While automation provides efficiency and reliability of services, the inherent vulnerabilities in pipeline IT and OT (e.g., industrial control systems) present opportunities for malicious actors to exploit. A compromise of pipeline systems could result in explosions, equipment destruction, unanticipated shutdowns or sabotage, theft of intellectual property, and downstream impacts to National Critical Functions (NCF) and therefore, impact our national safety and prosperity.
- CISA and DHS - Oil & Gas
Cybersecurity Recommendations
Global Events Are Threatening Operational Network Security
The CISA and DHS have created the Pipeline Cybersecurity Initiative (PCI) to implement cybersecurity best practices in the oil & gas sector. Although this initiative was originally focused on the midstream space, this is also a preemptive notice for upstream and downstream organizations.
Traditional tools, like ethernet radios or IoT gateways with public facing IPs, web-based remote desktop access, or manually configured IT networks leave critical energy systems vulnerable.
Increasing network cyber security will also have a more direct impact on company ESG ratings moving forward. Companies will be required to outline goals and initiatives to minimize cyber risks across their organizational IT/OT infrastructure.
“Expectations that organizations should be more transparent about their security risks have increased, resulting in public demand for greater transparency within their ESG reporting,” said Claude Mandy, research director at Gartner. “Cybersecurity is no longer solely a risk to the organization, but a societal risk.”
Congress has delivered on its top cybersecurity priority this session, with both houses approving new legal mandates as part of a government spending bill that will require critical infrastructure companies to report breaches, ransomware payments and other “significant” cyber incidents to the federal government.
Watch the ONG-ISAC Cybersecurity Webinar
Check out our recent blog post on securing your network infrastructure:
Our energy infrastructure is facing cyber threats now more than ever before
What Can You Do?
Recommended Steps to Protect Your Operational Infrastructure
As part of a proactive cyber posture, the CISA, FBI, and NSA recommend:
Step 1: Secure all IP nodes behind an internet invisible firewall
Step 2: Segment operational and IT networks to prevent lateral traversing in the case of an intrusion
Step 3: Distribute all access control through physical first, multi-factor authentication
Step 4: Institute logging to audit who has accessed what and when
Step 5: Backup operational data to minimize downtime in the case of a destructive breach
How Tosibox Can Help
TOSIBOX Is Your Dedicated Operational Network Platform:
Step 1: Secure - Automated setup of your firewall, network, cloud connection and user access control removes human error and ensures complete cybersecurity
Step 2: Segment - Internet invisible without any static/public IPs or DNS servers, Tosibox is purpose built to support and segment your OT network.
Step 3: Access Control - Tosibox requires Physical First, MFA, allowing only trusted users to access your network
Step 4: Audit Logging - Tosibox central platform provides detailed audit logs of who access what and when.
Step 5: Backup - Your data is backed up, encrypted at rest, and ready for same day disaster recovery
For more information, or to set up a time to talk with a TOSIBOX OT specialist, click the contact us link at the bottom of this page.
Reframe through OT Network Automation
Automated Cybersecurity
The Tosibox Platform is a fully automated OT platform that embeds industry leading cybersecurity in every connection automatically.
- -Automated firewall
- -Automated point-to-point, layer 2 and 3 capable VPN connections
- -256-bit AES encryption
- -No Static IPs = Internet invisible
- -No 3rd party cloud routing
- -User access control down to the port, protocol, or MAC ID/IP level
- -Physical first multi-factor authentication
- -Outbound ports only
- -Secure boot
IT Approved
The Tosibox Platform has been approved by IT groups of global enterprise organizations in over 150 countries, and here is why:
- -Fully embedded edge-to-edge OT cybersecurity
- -No static IP or inbound ports
- -Existing corporate & cloud firewall friendly
- -Seamless integration with existing IT networks and applications
- -Full IT/OT network segmentation
- -All data packets accounted for
- -No 3rd party cloud routing
- -Invisible from the internet
- -Everything cellular ready
- -1-1 NAT, DHCP, VLAN Support, MAC Filtering, Proxy Support
Remote Connectivity
With the Tosibox Platform, you can create point-to-point Layer 2 or 3 capable VPN connections to equipment at the edge in 10 seconds. Once a network has been established, you can manage user access to equipment through simply checking boxes to provide new users cyber secure remote access to equipment at the edge.
The platform is also completely protocol agnostic, meaning, use any manufacturers ethernet capable equipment and speak any protocol you desire. If there is an ethernet port, it will work with Tosibox.
Always on Data Connectivity
Creating always on VPN connections to a hosted environment for data collection is as simple as checking boxes. No IPSEC tunnels, Static IPs, or building out port forwarding channels. The Tosibox Platform automates cyber secure, always on connectivity from equipment at the edge to your data analytics applications in the cloud or on prem.
Host your data and applications wherever you choose, that could be in the Tosibox Tier 4 OT Data Center, AWS, Azure, or in an On Prem. Server.
You can also use whatever data applications you desire. If you already have an application built and hosted, no problem, Tosibox will seamlessly integrate. If you are looking to build your own platform, Tosibox is here to help.
User Access Management
Adding or removing users from the network is as simple as checking boxes to provide true physical first multi-factor authentication. This access can be time restricted, or restricted down to the port, protocol, network, or MAC ID level.
Audit logs of user access times and devices is stored in the Tosibox platform for accurate user management and time stamps.
IT/OT Segmentation and Integration
The Tosibox platform was designed with OT in mind. Implementing Tosibox as your OT network solution provides full network segmentation from the IT side, setting the OT network behind its own cybersecurity. This protects your OT network from cyber vulnerabilities or attacks on the IT network.
Even though you are creating IT/OT network segmentation with the platform, there is still capability embedded for seamless integration with existing enterprise networks and corporate applications.
Host with Tosibox
The Tosibox Cloud is a network of Tier 4 Datacenters. We understand the critical nature of Operational Infrastructure and Data which is why we feel our hosting EXCEEDS the out-of-the-box capabilities of the large hyperscaler platform. Highlights for the datacenter component of Tosibox Hosting and Managed Services includes:
- -All data throughput is included
- -Fixed Monthly Costs
- -Encryption of Data-at-Rest
- -Daily Incremental and Weekly Full Encrypted Backups for immediate recovery
- -Tier 4 Datacenters with SOC2 Compliance
- -Additional Industry certifications (e.g. HIPPA, etc.)
- -24/7 Datacenter Support
- -Complete Disaster Recovery Redundancy (same country)
- -Locations in US, UK, Ireland, Australia, Singapore.
- -Free inbound migrations of existing hosted applications
Minimize Network Downtime Through Redundancy
Tosibox edge nodes can come ethernet/WiFi/Cellular (dual-sim integrated modem), and Satellite capable. We can select the best fit based on your application and network requirements.
Within the edge node settings is the capability to set the WAN priority. This is configured with a drop down menu to automatically fail-over between multiple internet sources.
Gone are the days where you are tied to one carrier or internet source. Setting up fully-redundant networks through the Tosibox platform has been simplified and automated.
-Proj. Example:
-
- First Internet Source: iNet LTE Cellular
- Second Internet Source: Verizon Cellular
- Third Internet Source: Satellite Modem
- The Edge Node will automatically fail-over between carriers to decrease downtime and will also rely on the higher priority sources as first choice.
Capable Cellular Carriers:
-TosiSim Quad Carrier Sim (More Info in images below)
-All main cellular carriers including iNet LTE
