The number of attacks on operational technology (OT) is increasing rapidly, and effective security solutions are needed to properly protect it. This report outlines a real-world success story in the Oil & Gas sector – one of Telefónica’s and Nozomi Networks’ key areas of expertise.
The convergence between IT and OT worlds is increasing, which brings many opportunities but also increases the attack surface, making it necessary to take appropriate security measures.
The Oil & Gas sector has some characteristics that make it different from other industries. The challenges
it faces are also different. One of the important aspects to consider is that the infrastructure is dispersed and includes remote stations and legacy technology with different capabilities that are being integrated into the IT infrastructure, which increases the attack surface. Moreover, it should be mentioned that the number of attacks is increasing and even targeted malware is being designed. Another challenge in this sector is that the number of actors in the supply chain is high, ranging from state-owned oil companies, to smaller companies that focus on certain aspects or multiple suppliers, so end-to-end protection is
another challenge facing this industry.
It is therefore essential to have visibility of what assets are connected in the network, identifying the number of connected elements and their typology. In addition, the vulnerabilities associated with these assets must be monitored, as well as the expected behaviour of both the assets and the industrial process.
This report tells the experience of a real success story in the Oil & Gas sector. In this case, the client
needed greater visibility of what was happening in its OT network, as well as greater control over the infrastructure.
In order to meet these needs, a monitoring solution has been implemented which has been specially designed for the protection of industrial environments and which is capable of analysing the protocols
used in these environments. Firstly,the solution consists of a consultancy phase, which is completed with
the findings of the monitoring solution based on Nozomi Networks technology. This phase includes
everything related to the study of the network, choice of deployment points for the sensors, installation and configuration, training, etc. In order to complete the solution, the operation of the service is offered, supported by the experience of Telefónica’s SOC, which has certified experts distributed in 11 locations worldwide.
Thanks to this project and the analysis of the client’s network, a better understanding of the layout of the
network has been gained, as well as visibility of the assets connected to the client’s network, understanding what type of assets is connected to each site and what their associated vulnerabilities are. In addition, security alerts managed by the SOC and reported to the client in the event of security incidents have been obtained and resolved together with the client to ensure greater security of the client’s network and business.