OTC 2023: SME says 'cyber threats and new security regulations are coming'

April 28, 2023
Andrew Ginter, vice president of industrial security with Waterfall Security Solutions, details the looming cybersecurity threats facing the offshore energy industry.

By Ariana Hurtado, Editor and Director of Special Reports

HOUSTON  Cyber threats are constantly evolving with new challenges, vulnerabilities and attacks that can put offshore operations and safety at risk. Asset owners and operators need proactive, actionable information and defensive technologies to prepare for and defeat cybersecurity adversaries.

Waterfall Security Solutions provides cybersecurity services, which include its hybrid hardware-software technology that protects pipelines, LNG ports, offshore platforms, oil fields and refineries. Waterfall’s unidirectional gateway technologies are designed to prevent the types of attacks that can bring offshore operations to a halt.

Andrew Ginter, vice president of industrial security with Waterfall Security Solutions, recently chatted with Offshore about its latest technology solutions for the offshore energy industry as well as the cyber threats and new security regulations inevitably facing the sector

Waterfall Security aims to connect with offshore energy majors, independents and national oil companies; federal and regional government officials; and academics to reach net-zero targets and improve ESG goals for the offshore energy industry. The company is currently working with offshore majors and other stakeholders to provide engineering-grade cybersecurity solutions, in addition to classic IT-grade solutions.

"The new cloud-centric automation systems that operate and optimize net-zero solutions are prime targets for cyber attacks—and our research shows that the most consequential attacks are more than doubling annually, and most of these attacks are ransomware," Ginter said. "Modern, automated operations are vital to managing emissions, and but we cannot afford for those new systems to become channels by which physical operations are attacked and shut down, or damaged, or misoperated to cause environmental incidents."

New unidirectional gateway technology

Waterfall's latest technology, the WF-600, is the company's fourth-generation unidirectional gateway. The gateways are widely deployed at IT/OT interfaces, which protects safety-critical networks from attacks arriving from business networks, cloud-based systems and the internet.

"The WF-600, like its predecessors, is in a real sense unbreachable," Ginter said. "The hardware is physically able to send information in only one directionfrom the offshore control network out to the business network or even directly out to the internet. This is an example of engineering-grade network protection. All cyber-sabotage attacks are after all information; this is the definition of a cyber-sabotage attack. So, if no information can penetrate the hardware back into the control network, then no cyber attacks can penetrate either, not now and not in the future."

Moreover, he said the new WF-600 was designed for the needs of offshore providers.

"We are assessed and certified to military-grade assurances of security. We support the highly redundant, highly available configurations that are standard on important platforms," he added. "And we have invested dozens of person-years in this latest version of the product, making it easy to use, easy to manage and, in every way we can think of, making it agree with the expectations of this very demanding industry."

Case studies

Not uncommon, Ginter couldn't be specific about which operators are using the company's cybersecurity technology, but they have implemented it in various field trials.

"Most organizations are not willing to tell the world which security systems they have deployed," he said. "But I can say that we were recently deployed fleet-wide in one organization's offshore platforms."

In that case study, each platform received a pair of high-availability, no-single-point-of-failure gateways as their sole IT/OT connection. The gateway software synchronized the AVEVA PI server in each platform's control network out to the enterprise PI system in real time. The gateway copied a bunch of other platform systems out to the business network as well (e.g., file servers to eliminate USB key usage, gas turbine control systems for vendor monitoring, etc.).

Waterfall Security also recently deployed in an LNG port, where the company made a real-time copy of the port's OPC-UA servers out to primarily business networks, with quite a few secondary replications as well.

R&D efforts

Ginter said the company has new technology under development that was motivated by the permanent changes the pandemic brought about in the industry, but he couldn't reveal many details about this yet.

The company also has a constant stream of new software connectors under development for its unidirectional hardware.

"For example, we recently released our cloud-focused MQTT software connector, as well as an Amazon Web Services connector, on top of the nearly 100 unidirectional connectors we already support," he said. 

New threats looming

"Cyber threats and new security regulations are coming," Ginter warned. "In the decade 2010-2019, cyber attacks with physical consequences were largely a theoretical problem—governments and forward-looking organizations were worried, but not a lot of others. In this decade, attacks with physical consequences have become very real and are growing at 10x every 2.5 years."

In May 2021, the Colonial Pipeline Co. halted its pipeline operations due to a ransomware attack that infected some of the pipeline's digital systems, disrupting operations throughout the US East Coast. Russian hacker group DarkSide hacked into Colonial as part of a monthslong crime spree, according to news reports. The attackers stole 100 GB of data within a two-hour window. Following the data theft, the attackers infected the Colonial IT network with ransomware that affected many computer systems, including billing and accounting. This led the company to shut down operations. The hackers demanded $4.4 million (in digital currency bitcoin), which Colonial paid. The pipeline's systems came back online five days after the attack. Fortunately, by June, the US had recovered much of the ransom payment DarkSide extorted from Colonial.

This attack was similar to another pipeline ransomware attack in 2020, which also resulted in a pipeline shutdown. 

Ginter added, "Many people looked at the Colonial Pipeline attack, for example, and asked 'what does this mean for the industry?' To me, the one word that describes the impact is 'inevitable.' If the Colonial attack had not happened in 2021, something like it would have happened last year or this year. Similar incidents are inevitable in the years ahead."

Government initiatives

Waterfall is significantly active in government initiatives for cybersecurity of critical infrastructures.

"Some government regulations in this space were unfortunately created without a good understanding of the physical processes, automation systems and, most importantly, the constraints that good engineering places on all those systems," Ginter said. "Imposing IT-style regulations on this very sensitive industry risks causing more harm than good, so we try to provide advice and industry perspectives to government. On the other hand, there is the occasional government initiative that is very relevant."

For instance, Ginter's team is contributing directly to the new US Cyber-Informed Engineering Strategy. He says the strategy team is working to make engineering and security teams aware of some "very powerful tools" that the engineering community can use to address cyber risk. "These tools do not exist in the IT space, and so are not represented in widely used standards like the NIST Cybersecurity framework, or even the IEC 62443 industrial security standards," he added.

Looking ahead

So, what's the path forward for the offshore energy industry?

"Every second or third major incident like this is going to result in yet another round of emergency regulations," Ginter explained. "All this means that as an industry, we need to get out ahead of these regulations and threats. This is why I am making such a big commitment to contributing to the new US CIE strategy.

"Safety engineering, automation engineering and network engineering teams all have powerful tools, including unidirectional gateways, for managing risks to physical operations. Many engineering tools have been in use for decades generally but have not been applied systematically to the task of managing cyber risks to physical operations. We need to bring these tools into the mainstream of cybersecurity programs. The world needs engineering-grade protections for offshore systems, in addition to classic IT-centric protections."

Ginter encourages industry leaders and companies to become more aware of cybersecurity threats and solutions. "This space is going to change dramatically in the next five years because of the dramatically increasing number of attacks with physical consequences," he concluded.

04.28.2023

Offshore Technology Conference (OTC):

CEO Lior Frenkel will be part of the “Together We Can: Fortifying Offshore for Cyber Resilience” panel from 8:30-10:30 a.m. Monday at OTC. Speakers from FBI National Cyber Investigative Joint Task Force and the Cybersecurity and Infrastructure Security Agency will also be a part of the panel session.

Waterfall will be at OTC booth 1462. 

About the Author

Ariana Hurtado | Editor and Director of Special Reports

With more than a decade of copy editing, project management and journalism experience, Ariana Hurtado is a seasoned managing editor born and raised in the energy capital of the world—Houston, Texas. Utilizing her editorial expertise, she helps create and oversee new special industry reports and revolutionizes existing supplements, while also contributing content to Offshore magazine, its newsletters and website as a copy editor and writer. In addition, she manages digital media for the Offshore team.