LOGIIC - Linking the Oil and Gas Industry to Improve Cybersecurity - has published the results of its most recent study on how asset owners and vendors approach multi-factor authentication (MFA) and allowlisting in their operational technology (OT) environments.
LOGIIC members assert the best practice access approach is to implement MFA at logical boundaries and provide physical badge access to the control rooms. This ensures that all ingress points, logical and physical, are protected. Anything beyond this would be additional layers of security and would be aspirational.
Allowlisting, also called application control, helps to mitigate security attacks by permitting only those files, applications, and processes that are trusted, or "allowed," to be run.
LOGIIC members assert the best practice recommendation is to block unauthorized applications, services, and code in the OT environment. Allowlisting will not be implemented in the information technology (IT) environments that are not directly connected to the OT environment and not required for OT operations because there is sufficient risk mitigation at the OT/IT boundary with protections such as firewalls.
The complete study, including key findings from the survey, is available on the LOGIIC website.
LOGIIC is a consortium hosted by the International Society of Automation (ISA), the publisher of the world's most complete industrial cybersecurity standards (ISA/IEC 62443). For 17 years, LOGIIC has funded research on cybersecurity vulnerabilities in oil and gas (O&G) automation systems.
For the past several years, LOGIIC has conducted small studies on securing oil and gas sector operations from cyber threats. Member companies select projects based on common interests and benefits to the group, with the end result of study reports that provide benefits and insights to the broader oil and gas community.