Although the oil industry may be hesitant to admit vulnerability, drilling rigs in the modern era need better cybersecurity. Complacency about security runs rampant through the industry, where critical assets using out-of-date operating systems are falsely believed to be safe due to air gapping. The truth is that previously isolated assets are increasingly connected to larger networks due to the proliferation of Internet of Things (IoT) devices. Even for assets without IoT endpoints, network isolation has never been a foolproof defense; there are too many other ways for malware to slip through the cracks.

Oil and gas operators are realizing their most important systems may be vulnerable. They are also increasingly aware that artificial intelligence (AI) provides a powerful way to keep their operations safe. But too often, they immediately give in to the fear and uncertainty surrounding the new cybersecurity landscape. Hastily purchasing a security solution from the first vendor that claims to sell AI protection, without understanding what that solution actually does and without a plan for moving forward, will not guard a rig against cyber threats.

AI is revolutionizing business processes across the board, and this includes cybersecurity in the oil and gas space. But operators need to be aware of the challenges to proper implementation and how best to surmount them.

Overcoming internal resistance

To make a large project like an AI implementation work, it is important to get buy-in throughout the company. Unfortunately, there will always be people within a company who still believe that device security is unnecessary for industrial assets.

The best way to overcome this resistance is with internal education. Industrial control systems cannot be kept safe through just isolation and network security. One-third of industrial sites are connected to the internet. Even on isolated systems, there have always been ways for assets to be compromised, from infected USB drives to engineers connecting to the system with corrupted devices. These attack vectors also completely bypass network security, leaving any asset without device security defenseless.

When implementing AI cybersecurity in drilling operations, spreading awareness of these dangers is the best way to ensure the whole organization is onboard. Make sure everyone in the company understands that AI cybersecurity is not being installed as a trendy new toy but a vital part of protecting the whole rig.

Choosing an AI solution

This can be one of the most daunting steps in implementing an AI solution, cybersecurity or otherwise. AI has become a marketing buzzword, and it can be difficult to determine which software vendors are actually making use of the technology. How do you separate the real deal from the vendors just looking to get on the bandwagon of the next big trend?

Too many oil and gas companies looking to integrate AI into their operations fail to understand the massive range in scale of the complexity and effectiveness of machine learning models and algorithms. Vendors have overused the phrase “AI” to the point that making it a requirement is like walking into a car dealership, asking for any car at all, and then being surprised to find that a Honda Civic doesn’t run the same as a Ferrari.

The best way to get a sense of whether an AI vendor is offering the genuine article or just another knockoff is by asking them questions that require informed answers. Which precise components of the product use machine learning, and how? How does the product deal with messy or incomplete data? Does it use deep learning, or can they even explain what exactly deep learning is? A quality vendor will be able to answer all of these questions and more in detail. Anyone who can’t is trying to sell you a lemon.

Identifying value in AI

Imagine someone was concerned with air quality in their house and decided the best solution was to install a Geiger counter. Not only would this not actually prevent contaminants from getting into the house, it would only alert on one specific (and uncommon) contaminant after the home already was irradiated. It would be more useful to prevent contaminants that are likely to occur than to simply detect them.

Unfortunately, this is essentially what many operators do with cybersecurity in oil and gas. An AI cybersecurity solution will not protect a rig if it is not placed in the best vector or not looking for the right kinds of threats. Many operators implement AI to detect infections that have already made their way into the network. Although this is certainly useful, it’s better to start with AI that can prevent infections from occurring in the first place.

In addition, operators often focus on the wrong threats. Hacking from, say, a foreign threat is a frightening prospect that has inspired many headlines, but drilling rigs are far more likely to be targeted by ordinary criminal groups or even pranksters. Again, protection against uncommon threats is useful as well, but it’s better to guard against the most likely sources of malware first.

Testing a model’s efficiency

Once the model has been selected, it needs to be tested as well—it is unwise to trust a vendor’s self-reported efficacy. There are a few important best practices to follow when testing a cybersecurity product. The first is to create a safe environment for testing—tests require the use of real malware, and users do not want to infect their machine if something goes wrong. The best way to do this is by using a virtual machine, which is a fully operational computer system that runs from within another system.

To get a comprehensive picture of a solution’s capabilities, it should be tested against at least three types of malware: prevalent, polymorphic and zero-day. For any file tested, a cybersecurity solution should be able to identify whether the file is a threat, what type of threat it is, what actions can be taken to protect the system and further details about the threat and threat type. At the most basic level, it must be able to alert the user and block execution of the file.

Properly identifying threats

A cognitive solution that can actually protect a rig needs to be able to catch novel threats, not just known malicious software. New malware is proliferating faster than ever before. According to Verizon’s 2016 Data Breach Investigations report, 99% of malware hashes are seen for no more than 58 seconds. Hackers have automated the process of creating new malware variants and can produce novel infections at an unprecedented rate.

A solution can only protect against these threats if it is capable of correctly classifying new malware it has never seen before. There is a plethora of endpoint protection software on the market claiming to use AI and machine learning, but most of them drop substantially in efficacy against malware that is less than 24 hours old. What this indicates is that many commercial solutions offer subpar protection against new threats. Given the sheer percentage of malware that is “new” at any given time, this weakness is a major problem. When testing a solution, make sure to test it against novel threats—not the threats it already knows.


Of course, these are hardly the only challenges that must be planned for in implementing AI for cybersecurity on a rig. Beyond basic matters such as budgeting for the cost of the project, there is the time needed for the often lengthy certification to place new software on mission- critical assets. There are also further decisions to be made, such as whether to host the cybersecurity solution in the cloud versus on-premises.

The challenges listed here are some of the most prominent barriers to implementing a cognitive security solution in drilling operations. Critically, these are all challenges that can be overcome with the right knowledge. And the end result—drilling rigs that are protected against threats like Petya, Stuxnet and more—is well worth the effort.