Protection for Data-in-Transit
for Oil & Gas
Protecting Oil & Gas Communications
To ensure the safety and reliability of oil and gas (ONG) upstream,
midstream, and downstream operations and industrial IoT (IIoT)
communications, ONG companies must protect their industrial
control systems (ICS) devices and supervisory control and data
acquisition (SCADA) networks. More than 85% of connected
industrial devices are more than ten years old and are particularly
vulnerable to cyber attacks.
While companies are using IPsec and TLS Virtual
Private Networks (VPNs) to secure onshore and offshore
communications, encrypted VPNs are only as secure as the
devices and methods used to encrypt and decrypt the network
traffic. Malicious actors target system vulnerabilities that allow
them to:
- Steal plaintext keys that reside in memory
- Decrypt IPsec VPN tunnels
- Impersonate devices with stolen/predicted credentials
- Compromise mission-critical data and applications
Cybersecurity breaches continue to increase by attacking
vulnerabilities in defense-in-depth security solutions that expose
unencrypted data in system memory, the CPU, network and
storage. Attackers that gain unauthorized access to a valve
controller, programmable logic controller (PLC), gateway, or
network device, may be able to compromise drilling, ship-to-
shore communications, plant operations, and distribution.
OIl and Gas Networks Are Vulnerable to Attacks
Side Channel Attacks and Eavesdropping
Upstream VPN Untrusted VPN Midstream
Device Network Device
Cache Memory Attacks
VPNs can be difficult to manage and are prone to performance
challenges due to:
- High IPsec VPN overhead that reduces throughput
- Shared CPU resource utilization for encryption that slows
firewall performance
- Application layer protocols that are impacted by IPsec and GRE
- Chatty security protocols increasing latency
- Complex configuration of IPsec and GRE tunnels
- Security and compliance policies
There is an urgent need for solutions that can withstand
persistent, sophisticated, and costly cyber threats without
compromising performance or flexibility. VPNs need to be
hardened to protect data at rest and in transit.
Cyphre BTX Security Platform
Cyphre BTX is a hardware-based network encryption solution
for site-to-site communications that is delivered as an appliance.
Deployed at each site, BTX appliances leverage Cyphre’s
patented BlackTIE® security engine that offloads encryption
operations to hardware in a way that protects plaintext
encryption keys from ever being exposed in the CPU or system
memory.
Inbound and
Man-in-the-Middle Attacks
VPN Untrusted VPN Downstream Edge & IIoT
Device Network Device
Fireware and Software Vulnerabilities
06/2020
Cyphre BTX appliances are available in multiple form factors to
protect remote, edge and cloud deployments. The BTX extends
defense-in-depth approaches and provides:
- Tamper-resistant hardware-based security that never exposes
private keys and encryption keys to the CPU or memory
- Resistance to side-channel, cache memory and MITM attacks
- Better application performance over high latency, low
bandwidth links
- Reduction of typical IP VPN packet overhead by more than
50%
- Offload of crypto operations to hardware to reduce CPU load
for encryption and decryption
- Simple VPN configuration and tunnel management
- Support for any IP-based network
Cyphre, a RigNet company (NASDAQ:RNET), is a cybersecurity
company deploying disruptive data protection innovations by
enhancing industry standard encryption protocols with our
patented BlackTIE® technology.
For more information
visit our website www.cyphre.com
or contact us at info@cyphre.com
© 2020 RigNet. RigNet is a registered trademark of RigNet, Inc.
Cyhpre’s turnkey solution is comprised of:
- Cyphre BTX Security Appliances available in multiple form
factors for data center or edge deployment
- Cyphre BlackTIE Technology hardware-based Security Engine
that is integrated with the BTX appliance
- CyphreLink Application secure site-to-site encryption solution
that leverages BlackTIE
By handling cryptographic operations in hardware and not
exposing keys in the CPU and memory, Cyphre is able to ensure
trustworthy communications to protect critical assets.
FIPS
VAꢀIDATED
140-2
IT Schedule 70
Enabling Intelligence. Delivering Results.