Cybersecurity with edge computing

What is claimed is: 1. A two-stage method for analyzing data from an oil and gas field operation site for cyber threats, the method comprising: in a first stage of analysis, filtering captured events using local edge computing at the site to perform initial cyber anomaly detection by applying classification models to the captured events, forming filtered data; transmitting the filtered data to a second stage of analysis; and in the second stage of analysis, analyzing the filtered data in a cloud by applying system context and referring to vulnerability databases. 2. The method of claim 1 , wherein, in the first stage of analysis, edge analytics, resident on dedicated hardware or available devices, are used to analyze the captured events. 3. The method of claim 1 , wherein the first stage of analysis is capable of detecting highly critical events. 4. The method of claim 1 , wherein computational capabilities of the first stage of analysis exhibit local survivability in the case of network failures to the cloud. 5. The method of claim 1 , wherein the filtering of the captured events using local edge computing forms local alerts at the site. 6. The method of claim 1 , wherein the filtered data is transmitted to the second stage in combination with external intelligence. 7. The method of claim 1 , wherein the filtered data, and optionally external intelligence, includes only cyber threat events of interest. 8. The method of claim 1 , further comprising, in the second stage of analysis, forming alerts of cyber threats based on the second stage of analysis. 9. The method of claim 1 , wherein, in the second stage of analysis, global scale anomaly detection is performed based on the filtered data. 10. The method of claim 1 , wherein, in the second stage of analysis, the flirted data is analyzed using cloud analytics that is performed on servers. 11. The method of claim 1 , wherein the second stage of analysis is capable of detecting all potential security threats. 12. The method of claim 1 , wherein the captured events are transmitted from physical processes at the site to the first stage of analysis. 13. The method of claim 12 , wherein the captured events include data from include programmed logic controllers and human machine interfaces. 14. The method of claim 1 , wherein the filtered data is transmitted from to the second stage of analysis via a gateway and communications equipment. 15. The method of claim 1 , wherein the analysis of the filtered data in the second stage of analysis is performed using cloud-based ML clusters. 16. The method of claim 1 , wherein alerts are formed based on the second stage of analysis. 17. The method of claim 16 , wherein the alerts are transmitted to a security operations center. 18. A cyber threat analysis system for analyzing data from an oil and gas field operation site for cyber threats, the system comprising: an edge computing device, the edge computing device including computer instructions to implement a first stage of analysis to filter captured events at the site to perform initial cyber anomaly detection by applying classification models to the captured events, forming filtered data; a cloud-based ML cluster, the cloud-based ML cluster including computer instructions to implement a second stage of analysis to analyze the filtered data by applying system context and referring to vulnerability databases. 19. The system of claim 18 , wherein, in the first stage of analysis, edge analytics, resident on the edge computing device, are used to analyze the captured events. 20. The system of claim 18 , wherein the first stage of analysis is capable of detecting highly critical events.