Cyber Security

Dragos and the Bentonite malware. Anomali protects ONG-ISAC members. NOV backs SentinelOne’s security data lake. ISAGCA standard adopted in Malaysia. Inductive Automation gets thumbs-up from Exida. DNV explains EU NIS2 ICS cyber directive. Petras on ML-based intrusion detection. New energy cybersecurity capability maturity model from SEI.

In its 2022 Year in Review, cyber security specialist Dragos highlighted the risk to the oil and gas industry from the Bentonite malware, a highly opportunistic malware that is used for data exfiltration, espionage and IT compromise. Bentonite can deploy wiper malware and be used in ransomware attacks. To combat this and other control system risks, Dragos recommends ‘consequence-based vulnerability management’ addressing the 2% of vulnerabilities which represent immediate risks.

Anomali and ONG-ISAC* have announced a joint initiative to combat cybercrime in the oil and natural gas sector. The Anomali cyber intelligence platform will be used by ONG-ISAC security analysts to identify attackers that target critical infrastructure. The platform provides high-fidelity signals of attack, detects threats and prioritizes response. More from Anomali.

* The Oil and Natural Gas Information Sharing and Analysis Center.

SentinelOne’s new ‘Singularity’ security data lake (SDL) has received a strong endorsement from National Oilwell Varco CISO John McLeod who opined, ‘We spent years looking for a replacement for our SIEM solution and we found one in the SentinelOne SDL, which provides more storage and faster searches in a highly cost-effective manner.’ The cloud-native solution provides a comprehensive view across security ecosystems, enabling organizations to quickly uncover threats and respond to them in a real-time, intelligent and cost-efficient manner. More from SentinelOne.

In its year-end 2022 review, ISAGCA* reported ‘continued efforts’ by member Petronas that have resulted in Standards Malaysia’s adoption of ISA/IEC 62443 as a national Malaysian Standard. Also in 2022, ISAGCA ‘stood up’ ICS4ICS, the incident command system for industrial control systems. More from ISAGCA.

* The ISA Global Cybersecurity Alliance.

Inductive Automation reports that its company-wide secure software development lifecycle (SDLC) was recently assessed by Exida to meet the requirements of the ISASecure security development lifecycle assurance (SDLA) 3.0.0 and IEC/ANSI/ISA-62443. The latter is a set of standards maintained by the ISA99 committee on security for industrial automation and control systems that make up a ‘comprehensive’ cybersecurity framework which shares responsibility between asset owners and systems integrators.

DNV has just published a whitepaper covering the new NIS2 European cyber security laws, their implications for industrial companies and how to achieve compliance. NIS2 results from a January 2023 EU directive that member states must transpose into national laws by late 2024. NIS2 is described as ‘NIS on steroids’, suitable for an era in which organizations operating essential services need more than ever to manage the cyber risk of both their IT and the control systems that manage, monitor, automate and control industrial operations. Increased risk arises from greater connections between OT/IT and the internet. Oil and natural gas falls under the NIS Directive Annex II covering ‘essential services and digital service providers’.

The UK Petras center of excellence for IoT system cybersecurity has just published its Deployment Guidelines for machine learning-based intrusion detection systems for industrial control systems. The guidelines have been developed under the Petras ‘Elliot’ project and are claimed to guide tool selection from the ‘plethora of commercial and open-source options’. The report covers the selection and deploying of ML-based anomaly detection tools and their limitations. The Guideline can be downloaded here and a short summary of the key recommendations is available here.

SEI, the Carnegie-Mellon Software Engineering Institute has released a new version of its energy sector cybersecurity capability maturity model (C2M2). The new release has updated two-thirds of the 2012 model and merged the previously separate models for the electricity and oil and natural gas subsectors. A Cybersecurity Architecture domain was added, and the third-party risk management domain has been refreshed in the light of increasing supply chain cybersecurity risks. The model is now accessible via the SEI’s HTML-based C2M2 tools.

Click here to comment on this article

Click here to view this article in context on a desktop

© Oil IT Journal - all rights reserved.