H2s Alive Training Online

(He learned of a cheat sheet that has been circulated since 2008). Once an infected USB is plugged into an HMI to transfer data, the malware “hooks into” the device and takes off like a bot, trawling systems and networks. He added, “One saving grace is that some adjustments are made in the field, such as mud weight, so it’s not as vulnerable.” The outdated personal computer operating systems (OS) used may also be vulnerable. For example, Hecker said Windows XP, an OS released in 2001, continues to be used in many drilling operations, and extended support for XP, including security updates, was discontinued in 2014. Hackers see old systems as low-hanging fruit because the vulnerabilities are well-known, familiar, and unprotected. Had the hacker in this case been successful, the result would have been a theft of data for profit. But Hecker hypothesized more alarming scenarios that could lead to serious equipment damage, unnecessary nonproductive time and added cost, destruction, and fatalities. Hecker highlighted the variety of HMI opportunities for the introduction of malware in oil and gas projects. In addition to the company’s personnel, there are contractors and consultants. Maintaining strict vigilance and control over HMI is challenging, if not impossible. Ramping up network security is one means of protection, but an awareness among users for the need of security at the HMI and the operational technologies used in drilling and processes is one of the most important levels of prevention.

