In the first six months of 2013, 53 percent of cybersecurity incidents were in the energy sector, according to the Department of Homeland Security. As cyber-attacks are becoming increasingly prevalent in industries that support our critical infrastructure, it’s crucial that business leaders adopt security process designed to address these new threats. Are you ready?
While I was at CERAWeek last month, former US Secretary of Energy, Daniel B. Poneman, and Under Secretary, NPPD, US Department of Homeland Security, Suzanne Spaulding had a message to attendees. Their message was clear:
Cyber Security is a “C-Suite” topic of Enterprise Risk Management.
Their recommendations are strong: Security needs to be baked it in from the beginning! Physical and Cyber Security and Secure Coding of Software!
• Implement Layered Protection; we cannot depend on just a perimeter defense
• Apply Cyber Security Framework: 1. Assess, 2. Protect, 3. Detect, 4. Respond, 5. Recover
• Attend to the nexus of Physical and Cyber Security
• Test your response, including business recovery and continuity
Digital strategy and business strategy are becoming one and the same. Forward-looking energy firms see opportunity in today’s turbulent market and seek to pull ahead by changing their operating models through the Internet of Everything (IoE). Transformative digital technologies have to potential to deliver many advantages to O&G firms, including increased business agility and risk awareness, lower cost of operations, and reduced downtime. But before the industry can embrace these new strategies, an effective, end-to-end cybersecurity approach—including alignment between IT and OT—is needed.
Security a Catalyst for Transformation
Digital transformation means that a range of new and diverse devices are connecting to industrial oil and gas networks, generating greater amounts of data. When managed effectively, this data delivers the right information to the right place, at the right time, helping create a competitive advantage. However, as the IoE proliferates, the accompanying explosion of devices and applications will lend itself to increased areas of attack that criminals will seek exploit.
Oil and gas companies must replace traditional approaches like physical segmentation and security by obscurity. They need an integrated approach where information flows in real time to enable immediate action. Cybersecurity doesn’t need to be an inhibitor. It should be the catalyst for new ways of working. It can help oil and gas companies work more safely and better protect the environment by obtaining remote visibility and control over operations, including processes in refineries. It can make processes more efficient, increase production and reduce overall costs.
Addressing the Entire Threat Continuum
Cyber-attacks occur on a continuum of before, during, and after. The same digital hyper-connectivity that oil and gas managers use to collect data and control machines and processes, can also allow cyber attackers to get into system networks and steal or alter classified information, disrupt processes and cause damage to equipment. Threats to a company’s information systems and assets could come from anywhere. State and non-state actors from around the globe are constantly working to penetrate the networks of energy providers and other critical infrastructures in the U.S.
Energy firms must address this entire continuum with a visibility-driven, threat -focused, and platform-based framework:
- Visibility-driven means having an accurate, real-time view of the network fabric, endpoints, mobile devices, applications, virtual environments, the cloud, and their interrelationships. High visibility allows you to make sense of billions of devices, applications, and their associated information, while helping you see an attack coming, control the environment, and mitigate threats.
- Threat-focused means focusing on detecting, understanding, and stopping threats. Policies and controls reduce the surface area of attack, but threats still get through. Focusing on threats can help you identify threats and indicators of compromise based on a well-honed understanding of normal and abnormal behavior. This requires continuous analysis and real-time cybersecurity intelligence across all technologies. With contextual awareness, you can identify false-positives and assess the impact of a threat.
- Platform-based means we have an integrated system of agile and open platforms that cover the network, devices and the cloud. It is a true platform of scalable, easy-to-deploy services and applications. You gain powerful end-to-end visibility with centralized management for unified policy and consistent controls
Securely Converge IT and OT
As oil and gas companies embrace the IoE, they bring together the use of information technology (IT) and operational technology (OT). Security needs to be as pervasive and applied in a unified way across the extended network. Physical and cybersecurity solutions must work intelligently together to reduce unauthorized system access – in order to protect networks, devices, applications, users and data. For example, in many oil and gas companies today, upstream and downstream domains use different solutions for common tasks such as asset performance management. In addition, OT is often managed autonomously from IT, even for critical functions such as reliability and cybersecurity.
Cisco has the broadest set of solutions covering the broadest set of attack vectors, leveraging both global and local intelligence. Cisco’s Secure Ops Solution is helping oil and gas companies secure industrial control networks by combining on-premises technology, processes, and managed services. For example, Royal Dutch Shell (Shell) was challenged with increasing its security maturity level. By implementing the Secure Ops Solution, Shell was able to improve its cyber security and risk management, lowering costs of delivery while significantly reducing its costs of securing the process control systems that keep billions of pounds of toxic material under control. Cisco Secure Ops Solution provides remote proactive monitoring and Service-Level-Agreement (SLA) driven management of security, applications and infrastructure, making it easier to:
• Manage cyber-security risk.
• Support compliance.
• Secure the perimeter between enterprise and operational networks.
• Implement and maintain layered security controls
How can Cisco help your energy organization? Read More »
Tags: Cisco, Cisco Secure Ops, cybersecurity, data, Digital transformation, Energy/Utilities, Internet of Everything, IoE, oil and gas, utilities
If ever there was an industry and a time that epitomize “disruption,” it is the oil and gas industry today. Price declines of more than 50 percent since June 2014 have upended the sector, and dominate the agendas of industry executives. In fact, a new Cisco study identified “energy price volatility” as the external market force causing greatest concern for the industry today. The study, “A New Reality for Oil & Gas: Complex Market Dynamics Create Urgent Need for Digital Transformation,” shows an industry ripe for transformation by the Internet of Everything (IoE).
In the past, oil and gas (O&G) companies have attempted to address oil-price declines by resorting to short-term cost-cutting measures to see them through the slump. But this time is different. For one thing, it does not appear that prices will recover any time soon—if at all. Demand is down, and new production technologies are driving efficiencies that will increase production and keep prices low for the long term. This time, O&G firms will need to do more than cut costs – they’ll need to change their operating models through digital transformation.
For the study, we interviewed oil and gas executives, consultants, and analysts in 14 countries about the industry’s challenges, opportunities, and priorities. These experts identified intelligence from data as the key area needed to improve operational efficiency, and data analytics as the No. 1 driver of faster, better decision-making.
Additionally, the survey named faster problem resolution, better process control, and improved worker safety as the top three business benefits of IoE-powered technologies. The top three IoE-driven operational benefits were improved production efficiency, reduced downtime, and equipment performance optimization.
As an industry, oil and gas has been “digitized” for some time. True digital transformation, however, now requires adoption of the Internet of Everything — the networked connection of people, process, data, and things — throughout the value chain. Innovative firms are using today’s turbulent market landscape as an opportunity to grab competitive advantage by harnessing new IoE technologies. Read More »
Tags: analytics, CERAWeek, Cisco, Cisco Consulting Services, data, Digital transformation, GDP, Internet of Everything, IoE, oil and gas, oil price volatility, value at stake
Cisco’s recent survey of 7200 banking customers in 12 countries left me with a crystal-clear takeaway: consumers are ready for the Internet of Everything (IoE) — and they want it now.
But to meet that demand, banks need to assess their own capabilities as they begin to light up their own “dark assets” with network connectivity and embark on the journey to IoE readiness.
In our survey, we tested five key IoE-enabled banking concepts related to advice (virtual financial advice, virtual mortgage advice, and automated financial advice) and mobility (branch recognition and mobile payments). These concepts resonated with customers globally: 75 percent of all respondents would move their money to another provider for one or more of the five concepts. And while the interest is significant everywhere, in emerging markets, respondents are twice as likely to move their money. Read More »
Tags: analytics, banking, CCS, Cisco, Cisco Consulting Services, data, digital, Financial Services, hyper-relevance, innovation, Internet of Everything, internet of things, IoE, IoT
When used wisely, consuming cloud as-a-service (aaS) can dramatically improve business outcomes. Primarily, cloud IT services can promote business agility, reduce expenses, and accelerate time-to-market. They also can provide access to highly trained professionals with focused technical expertise, solving a longstanding problem many IT leaders face with sourcing specialized talent.
Businesses today want speed and flexibility, and cloud IT as-a-service can help them achieve that because they don’t need to procure and deploy hardware and then build, test, and iterate software solutions. Although cloud offerings are attractive because they are readily available and can be deployed quickly, there are several factors to consider when deciding whether to build a solution in-house or outsource it to a cloud provider.
Read More »
Tags: agility, as-a-service, cloud, Cloud Consumption, data, data center, InterCloud, partner, Public Cloud, security, services
During your morning workout at the gym, a device on your arm measures each step and connects with…your bank. By monitoring your healthy lifestyle, the bank can then arrange a lower rate on your health insurance. Later, when walking toward your office, you notice an apartment for sale in a neighborhood you have been scouting for real estate deals. So you point your smartphone at the building to view an augmented-reality image superimposed on the building. In turn, you see the price, square footage, and a live link to your bank’s virtual mortgage advisor.
These kinds of scenarios could become commonplace, once banks embrace the opportunities of the Internet of Everything (IoE) era. While today’s digital consumers demand experiences that are relevant to their current context, many feel that banks don’t understand their needs. Contextual interactions may be common when buying books or streaming movies, but customers sense a “value gap” with their banks. And many are willing to trust disruptive innovators from outside the traditional realm of financial services to fill this void.
Banks can keep pace with customer demand by adopting IoE-enabled solutions that offer expert advice, value-added services and convenience, whenever and wherever customers need them — and do so securely. Wearables and augmented reality are among the more forward-looking innovations that banks should be exploring today. But there are many other ways for banks to reconnect with customers.
In a recent Cisco survey of banking customers in 12 countries, respondents were extremely receptive to five core IoE-enabled banking solutions centered on advice (virtual financial advice, virtual mortgage advice and automated financial advice) and mobility (branch recognition and mobile payments). Seventy-five percent would move their money to another provider for one or more of the five concepts. In emerging markets, respondents are twice as likely to move their money.
Read More »
Tags: analytics, augmented reality, banking, biometrics, CCS, Cisco, Cisco Consulting Services, data, digital, Financial Services, hyper-relevance, innovation, Internet of Everything, internet of things, IoE, Wearables