Deniz, Pat Romanski, Zakia Bouachraoui, Elizabeth White

Related Topics: @DXWorldExpo, Mobile IoT, Cloud Security, @ThingsExpo

@DXWorldExpo: Blog Post

Internet of Things: Great for Critical Infrastructure Connectivity, but What About Cybersecurity? | @ThingsExpo #IoT

IoT for Oil & Gas - Addressing Cybersecurity

With modern industrial technology, an organization can make intelligent operating decisions because it can establish connectivity to all of its assets in industrial facilities or in the field across any distance. When industrial automation was first picking up speed in industries like oil and gas, there was a heavy focus on how supervisory control and data acquisition (SCADA) systems helped collect and transfer critically important data. SCADA systems are still very relevant today, but communications technology has evolved, especially with the adoption of wireless Machine-to-Machine (M2M) communications becoming important in allowing operators to access more data from more access points.

Complete connectivity through Industrial IoT (IIoT) technology can further help organizations connect and collect more data. With wireless technology in particular, it is now possible to reach even the most remote locations and transfer data reliably.  Industrial organizations are "digitizing" their operations and creating a connected infrastructure with IP connections, rather than using more traditional serial technologies. With IP enabled sensors or IP/IIoT enabled Access Gateways, the data generated by sensors at an asset location can be valuable to more than just the central control system. This might mean M2M communication with sensors talking directly to each other. It may mean that multiple systems consume the live, real-time sensor data directly from any location in the field. It may even mean that operators connect their sensors directly to the cloud or back office systems. If there is a way to share critical data that addresses security issues and can help provide information to key data users, then that information becomes increasingly valuable.

Many would argue that our critical infrastructure energy projects are only as reliable and secure as the technology serving them. Security will ultimately be the limiting factor on how much IoT is deployed. The traditional trade off of is either "easy to use" or "secure", but not both is still relevant. IoT solutions often utilize some of the widely deployed security technologies from the Internet to avoid the custom, one off solutions of past industrial security, if it was used at all. IP technology makes it easier to deploy and talk to sensors, but it also makes it easier for intruders to see and snoop on your valuable data streams. Security through obscurity is not a solution. There are many common attack vectors for industrial devices that become even more relevant when considering the IIoT infrastructures and fully networked, geographically dispersed energy projects.

Oil and gas, for example, is a security-conscious industry. The data that is transmitted via IoT technologies can be extremely useful, if it can meet the security requirements while data is being transferred. With the use of TLS/SSL and basic AES-128 data encryption, even in an Industrial IoT environment where data moves across an open network and it is assumed that an unauthorized party could potentially see the traffic on that network, secure connections can be established. When the data is properly encrypted, an unauthorized party cannot access the data even if they can see it in the network. In wireless connections, standards based connections will allow relatively easy access to the network itself, leaving just the software encryption to stop snooping. Many consumer IoT technologies are making their way into the IIoT and each has different tradeoffs.

One example in oil and gas is data gathered and transmitted via IoT technology could identify the utilization or failure rate of a certain type of control equipment. If the failure rate of this equipment was consistent and data was then accessed and analyzed by the producer or trade group, they might be willing to pay users for that data. If efficiency can be improved by just a small percentage then there are billions and billions of dollars to be saved by creating efficiencies. These are the same promises of SCADA, however with IoT the industry is now looking at how every single asset, across every facility can be connected through the internet (or an intranet), making data readily available to key decision makers whenever it is needed.

Overall, it's clear that industrial organizations, such as oil and gas producers, must consider some important questions in regards to security of their data transport before ever selecting a technology. For example:

  • What is the M2M communications technology controlling or automating? Is it essential that it operates without failure?
  • What data is being collected and/or transmitted with this technology? Is it time-sensitive and/or mission-critical?
  • What technology solutions have a proven track record for the applications being served?
  • What external factors might impact the reliable transmission and receipt of critical data from one point to another?
  • How does this M2M communications technology address challenges such as data encryption, network access control and signal interference?
  • Do we need this technology solution to be fail-safe, in order to prevent or eliminate catastrophic damage from occurring?
  • Is cyber security or physical security a greater concern for this deployment?
  • What vulnerabilities have the Information Security community identified in the type or category of IIoT equipment I use?
  • What is the right tradeoff between easy to use and secure for my installation?

What are some of the key security considerations driving your organization? Let us know in the comment section below.

More Stories By Scott Allen

Scott is an executive leader with more than 25 years of experience in product lifecycle management, product marketing, business development, and technology deployment. He offers a unique blend of start-up aggressiveness and established company executive leadership, with expertise in product delivery, demand generation, and global market expansion. As CMO of FreeWave, Scott is responsible for product life cycle/management, GTM execution, demand generation, and brand creation/expansion strategies.

Prior to joining FreeWave, Scott held executive management positions at Fluke Networks (a Danaher Company), Network Associates (McAfee), and several start-ups including Mazu Networks and NEXVU Business Solutions. Scott earned his BA in Computer Information Systems from Weber University.

DXWorldEXPO Digital Transformation Stories
Cloud computing delivers on-demand resources that provide businesses with flexibility and cost-savings. The challenge in moving workloads to the cloud has been the cost and complexity of ensuring the initial and ongoing security and regulatory (PCI, HIPAA, FFIEC) compliance across private and public clouds. Manual security compliance is slow, prone to human error, and represents over 50% of the cost of managing cloud applications. Determining how to automate cloud security compliance is critical...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
"MobiDev is a Ukraine-based software development company. We do mobile development, and we're specialists in that. But we do full stack software development for entrepreneurs, for emerging companies, and for enterprise ventures," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
The Internet of Things is clearly many things: data collection and analytics, wearables, Smart Grids and Smart Cities, the Industrial Internet, and more. Cool platforms like Arduino, Raspberry Pi, Intel's Galileo and Edison, and a diverse world of sensors are making the IoT a great toy box for developers in all these areas. In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists discussed what things are the most important, which will have the most profound e...
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
When talking IoT we often focus on the devices, the sensors, the hardware itself. The new smart appliances, the new smart or self-driving cars (which are amalgamations of many ‘things'). When we are looking at the world of IoT, we should take a step back, look at the big picture. What value are these devices providing. IoT is not about the devices, its about the data consumed and generated. The devices are tools, mechanisms, conduits. This paper discusses the considerations when dealing with the...