(2022039) Vulnerability of Remote Monitoring and Control Systems in the Oil and Gas Industries

Vulnerability of remote monitoring and control systems in the Oil and Gas industries By George Tyson and David Allen, Oiltek Systems LLC The Modern oil and gas industry extensively uses systems to remotely monitor and control operations throughout the process. Supervisory control and data acquisition (SCADA) systems have had wide acceptance and used for years. Many SCADA systems use the Modbus protocol, developed in 1979, to communicate between the parts of the system. Most of these systems operate under MS Windows or DOS. This creates an environment of ever expanding vulnerabilities. Hackers have used these vulnerabilities to wipe out revenue and destroy infrastructure. In 2021 Colonial Pipeline Co. had their major East Coast pipeline shut down by hackers. Hackers also broke into the water system of Florida City and tried to pump in a "dangerous" amount of a chemical and was only stopped by an alert employee. In a similar incident, in 2015 hackers were able to flick digital switches in Ukrainian power substations, causing cuts affecting hundreds of thousands of people. These vulnerabilities are growing. Every time MS Windows is updated there is a chance of a new vulnerability to be introduced into the operating system or in third party software. The new system that is entering service in the industry is the Internet of Things (IoT) or the Industrial Internet of Things (IIOT). The very nature of these systems allow them to be secured far better than SCADA and other legacy systems. This paper will examine the structure of IoT and IIoT to show how it contributes itself to security.