This summer I worked a second internship with ExxonMobil, this time for the ExxonMobil Research and Engineering Company (EMRE) Control Systems Support Team (CSST) at the Spring, TX campus.
The CSST group supports control system engineers at sites worldwide and manages upgrades to software, policy, and hardware. My team gave me the opportunity to combine my interests in industrial control systems and cybersecurity.
My primary assignment was to source, test, and develop honeypot solutions for deployment on controls networks. Honeypots can best be described as fake resources on a network built to look attractive to potential intruders on a network. Because they have no legitimate purpose, any time these resources are used is potential evidence of an attack in progress. Typically, these are deployed on enterprise system and built to look like sensitive files or resources. For control networks, they may look like tools or files used to control sensitive equipment in the field.
I was tasked with evaluating commercial, open-source, and in-house solutions and making a recommendation at the end of the summer. I did my research on commercial products, many of which were designed for enterprise networks and did not take into account the specific requirements of an industrial network. I found many open-source projects, many of which were outdated, too narrow, or generally unsuitable for this application. I also talked to researchers in the IT department who had deployed honeypots at an enterprise level, and examined source code from available projects to try to determine how costly it would be to develop a custom tool in house.
I narrowed down the choices to two commercial and one open-source project, and got permission to install them on our testing environment. I evaluated their response to different types of network probing, gearing my tests towards what I believed were the most likely forms of reconnaissance to be performed on an industrial network. In addition to technical requirements, I also evaluated the ease of installation and configuration. From conversations with my team, I had learned that sites tend to be hesitant to install new products handed from the top down. They do not want to install a product that's going to create more work than the benefits it provides, and they need to be able to install it so that it works as intended. I presented my results to my team, and gave my recommendation for which solution should be further evaluated and potentially installed in sites across the world.
The second main assignment I worked on was gathering and visualizing cybersecurity data from sites all over the world. I moved data from previous years into a new format that was easier to maintain. I also suggested metrics that should be collected in future years to get a better picture of cybersecurity practices and incidents worldwide. On the surface level, this was a simple project whose biggest learning curve was learning a new software tool. However, having access to this data made me think a lot about what kinds of metrics are most useful to collect at a global level, and how we can use metrics to truly understand what progress is being made. It was clear that not all sites were answering the questions the same way, and some sites provided feedback on the assumptions they made when answering. I had to find ways that visualized the data in the most useful manner, and could be used to tell a story of progress over the years. I also had to anticipate future years' data, and ensure that I was making minimal adjustments to labels and raw data so that it would be easy to maintain these visualizations in the future. If I ever get the opportunity to return to ExxonMobil, I hope to one day see these graphs being used and know that I added value during my short time there.
ความคิดเห็น