With a technical background as a network security engineer spanning almost 25 years, Mick Vaughan has seen the field of cybersecurity evolve as the internet became mainstream. And in a recent position as an operational cybersecurity network architect for Noble Drilling Services, Mick has seen the lines between OT and IT blur, recognizing the importance of securing information for industrial control systems (ICS) to protect critical infrastructure.
Securing OT on drilling rigs in the middle of the ocean
With the demand for data, Mick saw the “air gap” between OT and IT almost vanish. While at Noble Drilling Services, he was in charge of ensuring that data stored in local systems on a rig could be pushed from the local historian’s device, encrypted, pushed up to a satellite, and then downloaded to a point-of-presence to be analyzed and interpreted. Implementing a project of this magnitude resulted in a paradigm shift for a number of OT professionals who were now evaluating the cybersecurity of their systems, a consideration that was foreign to the traditional role.
As Mick began connecting these different devices, he also knew that an assessment program would be paramount to ensuring the security of the different ICS onboard the drilling ship. This meant traveling out to the drill rigs and crawling through field stations, getting dirty in some of the more challenging spots, and recording his observations on paper assessment forms. Performing the assessments was onerous and time-consuming: Mick and his team had to physically be on the rigs and often needed personnel to accompany them to the different systems onboard.
But the magnitude of his work was not lost on him. Mick recalls eating in the mess hall with the drill crew, who were away from their homes for 28 days, and watching family photos being projected on a screen to give them a sense of connection to their homes. Seeing those photos helped forge a connection between Mick and the crew, driving home the fact that a secure OT environment can result in a safer work environment for those on the rig.
SecurityGate.io would have been a huge benefit to Mick on the rig
The feature of the SecurityGate.io platform that would have benefited Mick most immediately is its digital accessibility from a laptop or cell phone. Rather than having to tote around bulky papers in tight spaces or mentally note deficiencies to be recorded later, Mick could have used our assessment platform to document his findings in real-time. Additionally, with predefined workflows, having the guarantee of consistent assessments is a huge bonus for Mick—he understands that the variability between assessors can often skew results and thus fail to provide the most comprehensive and accurate assessment.
Completing an assessment isn’t enough to keep a deep-sea drilling crew safe. The data has to be collated, sanitized, and analyzed to determine the risk posture and potential exposure. Long days gathering the data in tight quarters led to long nights pulling together information from various spreadsheets and interpreting the data. That legwork vanishes with SecurityGate.io’s platform—instead of collecting data on paper and in spreadsheets, data is collected inside the platform, whether your smartphone or laptop is online or not. Once an internet connection is established, the assessment is uploaded into the cloud, providing instantaneous insights for the auditor and OT professionals. Mick says that this feature alone would have saved him and his team at Noble Drilling Services untold amounts of time and led to a quicker start into risk remediation, a quantum leap from what he experienced less than a decade ago.
Mick is a cybersecurity subject matter expert at SecurityGate.io with 25 years of experience in the cybersecurity industry. While working with an offshore drilling company, he helped bridge the gap between IT and OT professionals to successfully transmit OT data from rigs in the middle of the ocean and minimize the risk exposure of those industrial control systems.