Ahead of the 1st International Cyber Security Forum for Energy & Utilities in Abu Dhabi, Guy Meguer, General Manager of Cassidian CyberSecurity in the Middle East, spells out the key risks for energy and utility companies.
The rapid evolution of technology has had many positive effects for oil and gas industrial processes, improving delivery and speeding up efficiency. It has also opened the door to a whole new level of threat from those who wish the industry harm.
The expansion and “personalisation” of technology allows ordinary people to control their lives as never before, but the inevitable side effect is that power no longer lies solely in one place. Innovation and advancement can be achieved outside the centre.
And, more to the point, whilst the average person can secure their online existence by following a handful of simple procedures, the same is simply not true in regard to government, industry or infrastructure.
To protect these entities we need to define a comprehensive set of IT governance and security rules as well as to implement a whole host of up-to-date encryption, threat detection, analysis and response means.
It is against this backdrop that cyber attacks are evolving in both frequency and effectiveness. Just this month we discovered that gas pipelines in the USA have been subjected to an ongoing coordinated cyber attack by unknown hackers. Utilities and entities in the Middle East are potentially just as vulnerable to these exploits and, if they were crippled by a sustained, co-ordinated cyber attack then the consequences for the region could be devastating.
The main risks are IP theft – which normally leads to financial losses and the leaking of sensitive information – and malware attacks, where vital infrastructures and industrial control systems are actually taken over.
Denial of service, involving blocked internet access and therefore the hampering of operational ability and phishing attacks, where employee or customer personal data is tampered with or stolen, is also commonplace.
The biggest problem we have to deal with is that any of the cyber threats detailed above can evolve from a number of different sources.
From nation states through to terrorist groups, ‘hacktivists’, criminal gangs and more conventional hackers, there is no longer a set or defined enemy. And now these differing groups can target the increasingly widespread use of interconnected networks and control systems in oil, gas, power, water and other utilities.
It is harder than ever to anticipate where the next strike is coming from.
The first step to successfully combating these threats is to educate decision makers in the oil and gas industry of the pressing need to enhance their cyber security protection. When an estimated 70% of large companies across all industries have been subjected to some form of cyber attack, an urgent response from the management is required. They must be persuaded of the benefits of investing in the latest technology, to protect their critical infrastructures and assets.
Cassidian Cyber Security provides integrated solutions which protect the totality of a customer’s network – whether that is a local network, a wider area network or entry and regress points to networks. These services include solutions to audit systems, build appropriate architecture, define security procedures, run post-attack forensics, train operators to identify and counter the attacks, as well as continuously monitor the latest discoveries in cyber security.
We develop cryptography and digital identity management programmes and most importantly, are working towards providing security products and services in the form of mobile equipment, which is the next big challenge for the cyber security industry.
As a founder member of the International Cyber Security Protection Alliance, we take our role as a supplier of cyber security products to NATO, the French and UK MoDs and the German government very seriously. We have established a firm footprint in the Middle East region, with the establishment of a Cyber Security School of Excellence at the Sharjah and Abu Dhabi campuses of Khalifa University, and our delivery of ECTOCRYP cryptography products for the United Arab Emirates Armed Forces Command and Control System (ECCS). We are now turning our sights to the oil and gas industry, which requires state of the art solutions to ensure the crucial role it plays in the regional, and indeed global, economy is not unduly tampered with.
The 1st International Cyber Security Forum for Energy & Utilities is taking place in Abu Dhabi between May 21st-24th.
