INTEGRITY When Life Depends On It
Securing Crude Oil and Transportation Pipelines from Cyber Attack
Recent exploits of SCADA systems used in the crude oil and transportation pipeline industry, amongst others, should serve to put company executives on notice. The U.S. Department of Homeland Security is already well aware of the problem.
SCADA systems were never designed to be connected to the Internet. But companies connect to these systems all the time to collect the data they need to manage their businesses. Coupled with the fact that SCADA systems are almost NEVER updated for fear that the effected systems won't work properly post-update. This is nothing less than a recipe for a cyber disaster. How big? The infrastructure is vast and complex:
Over 200,000 miles of oil pipelines representing a $31 billion investment
55,000 miles of crude oil trunk lines
30,000-40,000 miles of smaller gathering lines in oil producing states
More than 38 million barrels of oil products transported every day
No SCADA system updates, exposed vulnerabilities in SCADA software, SCADA systems connected to the Internet. A successful cyber attack on a crude oil facility is not a matter of if, it's only a matter of when.
Sooner or later, cyber security strategies based on ad-hoc, reactive, inconclusive "pierce and patch" security policies will result in:
- Executives not in compliance with Federal laws and facing fines and/or prison sentences
- Loss of crude oil production and/or pipeline transport
- Loss of value market capitalization, revenue, earnings
- Loss of customers
- Millions lost defending or settling class action lawsuits
- Millions of dollars spent on restoring service or refunding money to customers
- Customer health and medical emergencies, including death
- Widespread economic upheaval
- Widespread political and social upheaval
- Compromised national defense
- Environmental disasters of unlimited scope
A cyber security strategy based on "pierce and patch" is
Unfathomable. Unacceptable. Untenable. Uneconomic.
And has largely been unfixable until now.
INTEGRITY the most secure and reliable software ever developed can provide oil and transportation industries with certified unbeatable cyber asset security. The National Information Assurance Partnership (NIAP) has awarded INTEGRITY a rating of EAL6+ High Robustness.
With INTEGRITY, mission critical applications stay secure, customer data remains private, and control and command applications work without the possibility of intentional, hostile, well-funded, internal or external attack. And it's been certified not once, but multiple times.
INTEGRITY helps crude oil and pipeline transportation companies meet and exceed NERC's Critical Infrastructure Protection requirements:
CIP-001-1 Sabotage Reporting - INTEGRITY eliminates the possibility of cyber sabotage.
CIP-002 Critical Cyber Assets - INTEGRITY makes the risk assessment process simpler by eliminating the risk.
CIP-003 Security Management Controls - INTEGRITY turns the minimum requirement into a "maximum" as the security management controls will be military-grade.
CIP-004 Personnel and Training - INTEGRITY makes cyber awareness easy as access to and control of critical data are allowed based on a comprehensive policy strategy established by the electric utility.
CIP-005 Electronic Security - INTEGRITY protects all the assets regardless of where they reside.
CIP-006 Physical Security - INTEGRITY provides physical security planners with the added benefit of knowing the assets are secure from social hackers.
CIP-007 Systems Security Management - INTEGRITY enables utilities to establish their own enterprise-wide and system-level protocols.
CIP-008 Incident Reporting and Response Planning - INTEGRITY prevents any attack from getting out of the virtual computer involved. Attacks can be eliminated with a single click of a mouse.
CIP-009 Recovery Plans - INTEGRITY ensures that critical cyber assets are always safe and always available from INTEGRITY-enabled data storage facilities should physical damage create the need to rebuild an electric utility command center.
Certified as secure and reliable for both military and non-military use as a result of the most rigorous testing and evaluation possible, INTEGRITY offers:
- True security
- Open communication is possible without risk to critical assets
- Mission critical assets and applications remain completely safe and secure
- Cost savings
- INTEGRITY Secure Consolidated Client (ISCC)
- Simultaneous support of legacy and mission critical applications
- Form flexibility
- Protect desktop PCs, servers, Thin-Client Workstations and even PDAs
- Open Standards
- Supports Windows and Linux
- Ability to create native POSIX applications
- Certified security and reliability no other operating system can offer this level of security and reliability and no other operating system has ever been certified to the levels of INTEGRITY
To learn more about how INTEGRITY Global Security can secure your oil enterprise, please call 805.882.2500 or send email.