In 2012, several Middle Eastern oil companies were attacked by a virus that wiped out 42,000 data systems. The virus infiltrated through USB devices and spread throughout other devices. As it spread, the virus began destroying data stored in databases. Its spread was reported back to an Internet-hosted application.
The attack occurred on the evening of one of the region's biggest national holiday celebrations. The oil companies immediately contacted control system teams to protect what data remained and retake control of the systems. Most sophisticated control system teams include divisions dedicated specifically to cybersecurity and response.
42,000 Infected Systems
During this attack, control system specialists were dispatched to critical plants in multiple countries. These teams worked to identify, isolate and rejoin infected systems around the clock until the immediate danger was past. They discovered 42,000 infected systems that required significant resources to repair.
However, because of the right preparation and a little luck, no plant control systems were infected. Not a single hour of production was lost, and infrastructure systems were stable. Faults in the virus's code contributed to the aftermath, but an effective response plan, strong host security and business-plant network segregation were the real reasons why production networks survived the attack.
Following the attack, government and industry officials wanted every plant to upgrade and patch all operating systems to the most current supported version. Anti-virus, intrusion prevention, device control, and central and off-site storage systems would all have to be implemented. Each plant's systems would have to include a demilitarized zone (DMZ) and must connect to a central command center to monitor all assets.
The directive had a mandatory compliance date, and the first phase was to be implemented in just a few short months.
Demilitarized Zones
One of the plants to be upgraded was a 30-year-old seawater injection facility, one of the largest in the world. With seven plants spanning several kilometers, the plant was deemed critical for oil and gas operations in the region. The facility provided more than 5 million barrels per day of seawater injection into oil fields to maintain reservoir pressure.
Cybersecurity encompasses several layers: procedures, physical security and digital security. (Graphic courtesy of Schneider Electric)During Phase 1, initial planning and design meetings were held at both corporate and plant sites. The cybersecurity team was involved from the beginning. The task was to develop a reliable security infrastructure that could sustain failures and continue operation.
The team delivered the security solution ahead of schedule. The plant now had a fully redundant, fast, reliable and secure network infrastructure and DMZ to protect systems against an attack. In-depth, defensible controls were implemented to prevent attacks from gaining access should they breach the first level of security. To finish the system, network hardware was immediately ordered, and two cybersecurity consultants worked 18-hour days during a period of a week and a half.
Equipment Upgrades
During Phase 2, the distributed control center at the seawater injection facility was upgraded. This project was more complex because cybersecurity specialists had to implement a system-wide upgrade without affecting production. Minor infrastructure upgrades, including stations, controllers and fieldbus modules, had to be completed while leaving the bulk of the production infrastructure intact.
To address the security needs of each piece of equipment, the specialists recommended purchasing new engineering and operator stations. These stations featured security programs that managed the entire environment to meet all project directives. Teams of engineers delivered on time a new DMZ for the facility's distributed control center. The center employed fully autonomous security path updates to stay current with global digital threats. The new environment was secure. Maintenance costs were reduced. The return on assets was improved, and flexibility was significantly enhanced.