Cisco Blogs


Cisco Blog > Energy - Oil & Gas and Utilities

Securing Your Industrial Networks by Aligning IT and OT

In the first six months of 2013, 53 percent of cybersecurity incidents were in the energy sector, according to the Department of Homeland Security. As cyber-attacks are becoming increasingly prevalent in industries that support our critical infrastructure, it’s crucial that business leaders adopt security process designed to address these new threats. Are you ready?

While I was at CERAWeek last month, former US Secretary of Energy, Daniel B. Poneman, and Under Secretary, NPPD, US Department of Homeland Security, Suzanne Spaulding had a  message to attendees. Their message was clear:

Cyber Security is a “C-Suite” topic of Enterprise Risk Management.

Their recommendations are strong: Security needs to be baked it in from the beginning! Physical and Cyber Security and Secure Coding of Software!

• Implement Layered Protection; we cannot depend on just a perimeter defense
• Apply Cyber Security Framework: 1. Assess, 2. Protect, 3. Detect, 4. Respond, 5. Recover
• Attend to the nexus of Physical and Cyber Security
• Test your response, including business recovery and continuity

Digital strategy and business strategy are becoming one and the same. Forward-looking energy firms see opportunity in today’s turbulent market and seek to pull ahead by changing their operating models through the Internet of Everything (IoE). Transformative digital technologies have to potential to deliver many advantages to O&G firms, including increased business agility and risk awareness, lower cost of operations, and reduced downtime. But before the industry can embrace these new strategies, an effective, end-to-end cybersecurity approach—including alignment between IT and OT—is needed.

Security a Catalyst for Transformation
Digital transformation means that a range of new and diverse devices are connecting to industrial oil and gas networks, generating greater amounts of data. When managed effectively, this data delivers the right information to the right place, at the right time, helping create a competitive advantage. However, as the IoE proliferates, the accompanying explosion of devices and applications will lend itself to increased areas of attack that criminals will seek exploit.

Oil and gas companies must replace traditional approaches like physical segmentation and security by obscurity. They need an integrated approach where information flows in real time to enable immediate action. Cybersecurity doesn’t need to be an inhibitor. It should be the catalyst for new ways of working. It can help oil and gas companies work more safely and better protect the environment by obtaining remote visibility and control over operations, including processes in refineries. It can make processes more efficient, increase production and reduce overall costs.

Addressing the Entire Threat Continuum
Cyber-attacks occur on a continuum of before, during, and after. The same digital hyper-connectivity that oil and gas managers use to collect data and control machines and processes, can also allow cyber attackers to get into system networks and steal or alter classified information, disrupt processes and cause damage to equipment. Threats to a company’s information systems and assets could come from anywhere. State and non-state actors from around the globe are constantly working to penetrate the networks of energy providers and other critical infrastructures in the U.S.

Energy firms must address this entire continuum with a visibility-driven, threat -focused, and platform-based framework:

  • Visibility-driven means having an accurate, real-time view of the network fabric, endpoints, mobile devices, applications, virtual environments, the cloud, and their interrelationships. High visibility allows you to make sense of billions of devices, applications, and their associated information, while helping you see an attack coming, control the environment, and mitigate threats.
  • Threat-focused means focusing on detecting, understanding, and stopping threats. Policies and controls reduce the surface area of attack, but threats still get through. Focusing on threats can help you identify threats and indicators of compromise based on a well-honed understanding of normal and abnormal behavior. This requires continuous analysis and real-time cybersecurity intelligence across all technologies. With contextual awareness, you can identify false-positives and assess the impact of a threat.
  • Platform-based means we have an integrated system of agile and open platforms that cover the network, devices and the cloud. It is a true platform of scalable, easy-to-deploy services and applications. You gain powerful end-to-end visibility with centralized management for unified policy and consistent controls

Securely Converge IT and OT
As oil and gas companies embrace the IoE, they bring together the use of information technology (IT) and operational technology (OT). Security needs to be as pervasive and applied in a unified way across the extended network. Physical and cybersecurity solutions must work intelligently together to reduce unauthorized system access – in order to protect networks, devices, applications, users and data. For example, in many oil and gas companies today, upstream and downstream domains use different solutions for common tasks such as asset performance management. In addition, OT is often managed autonomously from IT, even for critical functions such as reliability and cybersecurity.

Cisco has the broadest set of solutions covering the broadest set of attack vectors, leveraging both global and local intelligence. Cisco’s Secure Ops Solution is helping oil and gas companies secure industrial control networks by combining on-premises technology, processes, and managed services. For example, Royal Dutch Shell (Shell) was challenged with increasing its security maturity level. By implementing the Secure Ops Solution, Shell was able to improve its cyber security and risk management, lowering costs of delivery while significantly reducing its costs of securing the process control systems that keep billions of pounds of toxic material under control. Cisco Secure Ops Solution provides remote proactive monitoring and Service-Level-Agreement (SLA) driven management of security, applications and infrastructure, making it easier to:

• Manage cyber-security risk.
• Support compliance.
• Secure the perimeter between enterprise and operational networks.
• Implement and maintain layered security controls

How can Cisco help your energy organization? Read More »

Tags: , , , , , , , , ,

Industry Recognition for Security Excellence

Cybersecurity is a company-wide initiative. It touches every line of business, the technology, the fabric of the organization, its culture, brand and reputation. Customers are telling us that their most important issues are security and assuring the integrity of the products and data in their networks. In light of the heightened potential for cyber threats, trust is more important than ever throughout the entire IT industry. A trustworthy product requires that security be integrated throughout the product lifecycle based on a transparent and open culture of the company, its policies, its processes, its supply chain, and its partners.

John Stewart, Senior Vice President and Chief Security and Trust Officer here at Cisco, drives trustworthy systems development, supply chain security, cloud security and customer data protection, as well as validation of Cisco’s cyber security practices. This week, John was presented with the RSA Conference Award for Excellence in Information Security during the conference keynote. We are excited for John and see the award as recognition of the work Cisco is doing around the world to raise security awareness and the importance of trust, accountability and transparency from IT vendors.

I was chatting with John after the award presentation and he told me what an honor it was to receive this level of recognition, because it affirms we’re on the right path. We recognize the enormity of the security task before us and it makes us all proud to work for a company that is totally committed to the security of our solutions and of our company.

You can read more about the award here.

Tags: ,

Driving Conversations on Cybersecurity in the Public Sector

Just like private businesses, public sector organizations are taking advantage of today’s “boundless” infrastructures. They also face the same challenging reality when implementing those networks: a threat to data security. For public sector, the stakes are especially high. The proliferation of hackers, inevitable human errors, bring-your-own-device initiatives and the ever-broadening need to share information weigh heavily on government and education organizations, and consume substantial resources.

Against this backdrop, it’s more important than ever to be constantly discussing and innovating cybersecurity measures to keep networks safe. Cisco is not only an industry leader when it comes to providing cybersecurity solutions and services for the public sector, but it is also helping drive conversations with government and technology leaders around the country. In fact, Cisco will be attending a number of cyber-focused events over the next few months:

Cisco is a proud sponsor of the RSA Conference, an event that helps drive the information security agenda worldwide and plays an integral role in keeping security professionals across the globe connected and educated. Speakers will discuss everything from cloud computing to quantitative security, and include Secretary Jeh Johnson, Department of Homeland Security.

This year’s CyberTexas conference will explore the intersection of cyber security and the ‘Internet of Things’. Cisco’s Kurt Harris, Senior Systems Engineering Manager, is presenting on This session will explore the importance of securing the IoT and how these security challenges impact the enormous opportunity presented by the IoE for public sector in the future. This session will explore the importance of securing the IoT and how these security challenges impact the enormous opportunity presented by the IoE for public sector in the future. This session will explore the importance of securing the IoT and how these security challenges impact the enormous opportunity presented by the IoE for public sector in the future. This session will explore the importance of securing the IoT and how these security challenges impact the enormous opportunity presented by the IoE for public sector in the future. the importance of securing the Internet of Things and how security challenges impact the enormous opportunity presented by the Internet of Everything for public sector in the future. Cisco is also sponsoring the “Securing the Internet of Things” track.

The 2015 Synergy Forum brings together government and industry practitioners driving our collective technology futures to examine the emerging fusion of physical and digital worlds. Gary Neal Akers, senior vice president of Advanced Security Initiatives, Cisco, will take part in a panel on security and the Internet of Things.

Linked by a commitment to cybersecurity, government agencies, intelligence personnel and industry leaders will gather at the 2015 Defensive Cyber Operations Symposium to discuss successful strategies for improving security. In addition to exhibiting its cybersecurity solutions at the symposium, Cisco’s Kapil Bakshi, Distinguished Architect, will be speaking on a panel titled “Secure, Operate and Defend in the Commercial Sector – How Do We Maintain and Increase Cyber Security While Providing Innovation in IT?”

Digital Government Institute’s 8th annual Cyber Security Conference will explore today’s cyber threats and offer an opportunity for those supporting government security initiatives to collaborate on how to detect, protect, and respond to these challenges. Peter Romness, cybersecurity solutions lead, U.S. Public Sector, will be presenting during the show. Cisco is a Gold Sponsor of the DGI Cyber Security Conference.

The NSA Information Assurance Symposium is a biannual forum hosted by the National Security Agency that brings, policy, governance, technology, hands-on training and networking opportunities to attendees from across government, industry and academia. Cisco will be exhibiting at the symposium.

That is quite the cyber roadshow! Also, don’t miss our webinar with GovLoop on April 30th for a discussion on how to stay secure and connected in the age of the Internet of Things. And of course, we will undoubtedly be talking cybersecurity during Cisco Live in San Diego, June 7-11th. If you are attending any of these events, please make sure to stop by and say hello!

 

Tags: , , , , , , , , , , , ,

IoE-Powered Business Transformation Boosts Agility and Efficiency for Oil and Gas Companies

This week I’m attending CERAWeek, the premier international gathering of energy industry leaders, experts, government officials, policymakers, and innovators. While this is the 34th annual CERAWeek conference, the mood is definitely not “business as usual.” The disruption and uncertainty created by plunging oil prices and shifting market dynamics has created the urgency throughout the industry to rethink strategies and adopt connected technologies to spur operational efficiencies.

But disruption can also create opportunity. Forward-thinking oil and gas (O&G) firms see today’s turbulent market as an opportunity to gain competitive advantage by harnessing new technologies. For example, in the Eagle Ford region in North America, improved drilling technologies are now enabling oil rigs to produce 18 times more efficiently than in 2008, and 65 percent more efficiently than in 2013.

A new study by Cisco highlights the opportunity to achieve even greater efficiencies through transformed business models and digital technologies powered by the Internet of Everything (IoE)—the networked connection of people process, data, and things.

With IoE, oil and gas firms have the opportunity to make IT services a commodity in the business, creating the potential for dramatic cost reduction and improved operational efficiency. The illustration below shows several ways O&G operations can benefit from connected technologies. To achieve these benefits, however, they will need to bring together both the IT and the operational technology (OT) sides of the business. Our survey indicates that oil and gas firms have a long way to go in breaking down the barriers between IT and OT. In fact, only 41 percent of respondents “completely” or “somewhat” agreed that their firms’ IT and OT strategies are aligned.

OandG_Digital_Tranform_01

Source: Cisco, 2015

Here are some examples of how IT-OT convergence can impact the areas of data, collaboration, and cybersecurity: Read More »

Tags: , , , , , , , , , , , , , , , ,

A Turning Point for Oil and Gas: Managing Through Turbulence to Digital Transformation

This is a big week for the global energy industry, as thousands of energy leaders, experts, technologists, and policymakers gather in Houston, Texas, for the 34th annual CERAWeek conference, the premier international event for the industry. As a corporate sponsor of the event, it’s also a big week for Cisco.

Just last week, Cisco released a new report focused on the need for digital transformation in the oil and gas industry. Based on a survey of oil and gas executives, analysts, and consultants in 14 countries, the paper validates CERAWeek’s “oil day” theme, “Turning Point for the Oil Industry.” For forward-thinking oil and gas companies, the price volatility and turbulence in the market could represent a turning point toward true digital transformation. Read More »

Tags: , , , , , , , , , , , , , , , ,