Petrochemical Industry
Petrochemical Components
The petrochemical industry handles many elements within its critical infrastructure including liquids, coal, natural gas, renewables and nuclear. The critical infrastructure also manages a variety of liquids: crude oil, gasoline, heating oil, diesel, propane, biofuels, natural gas liquids and other relevant elements The SCADA and PLC controls within the petrochemical industry are responsible for managing and protecting elements during a variety of functions throughout the CI’s operation. Providing security against attacks is an ongoing responsibility of cybersecurity professionals; the process becomes dire due to the critical infrastructure needing security during its production of oil and gas. The following five steps are fundamental components of operations within the petrochemical infrastructure that underscores the need for protecting them from vulnerabilities as each are key to the CI’s production: perform drilling and exploration in order to reach oil and gas reservoirs, make extractions from the reservoirs through pumping and treatment of the oil and gas, send oil and gas to process plant through different means of transportation, refine oil and gas at a process plant, and distribute oil and gas products to consumers. Securing SCADA and PLC controls during the major process steps in mining and surface reporting has a significant impact on nations and consumers, as any exploit of a vulnerability during any of the steps could have a significant negative impact on populations.
Management
Even though the stakes are high in regards to the management of the petrochemical industry, the critical infrastructure receives more international oversight, regulatory controls, standardized safety and physical security than other critical infrastructures. Despite the existence of more regulation and policies pertaining to the petrochemical industry, the process of securing the critical infrastructure shares commonalities with the other Cis. Most notably, the use of SCADA systems to perform the following functions: establish a control center, communication link, and mange field equipment and sensors used to collect data. The petrochemical industry like other CIs also rely heavily on PLC systems that makes decisions on how to manage critical infrastructure including the ability to execute Control Instructions, communicate with other devices, and perform housekeeping activities.
Risks
There are several frequent cyber risks that affect the petrochemical industry: poor or incorrect situational awareness, loss of critical communication in distributed network, SCADA and SIS system halts due to high network overload, virus or worm attacks impacting critical SCADA/ICT systems. There are also associated vulnerabilities of integrated ICT and SCADA systems: possibility of common failures in the network used to control production and emergency response, lack of testing or certification of interconnection between SCADA and ICT systems, poor risk analysis and risk awareness, absence of systematic knowledge sharing and awareness training, poor scenario training and emergency preparedness, lack of consistent safety and security guidelines, poor standardization, lack of barriers in the network between SCADA and SIS, inadequate review of firewall logs, and inadequate deployment of patches to mitigate vulnerabilities. The authors make several recommendations on how to mitigate vulnerabilities within the petrochemical industry: develop an information security policy, perform risk assessments, use segregated networks and control all communication, educate all staff on information security requirements and acceptable use of ICT systems, implement disaster recovery plans, enforce protection against malicious software, establish procedures for reporting and handling security events. The authors conclude that following these steps will protect the petrochemical industry from physical and cyberattacks, as well as from accidents that can arise from human error or the compromising of systems and networks.
Security
The authors discovered a comprehensive approach in securing the petrochemical industry that involves the protection of SCADA and PLC systems, as well as promoting the establishment of policies and training that will educate employees on the effective use of technology. Another effective way to help secure the petrochemical industry would be for cybersecurity professionals to create a risk matrix that identifies the probability and consequence of each threat so that upper management at companies managing the critical infrastructure can decide to take action on particular threats. It also helps upper management to prioritize the steps necessary for mitigating potential threats.
Challenging Operations
While the petrochemical industry benefits from additional regulations that are not present in other critical infrastructures, the fact that its operation relies heavily on procedures that manage the physical as well as digital components of the critical infrastructure make it a challenge to secure on an ongoing basis. Also the impact that oil and gas has on the nation and its consumers make protecting the petrochemical industry a high priority for the companies responsible for managing and securing its critical infrastructure. The compromising of the petrochemical industry can have a direct impact on populations in the real world. One of the most frequent vulnerabilities cybersecurity professionals attempt to protect against are accidents that take place by human error or damage to SCADA and PLC controls that manage the physical and digital properties of the critical infrastructure. Management at companies that are responsible for the petrochemical critical infrastructure can reduce the probability of an accident occurring by ensure that staff has the proper training on how to use the critical infrastructure’s technology, as well as mitigating any threats to company systems in the most effective ways possible. Another important reason for protecting the petrochemical industry concerns the impact the critical infrastructure could have during a cyberwar. If a state-actor were to penetrate the petrochemical industry and thereby shut down the nation’s ability to access oil and gas, it would force citizens and corporations to live without access to those resources which could have a direct impact in their homes, transportation and other areas of interdependent critical infrastructures.