Oil companies work very diligently to protect oil refinery facilities and networks from unauthorized access. Yet all US oil refineries employ Intel, Apple, RISC, AMD, or some equivalent general purpose computing base with Linux, Windows, iOS, or some other general purpose operating system with the related protocol stacks. The software-based cybersecurity solutions employed inherently are not secure against cyber attacks such as the National Institutes of Standards and Technology (NIST)Advanced Persistent Threat (APT). Yet it is essential for operations that system control parameter updates arrive at the facility and detailed instrumentation data be reported regularly to the oil company headquarters, research laboratories, and other control points.
Therefore, the Supervisory Control and Data Acquisition (SCADA) equipment typically is linked to the Internet either by a hard-wired Ethernet connection to a network Point of Presence (PoP) or exposed via wireless connection, whether by the popular WiFi® or by a custom wireless solution. Each of these approaches exposes the utility to malicious mischief that can be achieved by one or two hackers somewhere in Russia, Syria, Iran or you name it. Wireless enables drive- by collection of data, but a disgruntled (e.g. fired) employee can change parameters in ways that will not be reported. The authority may or may not discover the hack. A truly nasty hack could cause slow damage over months to years that are blamed on something else such as human error. You don’t have to be in a big city or high profile jurisdiction to suffer a disgruntled employee.
Protect the people of you’re the USA from the disaster of malware-induced preventable damage to one or more US oil refineries by installing a Hackproof Web Machine ® Oil Refinery facility Web Shield between the enterprise local area network and the Internet connections, wired and wireless. This puts a non-penetrable window between the refinery and the internet. The Oil Refineries Web Shield operates like the window between you and the bank teller at a drive up window, but instead of passing the physical check (analogous to IP packets) to the teller, you hold the check up to the window and the teller copies the numbers, takes a picture of the signature on the back and the funds are deposited. Since the check never physically enters the bank and it not touched by the teller, your germs (analogous to malware) cannot infect the teller or others inside the bank. Similarly, your Oil Refineries Web Shield does not allow any Internet packets into the SCADA local area network (LAN) and no LAN packets escape to the Internet. Instead the web shield copies the authorized water treatment information into a dedicated memory from which hardware cross-checking circuits validate that only authorized data is moving in our out, and then creates brand new pristine IP packets containing only authorized data and destined only for white-listed IP addresses.
What constitutes authorized information? Your list of data reported at the management level will include levels, flow rates, pump status, valve status, maintenance due dates and the like. This data is acquired from your current SCADA network by our Web Shield as if it were reporting directly to the Oil Oil Refinery Authority. However since authorized data is copied but the rest of the packet is left inside the SCADA network, malware command and control bits cannot escape even if your system already is infected with what NIST terms APTs. Authorized controls will be specific to your facility’s SCADA equipment. If you do not know in detail what packets flow between a given plant and a networked control authority, Hackproof will analyze your flows and customize your Web Shield to your current data flows. We can do this remotely without disturbing plant operations. Once authorized controls are established, the Web Shield copies just the authorized data from the inbound Internet packets, throwing the rest of the Internet packets away via hardware.
Let Hackproof Secure your facility today by using Hackproof Web Machines unique Hardware Solution. To obtain an Oil Refinery Web Shield white paper comparing Hackproof to the many alternatives, email info@hackprooftechnologies.com today.
