It’s easy to think of IT security as fundamentally just IDs and passwords for access to systems and apps, but oilfield communications devices (such as modems, gateways, and radios) need at least the same level of security as office systems…and often, even more robust protection. Over just the past several years, we’ve seen field hardware compromised with myriad forms of malware causing millions of dollars in damages as well as the loss of sensitive information and, of course, corresponding reputational harm for organizations.
One recent example is the Mirai malware which, during one particularly virulent period in the fall of 2016, brought down much of America’s internet with an unparalleled DDoS (Distributed Denial of Service) attack through its botnet. For those unfamiliar with the term, a botnet is a network of devices infected with malicious software and controlled as a group without the owners' knowledge. The primary reason that Mirai was able to commandeer such a large number of devices was the unprotected nature of the targeted hardware, and oilfield communications devices were among those hardest hit.
The following are some common recommendations for protecting field communications devices:
- Change the manufacturer’s default password: A major security vulnerability for field communications devices is retaining the manufacture’s default password. This should be changed to a strong password before initially deploying the device to the field, and again whenever a device has been compromised.
- Proactively update device firmware: To stay ahead of security threats, device manufacturers routinely release new firmware with enhancements for security. Firmware updates should always be installed as soon as practical.
- Employ Trusted IP Setting: Most devices have a security configuration option to only allow communications with “trusted” IP addresses, also known as whitelisting. By enabling this feature, your device will only be able to communicate with the whitelisted IP addresses which you specify.
- Disable Pinging: The ping command is often used as a simple way to confirm the ability to communicate with a device. However, this command can also be used by malicious threats to verify active communications as a means for identifying hardware susceptible for attack. Disabling the ping function makes finding active devices much more difficult.
- Monitor data usage: By proactively monitoring how much data or bandwidth each device uses under normal working conditions, it’s much easier to identify significant changes. An increase in usage can be a sign of infection.
You should always check with your device’s manufacturer for recommended settings as well as with your organization’s IT group before making any configuration changes. And a routine security review of all hardware should be part of your cybersecurity policies and procedures.
"The decisions we make about communication security today
will determine the kind of society we live in tomorrow."
~ Whitfield Diffie, American cryptographer