In the first six months of 2013, 53 percent of cybersecurity incidents were in the energy sector, according to the Department of Homeland Security. As cyber-attacks are becoming increasingly prevalent in industries that support our critical infrastructure, it’s crucial that business leaders adopt security process designed to address these new threats. Are you ready?
While I was at CERAWeek last month, former US Secretary of Energy, Daniel B. Poneman, and Under Secretary, NPPD, US Department of Homeland Security, Suzanne Spaulding had a message to attendees. Their message was clear:
Cyber Security is a “C-Suite” topic of Enterprise Risk Management.
Their recommendations are strong: Security needs to be baked it in from the beginning! Physical and Cyber Security and Secure Coding of Software!
• Implement Layered Protection; we cannot depend on just a perimeter defense
• Apply Cyber Security Framework: 1. Assess, 2. Protect, 3. Detect, 4. Respond, 5. Recover
• Attend to the nexus of Physical and Cyber Security
• Test your response, including business recovery and continuity
Digital strategy and business strategy are becoming one and the same. Forward-looking energy firms see opportunity in today’s turbulent market and seek to pull ahead by changing their operating models through the Internet of Everything (IoE). Transformative digital technologies have to potential to deliver many advantages to O&G firms, including increased business agility and risk awareness, lower cost of operations, and reduced downtime. But before the industry can embrace these new strategies, an effective, end-to-end cybersecurity approach—including alignment between IT and OT—is needed.
Security a Catalyst for Transformation
Digital transformation means that a range of new and diverse devices are connecting to industrial oil and gas networks, generating greater amounts of data. When managed effectively, this data delivers the right information to the right place, at the right time, helping create a competitive advantage. However, as the IoE proliferates, the accompanying explosion of devices and applications will lend itself to increased areas of attack that criminals will seek exploit.
Oil and gas companies must replace traditional approaches like physical segmentation and security by obscurity. They need an integrated approach where information flows in real time to enable immediate action. Cybersecurity doesn’t need to be an inhibitor. It should be the catalyst for new ways of working. It can help oil and gas companies work more safely and better protect the environment by obtaining remote visibility and control over operations, including processes in refineries. It can make processes more efficient, increase production and reduce overall costs.
Addressing the Entire Threat Continuum
Cyber-attacks occur on a continuum of before, during, and after. The same digital hyper-connectivity that oil and gas managers use to collect data and control machines and processes, can also allow cyber attackers to get into system networks and steal or alter classified information, disrupt processes and cause damage to equipment. Threats to a company’s information systems and assets could come from anywhere. State and non-state actors from around the globe are constantly working to penetrate the networks of energy providers and other critical infrastructures in the U.S.
Energy firms must address this entire continuum with a visibility-driven, threat -focused, and platform-based framework:
- Visibility-driven means having an accurate, real-time view of the network fabric, endpoints, mobile devices, applications, virtual environments, the cloud, and their interrelationships. High visibility allows you to make sense of billions of devices, applications, and their associated information, while helping you see an attack coming, control the environment, and mitigate threats.
- Threat-focused means focusing on detecting, understanding, and stopping threats. Policies and controls reduce the surface area of attack, but threats still get through. Focusing on threats can help you identify threats and indicators of compromise based on a well-honed understanding of normal and abnormal behavior. This requires continuous analysis and real-time cybersecurity intelligence across all technologies. With contextual awareness, you can identify false-positives and assess the impact of a threat.
- Platform-based means we have an integrated system of agile and open platforms that cover the network, devices and the cloud. It is a true platform of scalable, easy-to-deploy services and applications. You gain powerful end-to-end visibility with centralized management for unified policy and consistent controls
Securely Converge IT and OT
As oil and gas companies embrace the IoE, they bring together the use of information technology (IT) and operational technology (OT). Security needs to be as pervasive and applied in a unified way across the extended network. Physical and cybersecurity solutions must work intelligently together to reduce unauthorized system access – in order to protect networks, devices, applications, users and data. For example, in many oil and gas companies today, upstream and downstream domains use different solutions for common tasks such as asset performance management. In addition, OT is often managed autonomously from IT, even for critical functions such as reliability and cybersecurity.
Cisco has the broadest set of solutions covering the broadest set of attack vectors, leveraging both global and local intelligence. Cisco’s Secure Ops Solution is helping oil and gas companies secure industrial control networks by combining on-premises technology, processes, and managed services. For example, Royal Dutch Shell (Shell) was challenged with increasing its security maturity level. By implementing the Secure Ops Solution, Shell was able to improve its cyber security and risk management, lowering costs of delivery while significantly reducing its costs of securing the process control systems that keep billions of pounds of toxic material under control. Cisco Secure Ops Solution provides remote proactive monitoring and Service-Level-Agreement (SLA) driven management of security, applications and infrastructure, making it easier to:
• Manage cyber-security risk.
• Support compliance.
• Secure the perimeter between enterprise and operational networks.
• Implement and maintain layered security controls
How can Cisco help your energy organization? Read More »
Tags: Cisco, Cisco Secure Ops, cybersecurity, data, Digital transformation, Energy/Utilities, Internet of Everything, IoE, oil and gas, utilities
Last week, I had the opportunity to present at the DGI Enterprise Architecture Conference & Expo. Specifically, I spoke about enterprise architecture’s role in the convergence of big data, mobility and cloud. Emerging technologies can provide tremendous value to public sector organizations, but these organizations need Enterprise Architecture to transform IT services and deliver operational success and mission outcomes.
According to Gartner, Enterprise Architecture (EA) is a discipline that delivers value to organizations by presenting business and IT leaders with recommendations for adjusting policies and projects to achieve target business outcomes that capitalize on relevant business disruptions. The EA process maps business requirements to the IT capabilities needed to support them, and investments to the value delivered by IT services and their underlying systems, infrastructure and technology.
EA is crucial for organizations looking to capitalize on innovative technology and business opportunities, like the Internet of Everything (IoE) and digitization. Less than one percent of the world’s devices are connected today, but IoE and digitization have the world on the edge of an explosion of connectivity that has the potential to provide enormous value to the public sector. It’s estimated that IoE is a $4.6 trillion global opportunity for public sector organizations over the next decade.
As the number of connected devices and “things” grows, the amount of data produced will increase too. From 2012-2020, the amount of data created is projected to double every 2 years. All this data creates complexity, especially when it comes to transforming that data into valuable information for decision makers. This complexity, along with new business models and strategies, is driving IT transformation. EA can help simplify things and manage the data so that organizations can capture the potential business value of IoE and digitization.
Enterprise architects also need to look at business transitions that are occurring. Trends such as globalization, new opportunities for growth and productivity, and increased security and regulatory compliance are all things to consider. To be successful, architects need to be at the intersection of business and technology, identifying architectures to support specific strategies for their organizations to achieve the business outcomes they want and need.
Most IT departments are confronted with a common set of challenges in the face of these trends. Data center infrastructure and networks have become increasingly complex. As size increases, there is a greater drain on IT resources, resulting in decreased agility and security challenges. Further, rapidly-evolving business needs create the requirement to scale resources up or down dynamically in seconds, not months or hours. IT budgets are not growing to keep pace with these new requirements. Agency IT departments are increasingly running into budget restraints that could limit what they can accomplish. The right architecture strategy can alleviate performance issues, simplify operations and offer the flexibility to adapt when necessary, all within budget.
Organizations’ IT must evolve to address both market and technology transitions. EA can help harness IoE convergence to lower costs, increase efficiencies and improve citizen services. It can also help organizations manage many more devices on their networks. EA is the glue between people, process, data and things. For government agencies, effective EA requires organizational awareness and an understanding of what is working and what is not. It is impossible to achieve a desired future state without organizational awareness.
So how does your organization leverage EA to support business transformation efforts that take advantage of these disruptions? Follow this checklist:
- Consult with both IT and business leadership. EA sits at the intersection of business and technology, and needs to be involved with both sides from the start.
- Understand your desired outcomes and define your to-be environment. Do this before digging into your current state to avoid being influenced by current investments, capabilities and limitations.
- Assess and map your organization’s current IT environment.
- Make a journey map that shows how to get from your current state to your desired to-be environment.
- Implement architecture changes, and continue to iterate and adapt to align your IT infrastructure with your business goals.
The last piece of advice I have is don’t be afraid to fail – with risk comes reward. That said, be deliberate in your planning and consider the risks prior to implementation and seek to unlock the value of connections while protecting your organization from new threats.
Find out how Cisco is supporting the federal government’s Enterprise Architecture initiative
Tags: government, Internet of Everything, IoE, public sector
As technology continues to evolve rapidly, citizens and end-user government employees are reaping the benefits. Government is responding to the growing demand for increased e-services and faster access to data by aligning resources to more adequately support a fully connected world, or as we like to call it the Internet of Everything (IoE).
The Difference between IoE and Convergence
IoE is the networked connection of people, processes, data and things. This extends beyond machine-to-machine communication (often referenced as the Internet of Things) to embrace complete connectivity. By connecting the unconnected, government agencies have the potential to reduce costs, improve operations, enhance employee productivity and improve citizen safety and services. However, to unlock all the benefits of IoE, the first step is convergence.
Convergence is what we refer to as the union of Big Data, Cloud Computing and Mobility. As these pervasive technology megatrends come together—there is a synergy that is created. This allows for a more streamlined, efficient technology environment that bridges the gap between government operations and citizen services.
Convergence and the Public Sector
The idea of benefiting from IoE is often talked about as something far in the future, but in truth, it is already happening today. IoE is making a significant impact across government as organizations begin using converged resources to shape their IT infrastructure.
For example, Hardik Bhatt, Chief Information Officer for the State of Illinois, spoke recently with FutureStructure about how smarter infrastructure is helping to improve the lives of city residents. With smart street lighting systems, cities can save money by eliminating waste, help citizens feel safer and allow local businesses can tap into the connected infrastructure to build apps using the available data and network.
Federal agencies are also tapping into the power of IoE and orchestrating their cloud, big data and mobile environments. Orchestrating the converged ecosystem, the DoD is connecting the battlefield in ways that are fundamentally changing today’s military operations. Enhanced sensor communications are helping the Department of Defense (DoD) improve monitoring, both on and off the battlefield, with systems that communicate across intelligent networks to increase both visibility to threats as well as improving operational efficiency through better decision making ability. Sensor based systems and video have revolutionized remote healthcare services. In addition, General Services Administration Smart Buildings offer improved management and energy efficiency capabilities. Pressure readings and valve adjustments can be done from a network operations center instead of in person and occupancy sensors can be used to provide optimum lighting during daytime while saving energy.
Build Your Convergence Roadmap Today
Convergence is the key to unlocking the true value of the IoE. Governments with converged technology infrastructure environments will enjoy greater agility and efficiency through aligned resources. Those seeking to achieve maximum value from IoE should develop a convergence roadmap that addresses improvements in the underlying cloud, big data, and mobility services that power IoE. This plan should include an assessment of your current technology assets and capabilities, define what you want to achieve with each technology architecture, identify the workflows and process that will be impacted and build an IT strategy that embraces automation and an application-centric approach to ensure the applications and devices in your environment work together.
To learn more about this new age of convergence and how your public sector organization can benefit from the $4.6 trillion opportunity that IoE presents over the next decade, go to cisco.com/convergence. Additionally, check out some top predictions for the IoE era.
Tags: convergence, federal, government, Internet of Everything, IoE, public sector
Valley Children’s Hospital is a nonprofit, state-of-the-art, children’s hospital on a 50-acre campus in Madera, California, with a medical staff of more than 550 physicians. With 356 licensed beds, Valley Children’s Hospital is one of the largest hospitals of its type in the nation. One of the core values the hospital embraces is incorporating new ideas, technology and methods to improve the care and services it provides.
Internet of Everything has led to an explosion of wireless devices in the hospital from patient care to guest access. The following blog highlights how the IT Support and Technical Services staff enable the following business outcomes using best-in-class, highly available wireless technology from Cisco:
- Deliver Emergency Health Records to emergency staff on hundreds of virtual desktops and tablets from the patient’s bedside.
- Keep nurses connected to patients, doctors and staff via Cisco IP Phones and
- Provide free internet access to patients, family members and friends
Location: Main campus Madera, California, with several remote sites from Modesto to Bakersfield Read More »
Tags: 802.11ac, Access Point 3702i, Cisco Mobility, Internet of Everything, IoE, Non-stop Wireless, Valley Childrens Hospital
Partners are a big part of Cisco’s Internet of Everything (IoE) strategy. Over the last few years, we have attracted an impressive ecosystem of world-class partners. Cisco is working with this ecosystem to help countries, cities, industries. and businesses around the globe take the first steps toward becoming digital to capitalize on the value of the Internet of Everything . This week at Cisco’s Partner Summit event in Montreal, there is a lot of energy around the IoE and Cisco’s IoE Digital Platform – an end-to-end solution architecture that makes it easier for our customers to make the digital transformation.
Cisco’s Digital Platform provides our partners with an open, scalable, secure, and manageable environment for integrating their capabilities into our solutions and creates a foundation for global and local partners to meet specific customer needs. Read More »
Tags: Cisco, Cisco Partner, Cisco Partner Summit 2015, Digital transformation, Internet of Everything, IoE, Tony Shakib