Cyber-attacks are not new, but the scale of their impact has greatly grown with the proliferation of connected devices and systems that share data, as well as malware designed to target physical assets through these industrial control systems. Think about the consequences of cyber-hackers controlling a portion of a city’s electric grid, as in Ukraine in December. Or hacking into an interstate pipeline distributing oil or gas across a long-haul network, traversing thousands of miles and even borders.
The benefits of industries’ digital transformation are undisputed. In fact, new research from Accenture Strategy ahead of the World Economic Forum in Davos last month found that by optimizing the use of digital skills and technologies we could generate $2 trillion of additional global economic output by 2020.
Digital solutions like the Intelligent Pipeline Solution from GE and Accenture enable pipeline operators to remotely monitor vast networks of assets in real-time and make better and more-informed decisions about pipeline safety and integrity.
Digitally enabled grids are critical to improving our energy efficiency, the reliability of our energy supply and the operations of our grids coping with integrating a rising volume of intermittent renewables and distributed power sources into their networks.
A significant majority of oil and gas executives surveyed by Accenture and Microsoft last year said that investing in digital technologies, even in a low oil price environment, will boost value. But they also said some of the biggest barriers were physical and cybersecurity concerns.
Additionally, more than half of utilities executives surveyed as part of the Accenture Technology Vision 2016, reported their organization has suffered from twice as many privacy or security breaches, compared to two years ago. Nearly four out of five agreed that they are exposed to more risks than they are equipped to handle as a digital business.
So, it’s critical to ensure that the benefits of digitally enabled operations are not outweighed by the increased cyber physical risks.
That means all businesses have to invest in robust security solutions to support their digital transformation strategies and keep hackers at bay on two fronts.
First, there’s the continued risk to IT systems that support a company’s enterprise functions and second, there’s the risk to the operational technology (OT) assets and industrial control systems. Of course, growing IT-OT convergence also means that these threats are becoming one and the same.
So, how can companies capitalize on the vast opportunity of digital in a safe and secure way?
Start with a big-picture strategy of how security efforts support business performance, balancing cost of security with the impact it may have to the business;
Establish effective communication channels and relationships with IT, the business (OT) and outside service providers;
Clearly define roles and responsibilities for teams that manage cyber defense and incident response, including how they need to work together in a breach;
Conduct robust security operations monitoring threat intelligence, technical intelligence and vulnerability management as an integrated continuous process, and;
Enhance and train incident response and recovery teams.
Proactive organizations also include security analytics, advanced defense measures, governance and decision-making issues, and staffing and skills requirements—especially hybrid skills combining IT and OT—and ways to measure success on a comprehensive basis.
Leading energy companies are engaged in IT-OT convergence and cyber planning. In fact, leveraging our recent acquisition of Cimation, an Industrial Internet of Things (IIoT) consulting company focused on process automation, IT and industrial control system cyber security, we are working with one global energy company to design, test and implement security measures across its industrial control systems and IT infrastructure, enabling a more enterprise-wide understanding of cyber threats and how to combat them. This entails implementing technical and procedural controls, and changing people’s mindset and awareness in the OT domain regarding cyber threats’ impact.
Digital technologies should drive any energy-related cyber security discussion. They provide the visibility and control to make industrial systems more resilient in the face of increasing risks.
But as technology continues to evolve, so does hackers’ sophistication, and organizations need to constantly test and improve their defenses. When it comes to energy cyber security, you are never done.