The Colonial Pipeline incident in the spring of 2021 changed every security conversation in midstream oil and gas. It prompted very disruptive security regulation from the TSA, affecting all midstream operators in the U.S., but it also created awareness in the whole energy industry that security is now a formal requirement. So what does compliance mean and what does “being secure” look like?
The primary principles of secure operations remain the same whether they are regulated or not. Three requirements that keep coming up in conversations about secure operations are as follows.
Visibility of Asset Posture and Activity
In the energy industry acquisitions are a way of doing business. This collection of acquired pipelines, plants, and production assets usually leaves each company with a very diverse collection of assets. As a result, the inventory of control system assets, instrumentation, and communication assets is also very diverse. Keeping an updated inventory of all assets and their security vulnerabilities is nearly impossible.
In reality, an incomplete view of asset security posture can provide significant attack opportunities to bad actors without being detected. Asset inventory and visibility is foundational to a strong security practice.
Strong Risk Mitigation
Cyber risk mitigation is where most of the money has been spent. This spending has included firewalls, endpoint security, malware detection, behavior analytics, and many more tools. Because there are so many mitigation tools to choose from, a systematic approach is very helpful to ensure maximum risk mitigation.
A Response Plan
With stronger regulation around reporting incidents, we are all more aware of how common security breaches are. This makes a response plan essential. The plan articulates which experts get called in to assess damage and restore operations. It also identifies a methodology for communication, reporting, and other post incident action items.
Security has become a necessary companion to the benefits of digital operations. They exist in lock step on the journey to safe, agile, and responsive operations.
Cisco has established itself as a leader in IT security over the last nine years, integrating at least ten major acquisitions into a single solution suite with comprehensive capabilities. In the last few years, Cisco has leveraged this integrated capability into the operations side of heavy industry. Cisco also leverages tools that address OT visibility, risk mitigation, and incident response.
The most significant challenge to implementing great asset visibility solutions has been the cost of deploying software at the edge to analyze local behavior. Cisco has integrated this capability into their network infrastructure so one device can provide data switching and routing, as well as an agent to report on asset conditions and behavior. This simplifies deployment and reduces the cost of a parallel infrastructure.
Systematic risk mitigation is an involved process that includes a careful assessment of communication flows that are most critical to the operation. In each flow, every device and operator introduces possible risk. There are a lot of tools that help assess and mitigate risk. The design of an optimal security framework and operation is the key.
Cisco has service teams, partners, and security tools that make this mitigation process very effective.
A good response plan ensures teams and tools are at the ready for quick action. Cisco has service teams, partners, and security tools on standby for quick action. The response tools are integrated into the visibility and mitigation tools, so security operations personnel are not learning new systems in a time of crisis.
As a leader in security, Cisco is ready to work with customers to assess, mitigate, and respond to your security requirements. Across It and OT, Cisco uses a world class, integrated approach to securely protect your assets. For more information on how Cisco can help your organization, reach out to your Cisco account team or connect with the energy team directly through the following links.