Cyber security risk management and compliance for industrial control environments -- especially in the Oil and Gas Industry, and the ability to connect experts for mission critical communications and collaboration are key areas that Cisco is addressing with two new services-lead solutions.
We’re living in changing times. Cyber attacks are on the increase and critical infrastructures are under threat. Just finding oil and extracting it economically is becoming increasingly difficult. These two factors are top-of-mind for the oil and gas executives I talk to. Whether it’s an Integrated Oil Company (IOC) like Royal Dutch Shell, or an Oil Services company like Halliburton, many companies are under pressure to secure their infrastructure to protect against cyber, geo-political or operational threats and reduce risks associated operational challenges.
You’ll remember from my recent post: High Energy at Cisco Live in San Francisco, where Alan Matula, EVP and CIO of Shell talked to John Chambers at Cisco Live about how Shell and Cisco were partnering to secure critical infrastructure. Alan talked about how the changes in the oil and Gas industry -- in particular the new non-traditional methods (hydraulic fracturing, or “fracking” and horizontal drilling) mean that hundreds, even thousands, of drill sites may be needed, rather than the more modest half dozen or so that were required in the past.
As the processes required become more complex, and the Internet of Everything enables improves workflows that were not possible in the past, organizations need more visibility into their business and need to have tools that will positively impact the bottom line by protecting against risks, improving efficiency and lowering site downtime.
That’s were the Cisco Secure Ops and Cisco Collaborative Operations solutions come in.
It actually provides “Critical infrastructure security as-a-service” and uses a convenient service wrapper and attaches a set of service level agreements. What it does is support cyber security risk management and compliance for industrial control environments. It addresses risks using a combination of people, process and technology before, during and after a risk or security event takes place. It’s made up of tightly integrated Cisco and third party products and services.
It is designed to be “dropped in” to brownfield or greenfield environments and delivers unparalleled capabilities and security control mechanisms.
The integration extends into commercial arrangements with automation suppliers for services like qualified patch lists and anti-virus updates.
The business benefits are:
Business leaders gainsituational awareness for security maturity and compliance within various parts of the business.
Site leadership and management benefit from reduced management complexity and increased consistency across individual sites, leading to optimized operational costs.
Site technical leaders are provided with a technical solution to help manage security and compliance on a per-site basis as well as valuable tools to increase it through standardized interfaces and capabilities
Corporate risk and compliance leaders receive near real time information on operational risks associated with cyber-security threats and adherence to compliance policies.
It’s actually a collaborative portal that combines voice, video and data collaboration in a single, secure view. It’s an ‘always-on’ style of collaboration that can bring in multiple technologies like Cisco Video Surveillance Manager; Cisco IPICS; landline; mobile; two-way radios and remote speaker integration; chat functionality; WebEx and multiple application sharing. All on a single pane of glass (well, in an ops room that could be a huge wall screen!).
What it’s designed for is operations personnel working in distributed networks and lets remote experts help guide operations in real-time, afford greater reach per expert resource and minimize miscommunication driving faster, better decision making. It can combine multiple feeds, and individuals and feeds can ‘come and go’ as required during a collaboration period. In the case of an Oil Services Company, that could be weeks or months!
The business benefits for this solution are:
Platform enables communication between stakeholders at all times.
Remote Experts can be instantly connected with on-site personnel using voice, video or data.
Solution creates opportunities for workforce development and training, safety improvements, and risk mitigation
Whilst related solutions, many customers may start implementing one before the other depending on their particular circumstances. Remember this is largely a services offering, so customers have the comfort of knowing that Cisco, along with our partners, are ‘bringing this together’ for them to address key business issues.
This is the second of a four part series on the convergence of IT and OT (Operational Technologies) by Rick Geiger
Physical Security has evolved from serial communication to modern systems that are largely, if not completely, IP networked systems. The unique requirements of physical security have often lead to shadow IT departments within the physical security department with networks and servers procured and operated by the physical security department with little or no involvement from IT.
Intersections with IT and the corporate network began with the interconnection of physical security systems and the placement of physical security appliances on the corporate network to avoid the cost of wiring that would duplicate existing networks. At one time IT may have been persuaded that these “physical security appliances” didn’t need to be managed by IT. But that persuasion was shattered by malware infections that revealed far too many “physical security appliances” to be repackaged PCs with specialized interface cards.
IT departments scrambled to locate and remove these vulnerable devices and either outright banned them from the corporate network or insisted that they be managed by IT. A hard lesson was learned that just as the organization, including IT, required physical security, video surveillance and badge access control, the physical security department needed the cyber security expertise of IT to protect the communication and information integrity of networked physical security systems.
Convergence is sometimes regarded as the use of physical location as a criteria for network access. Restricting certain network access to a particular location and/or noting any discrepancies between the location source of a login attempt and the physical location reported by the badge access system. For example, the network won’t accept a login from Asia when that user badged into a building in Philadelphia.
The need and opportunity for Cyber and Physical security convergence is much broader than network access. Physical Security systems need Cyber Security protection just as Cyber Systems need Physical Security protection.
What are, at a very high level, the primary activities of Physical Security on a day to day basis?
Protect the perimeter
Standard operating procedures define for anticipated events
Forensic to gather, preserve and analyze evidence & information
Physical security personnel often have a law enforcement or military background, and approach these activities from that point of view.
Over time, the technology of physical security has evolved from walls, guns and guards to sophisticated microprocessor based sensors, IP video cameras with analytics, and network storage of video & audio. Although there are many examples of close collaboration between IT and Physical Security, there may also be tension. Physical Security departments defend their turf from what they perceive as the encroachment of IT by claiming that they are fundamentally different.
A quick look at the Physical Security systems quickly reveals something that looks very familiar to IT. Networked devices, servers, identity management systems, etc. are all familiar to IT.
At a very high level, the primary activities of Cyber Security can be grouped into a set of activities that are very similar to Physical Security. The common process that both need to follow is a regular review of Risk Assessment:
What are the possible threats
What is the probability of occurrence of each threat
What are the consequences of such occurrence
What are cost effective mitigations — as well as mitigations required by compliance
The Risk Assessment process is an integral part of NERC-CIP V5, which requires a review at least every 15 months of “…cyber security policies that collectively address…” CIP-004 through CIP -011. Implementation is required to be done “..in a manner that identifies, assesses, and corrects deficiencies…”
Many of the activities Cyber and Physical Security overlap and need to align:
The use of IT Technology in Physical Security systems
Overlapping Identity Management
Device Identity management
Requirement for IT process maturity
IT security required for Physical Security systems
Physical Security required for IT Systems
Consistent future strategy & direction
The bottom line is that the activities of Physical and Cyber security have many parallels with opportunities to learn from each other and collaborate in threat assessment and risk assessment strategies and coordinated implementation and operation. NERC-CIP V5 has mandatory requirements for both Physical and Cyber security. Modern security, both Physical and Cyber, need to move beyond reacting to events that have already occurred, to agility and anticipation.
What does this mean for Cisco?
Cisco has a portfolio of leading edge Cyber and Physical Security solutions. Cisco’s Advanced Services offerings help our customers develop and deploy a collaborative, unified approach to Physical and Cyber security. NERC-CIP V5 is a compelling event for the electric utility industry. The transition period is underway with completion required by April 2016. Are you up to date on Cisco’s solutions and capabilities? We are here to help!
Since its announcement at the RSA 2014 conference, the security community has been actively involved in the Cisco IoT Security Grand Challenge. The response has been so great that we’ve decided to extend the deadline by two more weeks -- so you now have until July 1st, 2014 to make your submission! Visit www.CiscoSecurityGrandChallenge.com for full details about the challenge and prepare your response. Good luck!
Interested in learning more about the Cisco IoT Security Grand Challenge? Plan to attend a free one-hour webinar at 12 p.m. EDT Wednesday, May 7. Cisco Futurist Dave Evans and Dr. Tao Zhang, Chief Scientist for Smart Connected Vehicles at Cisco, will talk about why the Challenge is so important to the future of IoT, and answer any questions you may have.
When I was in grade school, my best friend had a favorite saying whenever he disagreed with somebody’s observation that two things were really similar. “It’s the same, only different,” he would quip. Though this phrase was mostly intended to be flippant and evoke an emotional response from the recipient, I’ve finally found a topic where his phrase is 100 percent legitimate; IoT security. That’s because when it comes to securing IoT, we’re not talking about a single, homogeneous network, but rather the extended network which comprises both Information Technology (IT) and Operational Technology (OT) environments.
While existing IT networks have included cloud and perimeter security for many years, OT environments have traditionally been air gapped from the Internet, and therefore only required physical security components to ensure a high level of secure access and safety for plant personnel. And since IT and OT networks were completely separate, the radical differences in their approach to security didn’t make much of a difference – users of each simply lived in blissful isolation. But IoT is changing all of that! Read More »