Many of you know about the Cisco Secure Ops Solution that was announced in 2014, and that it has already been adopted by Shell to secure the company’s critical infrastructure, but may not have seen a demonstration or talked with a Cisco subject matter expert about it.
Cisco Live, San Diego, CA, USA
Well, here’s your chance. We have arranged for a booth in the industrial vertical area at the World of Solutions at Cisco Live in San Diego to show just that. We’re pleased to be accompanied by one of Cisco’s security partners to show new features and functionality that takes Secure Ops even deeper into the cybersecurity protection and surveillance arenas.
The Cybersecurity space is getting more and more alarming every day. As my colleague Peter Granger notes, we have gone from the quaint world of Sherlock Holmes…
Sherlock Holmes: I didn’t really ask, Dr. Franklyn, but what exactly do you do here?
Dr. Franklyn: Oh, Mr. Holmes, I’d love to tell you. But then of course, I’d have to kill you.
Sherlock Holmes: That would be tremendously ambitious of you.
…past the pseudo-high-tech world of James bond and closer to a more modern world reminiscent of Kiefer Sutherland’s character Jack Bauer in the TV series ’24’. Today’s Cyber attacks are not just disgruntled employees or simple mischief makers (although that’s bad enough), but can be carried out by powerful crime syndicates and hostile governments.
Now more and more attacks are becoming visible and reported (e.g. Stuxnet like ‘Havex’ malware strikes European SCADA Systems – June 2014) and whether they are a terrorist attack such as the data destruction attacks on Saudi Aramco and on Qatar’s RasGas gas company in 2012 or unintentional (the vast majority of reported cyber incidents are ‘accidental in nature’ as reported by the Repository of Industrial security incidents, 2011), billions of dollars are lost every year because of them. Night Dragon, Shamoon, Flame, and Duqu have joined Stuxnet in the past few years and more will come.
A study by Fox-IT reported that 60 percent of oil and gas companies do not have a cybersecurity incident response plan. In addition, only 11 percent are fully confident that they can address a cybersecurity breach appropriately. Twenty-three percent admitted that they are not actively monitoring their network for potential intrusions.
And, of course, you can also visit us Cisco Live: there you’ll see how the Cisco Secure Ops Solution is relevant to many industries and is helping tackle our customers’ security challenges. A combination of technology, software and services expertise, Secure Ops Solution can help you increase your security response levels significantly – before, during and after an attack, across the entire attack continuum.
Guest Blog by Marcel Cappetti, Managing Director, Oil and Gas, Global Enterprise Theater
I’ve just returned from CERAWeek in Houston—an international event that could be described as “Davos for the energy industry.” It’s a gathering of the power elite, including industry, finance, technology, and government leaders from around the globe. For me, it was the perfect sensing post for all the angst and opportunity that pervades the industry today.
It was my privilege to participate in a panel on “Leveraging Operational Excellence to Drive Margin Expansion”—a key concern of oil and gas (O&G) executives following the crash in oil prices. Too often in previous downturns, companies have relied heavily on deep cost cuts—including massive layoffs and cancelled projects—to keep margins afloat. But this time seems different. There is general agreement in the industry that we will not be returning to $100-a-barrel oil prices any time soon. So it’s time for more than a course correction. It’s time for digital transformation. Digital transformation will drive operational excellence and, yes, margin expansion.
During my talk last week, I shared highlights from a new Cisco study discussing the new reality in O&G and the opportunity for digital transformation through the Internet of Everything (IoE)—the networked connection of people, process, data, and things. Key findings include:
“Operational efficiency of existing projects” and “maintenance of assets and infrastructure” will be the top two areas of increased investment over the next 24 months.
O&G leaders clearly understand data’s potential—they named “data analytics for faster, better decision-making” as the No. 1 driver for IoE investment.
Business transformation—including breaking down organizational silos and converging IT and OT people, processes, and technologies—is essential for digital transformation. According to Cisco’s study, 59 percent of respondents do not believe their IT and OT organizations are aligned.
Companies that transform will have a significant bottom-line impact. Analysis by Cisco Consulting Services shows that by implementing a range of IoE-empowered solutions, oil and gas companies can capture their share of $600 billion of Value at Stake between 2016 and 2025. For a $50 billion firm, this translates into an 11 percent bottom-line (EBIT) improvement.
Cisco can help O&G companies in their journey to digital transformation through the investments we have made in key technologies—such as analytics, data, sensors, wireless, and mesh—and through solutions developed with key partners. For example:
Remote Operations—Developed with GE, our Connected Oilfield solutions increase personnel safety and improve asset integrity with predictive maintenance; real-time analytics at the edge and virtual expert support enable faster and better decisions.
Pipeline Automation—In partnership with Schneider Electric, Cisco’s Connected Pipeline solution uses analytics at the edge to improve security and environmental protection with predictive detection of pipeline intrusion, leakage, and deformation.
Wireless Operations—Developed in partnership with Honeywell and Emerson, this Connected Processing Plant solution improves personnel safety and process efficiency with wireless real-time tracking, video analytics, and automated incident response.
Secure Operations—Industrial cybersecurity solutions improve security and risk management to combat new and evolving cyber security threats, specifically in the process control domain. A good example is a project for Royal Dutch Shell that provides remote proactive monitoring and SLA-driven management of security, applications, and infrastructure. We are working with industrial control system delivery partners such as Yokogawa Electric and Rockwell Automation to support this solution, which Shell plans to deploy at all upstream, downstream, and lubricant sites.
When the price of oil stood at more than $100 per barrel, the need for oil and gas companies to improve operational efficiencies was primarily driven by the competitive marketplace—and many firms took no action at all. Read More »
The key to retail today is customer understanding —where each customer stands on his or her personal shopping journey, whether in-store or out. Retailers must “know” each shopper as never before. And they must offer the kinds of contextual, personally relevant experiences that will optimize their merchandise mix, create faster inventory turns, and drive greater customer engagement.
After all, the typical customer today is mobile, connected, and has heightened expectations. Many are accustomed to a deeper level of real-time interaction from innovative online retailers than from traditional brick-and-mortar stores.
Yet, as a recent Cisco study revealed, offline retailers – or retailers that combine on and offline capabilities – have their own unique advantages – if they step up to the opportunities of the Internet of Everything (IoE) economy. By blending the benefits of the physical store — such as the ability to touch, compare, and try on products — with the benefits of the virtual world, retailers can create a new value proposition that can’t be matched by their online-only competitors. In the process, they not only drive their own industry’s disruption but challenge for market leadership.
In the first six months of 2013, 53 percent of cybersecurity incidents were in the energy sector, according to the Department of Homeland Security. As cyber-attacks are becoming increasingly prevalent in industries that support our critical infrastructure, it’s crucial that business leaders adopt security process designed to address these new threats. Are you ready?
While I was at CERAWeek last month, former US Secretary of Energy, Daniel B. Poneman, and Under Secretary, NPPD, US Department of Homeland Security, Suzanne Spaulding had a message to attendees. Their message was clear:
Cyber Security is a “C-Suite” topic of Enterprise Risk Management.
Their recommendations are strong: Security needs to be baked it in from the beginning! Physical and Cyber Security and Secure Coding of Software!
• Implement Layered Protection; we cannot depend on just a perimeter defense
• Apply Cyber Security Framework: 1. Assess, 2. Protect, 3. Detect, 4. Respond, 5. Recover
• Attend to the nexus of Physical and Cyber Security
• Test your response, including business recovery and continuity
Digital strategy and business strategy are becoming one and the same. Forward-looking energy firms see opportunity in today’s turbulent market and seek to pull ahead by changing their operating models through the Internet of Everything (IoE). Transformative digital technologies have to potential to deliver many advantages to O&G firms, including increased business agility and risk awareness, lower cost of operations, and reduced downtime. But before the industry can embrace these new strategies, an effective, end-to-end cybersecurity approach—including alignment between IT and OT—is needed.
Security a Catalyst for Transformation
Digital transformation means that a range of new and diverse devices are connecting to industrial oil and gas networks, generating greater amounts of data. When managed effectively, this data delivers the right information to the right place, at the right time, helping create a competitive advantage. However, as the IoE proliferates, the accompanying explosion of devices and applications will lend itself to increased areas of attack that criminals will seek exploit.
Oil and gas companies must replace traditional approaches like physical segmentation and security by obscurity. They need an integrated approach where information flows in real time to enable immediate action. Cybersecurity doesn’t need to be an inhibitor. It should be the catalyst for new ways of working. It can help oil and gas companies work more safely and better protect the environment by obtaining remote visibility and control over operations, including processes in refineries. It can make processes more efficient, increase production and reduce overall costs.
Addressing the Entire Threat Continuum
Cyber-attacks occur on a continuum of before, during, and after. The same digital hyper-connectivity that oil and gas managers use to collect data and control machines and processes, can also allow cyber attackers to get into system networks and steal or alter classified information, disrupt processes and cause damage to equipment. Threats to a company’s information systems and assets could come from anywhere. State and non-state actors from around the globe are constantly working to penetrate the networks of energy providers and other critical infrastructures in the U.S.
Energy firms must address this entire continuum with a visibility-driven, threat -focused, and platform-based framework:
Visibility-driven means having an accurate, real-time view of the network fabric, endpoints, mobile devices, applications, virtual environments, the cloud, and their interrelationships. High visibility allows you to make sense of billions of devices, applications, and their associated information, while helping you see an attack coming, control the environment, and mitigate threats.
Threat-focused means focusing on detecting, understanding, and stopping threats. Policies and controls reduce the surface area of attack, but threats still get through. Focusing on threats can help you identify threats and indicators of compromise based on a well-honed understanding of normal and abnormal behavior. This requires continuous analysis and real-time cybersecurity intelligence across all technologies. With contextual awareness, you can identify false-positives and assess the impact of a threat.
Platform-based means we have an integrated system of agile and open platforms that cover the network, devices and the cloud. It is a true platform of scalable, easy-to-deploy services and applications. You gain powerful end-to-end visibility with centralized management for unified policy and consistent controls
Securely Converge IT and OT
As oil and gas companies embrace the IoE, they bring together the use of information technology (IT) and operational technology (OT). Security needs to be as pervasive and applied in a unified way across the extended network. Physical and cybersecurity solutions must work intelligently together to reduce unauthorized system access – in order to protect networks, devices, applications, users and data. For example, in many oil and gas companies today, upstream and downstream domains use different solutions for common tasks such as asset performance management. In addition, OT is often managed autonomously from IT, even for critical functions such as reliability and cybersecurity.
Cisco has the broadest set of solutions covering the broadest set of attack vectors, leveraging both global and local intelligence. Cisco’s Secure Ops Solution is helping oil and gas companies secure industrial control networks by combining on-premises technology, processes, and managed services. For example, Royal Dutch Shell (Shell) was challenged with increasing its security maturity level. By implementing the Secure Ops Solution, Shell was able to improve its cyber security and risk management, lowering costs of delivery while significantly reducing its costs of securing the process control systems that keep billions of pounds of toxic material under control. Cisco Secure Ops Solution provides remote proactive monitoring and Service-Level-Agreement (SLA) driven management of security, applications and infrastructure, making it easier to:
• Manage cyber-security risk.
• Support compliance.
• Secure the perimeter between enterprise and operational networks.
• Implement and maintain layered security controls
How can Cisco help your energy organization? Read More »
In the past, oil and gas (O&G) companies have attempted to address oil-price declines by resorting to short-term cost-cutting measures to see them through the slump. But this time is different. For one thing, it does not appear that prices will recover any time soon—if at all. Demand is down, and new production technologies are driving efficiencies that will increase production and keep prices low for the long term. This time, O&G firms will need to do more than cut costs – they’ll need to change their operating models through digital transformation.
For the study, we interviewed oil and gas executives, consultants, and analysts in 14 countries about the industry’s challenges, opportunities, and priorities. These experts identified intelligence from data as the key area needed to improve operational efficiency, and data analytics as the No. 1 driver of faster, better decision-making.
Additionally, the survey named faster problem resolution, better process control, and improved worker safety as the top three business benefits of IoE-powered technologies. The top three IoE-driven operational benefits were improved production efficiency, reduced downtime, and equipment performance optimization.
As an industry, oil and gas has been “digitized” for some time. True digital transformation, however, now requires adoption of the Internet of Everything — the networked connection of people, process, data, and things — throughout the value chain. Innovative firms are using today’s turbulent market landscape as an opportunity to grab competitive advantage by harnessing new IoE technologies. Read More »