2011 11 09 Larry Clinton BrightTalk Webinars Evolution of Cyber Threats and Pub Policy
Evolution of cyber threats and the development of new security architecture
-
Upload
ey -
Category
Environment
-
view
891 -
download
0
Transcript of Evolution of cyber threats and the development of new security architecture
Evolution of cyberthreats and thedevelopment of newsecurity architecturePiotr Ciepiela — Executive Director
Ernst & Young sp. z o.o.EMEIA OT/IoT Security & Critical Infrastructure Leader, EY
Bala V. Venkateshwaran — EY, India
Page 2 Evolution of cyber threats and the development of new security architecture
Digitalization’s inexorable march will transform the O&G sectorBut its full benefits are contingent on effective risk mitigation and harnessing market trends
Trends in the oil industry:
Increasing emphasis onreducing per barrel liftingcost as industry cuts capitalexpenditure
Dramatic growth inunconventional oil and gasproduction reliant ontechnological innovations
Increasing pressure to ensurecost competitiveness due tothe rise of alternatives suchas renewable energysources
Rising complexity ofrefineries and increasingintegration of refining withpetrochemicals
Digital enablers
► Industrial IoT and increased connectivity improvesasset performance management
► Industry value chain integration improves the entiresupply chain
► Increased bandwidth and reliability allows for remotecontrol room operations in distant harsh locations
► Advanced analytics allows for both marginimprovements and growth strategies enablement
Digital risks
► Cyber risks (ransomware, malware, DoS, unauthorizedaccess/control)
► Information security risks (financial information, IP)► Safety risks (functional safety, process safety)► The “network effect” multiplies an impact of
cyber attacks
Page 3 Evolution of cyber threats and the development of new security architecture
The benefits of smart connected assets come with a priceWe need to learn a lesson from the past looking further into the future
1969 — Arpanet 1989 —world wide web
93/94 — Trojan HouseCoffee Pot and WearCam
2000–2003 — Big Chill, Cooltown,Internet 1.0, Disappearing Computer
2010 — Googleintroducesself-driving car
Blockchain — distributed ledger
2010 — Stuxnet attack
2016 — Mirai attack
1960 1970 1980 1990 2000 2005 2010 2015 2020
1990 1995 2000 2005 2010 2015 2020
1974 — TCP/IP1990 — First IoT device —connected toaster
2004 — RFID inUS DD Saviand Walmart
3.1
Augmented realityIndustry 4.0
Billions ofconnected devices
Billions ofinternet users
1999 — Internet of Thingsterm coined by Kevin Ashton
8.712
30
2011 — IPv6
Internet
Human-to-human connectivity
Information assets are targeted
Common threats — limited impact
Internet of Things
Machine-to-machine connectivity
Physical assets are targeted
Sophisticated threats — very high impact
VSUnsolvedproblems
Opportunitiesto protect
Page 4 Evolution of cyber threats and the development of new security architecture
Cybersecurity in O&G faces multiple internal and external challengesIt has to shield the entire O&G value chain from threats that are complex and evolving
Bus
ines
Pro
cess
Con
nect
Thin
gsC
omm
uni
tech
Net
wor
k&
Infra
Ser
vice
sS
uppl
iers System integrators
Support teams Hardware manufacturers
Product development
Enerprise services
Cloud services Analytics services
Orchestration services
Private network and infrastructure
Public network and infrastructure
Mobile dev.InstrumentsMachines
Industrial networksWireless technologiesMesh networks
Page 5 Evolution of cyber threats and the development of new security architecture
The O&G sector has made some progress in handling today’s cyber attacksBut developing cyber resilience and cyber agility need systemic focus now onward
► Organizations need to take an unconventional approach to meet new challenges emerging. They need to designsystems that are safe-to-fail rather than fail-safe!
► Plan for situations where we may need to sacrifice portions of information or operations in the interests of protectingthe larger network
GISS survey2 of O&G companies shows that only
6%have a robust incidentresponse program andregularly conducttable-top exercises.
46%have had arecent significantcybersecurity incident
22%do not have an incidentresponse plan.
Top focus areas where companies plan to spend theircybersecurity budget in the coming year
47%Business Continuity Planning
41%SIEM and SOC3
Components of cyber resilience
Sense: see the threats coming
Resist: the corporate andoperations shield
React: recover from unplanneddisruption
+
+
Page 6 Evolution of cyber threats and the development of new security architecture
Effective cybersecurity will be essential to benefit from digitization in O&GIncrease industry maturity through new capabilities and collaboration
Do I really know my OTenvironment?1
Do I know the risks associatedwith my OT environment?2
Can I monitor my environment?3
Do I work with my vendors?(SLA, security standards)4
Am I prepared for cyberincidents? (IRP, BC/DR)5
nnnAssetSDLC
Identify
Protect
Detect
Respond
Recover
Engineer4.0
Leadership
Engineering
Processautomation
Cybersecurity
Industrialprocess
Page 7 Evolution of cyber threats and the development of new security architecture
Thank You!Piotr CiepielaExecutive Director,EY EMEIA Advisory Center,OT/IoT Security & Critical Infrastructure Leader
Bala V. Venkateshwaran — EY, India
Page 8 Evolution of cyber threats and the development of new security architecture
For information visitEy.com/digitaloil
Page 9 Evolution of cyber threats and the development of new security architecture
References
1. Author name(s): EY, Why it’s time to invest in digital oil, EYG no.03448-164Gbl 1609-2041453, Ernst & Young LLP., 2016,Available at http://www.ey.com/Publication/vwLUAssets/ey-why-the-time-is-right-for-digital-oil-companies/$FILE/ey-why-the-time-is-right-for-digital-oil-companies.pdf.
2. Author name(s): EY, EY 19th Global Information Security Survey2016–17, EYG no. 01430-174Gbl, Ernst & Young LLP., 2017,Available at http://www.ey.com/Publication/vwLUAssets/ey-oil-and-gas-information-security-survye-2016-17/$FILE/ey-oil-and-gas-information-security-survye-2016-17.pdf.
3. SIEM stands for Security Information and Event Management,SOC for Security Operations Centre.
EY | Assurance | Tax | Transactions | Advisory
About EYEY is a global leader in assurance, tax, transaction andadvisory services. The insights and quality services we deliverhelp build trust and confidence in the capital markets and ineconomies the world over. We develop outstanding leaderswho team to deliver on our promises to all of our stakeholders.In so doing, we play a critical role in building a better workingworld for our people, for our clients and for our communities.
EY refers to the global organization, and may refer to one ormore, of the member firms of Ernst & Young Global Limited,each of which is a separate legal entity. Ernst & Young GlobalLimited, a UK company limited by guarantee, does not provideservices to clients. For more information about ourorganization, please visit ey.com.
How EY’s Global Oil & Gas Sector can help your businessThe oil and gas sector is constantly changing. Increasinglyuncertain energy policies, geopolitical complexities, costmanagement and climate change all present significantchallenges. EY’s Global Oil & Gas Sector supports a globalnetwork of more than 10,000 oil and gas professionals withextensive experience in providing assurance, tax, transactionand advisory services across the upstream, midstream,downstream and oil field subsectors. The Sector team worksto anticipate market trends, execute the mobility of our globalresources and articulate points of view on relevant sectorissues. With our deep sector focus, we can help yourorganization drive down costs and compete more effectively.
© 2017 EYGM Limited.All Rights Reserved.
EYG no. 04495-174GBL
BMC AgencyGA 1005401
ED None
This material has been prepared for general informational purposes only and is notintended to be relied upon as accounting, tax, or other professional advice. Pleaserefer to your advisors for specific advice.
ey.com