header image
OilGas.pro arrow Control Systems Hack & Intrusion Protection Services
Are your revenue-critical production control systems vulnerable to rogue attack & manipulation?

- Are your intrusion testing procedures current?
- How are you correcting current flaws & specifying future purchases?
- Are your systems harmonized across vendor platforms?


Simple fact - the industry's production control systems are vulnerable. There are a lot of reasons why. Do you want to see a background report & publication on industry risks? - click here. Also referred to as Advaced Persistent Threat APT - Flame, Stuxnet, Nitro, Night Dragon and Duqu, reference by clicking here.


Here's a scenario example. In the rush to develop and integrate artificial lift optimization control systems, oil service companies farm out hardware & software development - often to multiple third parties. Who's guarding the proverbial hen house with regards to viral embeds, hacks and remote intrusion? If you are an oil & gas operator, are you specifying your expectations for secure systems? To what standard? Are your processes protected against a Stuxnet type intrusion? Think your operation controls are immune since your systems aren't connected to the web? Study up on non-internet connected SCADA type control system "air gaps", and please reconsider - think again.


Here's one way we challenge operators to the wake up call. Following a contracted pre-review of your internal ICP system process, we offer this approach as an option:

In the first stage, separately contract with us to bring our specialists into your operations and attempt a hack infiltration of your system. Incentivize us to demonstrate how your production data and other reservoir-centric information can be stolen without your knowing the extent of privacy damage, shut down your systems, or even remotely manipulate your well production by intercepting and varying vendor code and algos. Even identification of benign third party 'cookie' implants currently utilized by coders to troubleshoot any of their own future system flaws. When we're successful, you'll pay us a premium for each level of security breach we demonstrate. You'll then have the option to take it to the next stage of prevention services and process control. If we're unable to break your software, you'll reimburse only our travel expenses. Terms are negotiable on a case by case basis.

We also recommend oil & gas operators to specify vendor control system software security and harmonize over various platforms that you're utilizing. In addition, we recommend that you update your software platform 'challenge process', and if you don't have one, at least understand the risk and associated costs should you face a hack attack and oil & gas production systems shutdown.

Please contact us today. We'd like to help your company address these types of important safeguards.



Links:
  1.http://mobile.nytimes.com/2012/10/14/world/middleeast/us-suspects-iranians-were-behind-a-wave-of-cyberattacks.xml
  2.http://pipelineandgasjournal.com/next-generation-cyber-attacks-target-oil-and-gas-scada
  3.IEEE - Stuxnet and Duqu
  4.European oil and gas industry heightens focus - Stuxnet & Duqu
  5.Zero day exploit
  6.Saudi Aramco goes public - tells world oil production not affected by virus attack
  7.Saudi Aramco publically confirms - they were after shutting down our oil & gas production
  8.Shamoon virus- Iran denies
  9.Flamer bluetooth enabled
  10.Oil pipelines cyber threat
  11.
Chevron Stuxnet alarm


images/stories/mamboFoundation_468_60.gif