THE ENERGY INDUSTRY TIMES - AUGUST 2017 Investing more energy in cyber security the capability to detect, conduct security analytics, respond, and quickly recover. Business continuity is imperative,” he said. Connectivity and interconnectivity bring increased risk across the whole energy value chain – from upstream to distribution and retail. Data flows from the field to the control room and to the enterprise network. Key for companies who want to strengthen their defences against cyber attacks is not only securing the data that sits in the control room environment but also securing the data at the edge. Simonovich explained: “You have to think about what data needs to travel where.” He cited the December 23, 2015 cyber attack that left homes in Western Ukraine without power for several hours. “For five hours the operator did not know he was experiencing a cyber attack. As a result, 225 000 homes lost power in the middle of winter.” One year later Ukraine was attacked again. On December 17, 2016, a power outage affected Kiev just before midnight, resulting in an hourlong blackout. Ukrenergo said the incident led to the loss of about onefifth of Kiev’s power consumption. Cyber security is not just about reacting to isolated incidents. When business continuity is critical, such as with power and electricity supply, it is just as critical to protect against the persistent threat of cyber attacks. As Although there has been a growing awareness of the importance of cyber security, the seriousness of the threat was thrust into the global spotlight in May with the Wannacry ransomware attack. It was reportedly the biggest cyber attack in history, with one security software supplier observing 57 000 infections in 99 countries. Notably, the UK’s National Health Service (NHS) was severely affected, including 40 hospital trusts. Operations and appointments were cancelled and ambulances diverted. Hackers demanded payment to restore access to vital medical records. Other big names such as Spanish telecom giant Telefonica and international shipper FedEx Corp in the US were also infected. The power sector did not escape damage. WannaCry attacked computers at the West Bengal power distribution company in India. Officials from West Bengal State Electricity Distribution Company (WBSEDCL) detected the malicious software (malware) at four of its offices. The WannaCry attack served as an important reminder for key infrastructure sectors, such as power and energy, to strengthen their cyber defences. Siemens has long recognised the gravity of the danger posed by the growing cyber threat to the power sector. Leo Simonovich, Vice President of Global Cyber Strategy at Siemens, noted that it is a “topthree issue” for customers. “Among all sectors, energy is the most attacked,” he said. The threat has largely been brought by digitalisation. Digitalisation in the energy sector brings a convergence of information technology (IT) and operational technology (OT) connectivity so that data can travel from the field to the control room to the enterprise network. The crossover between IT and OT has underscored the need for a unique set of solutions. According to a recent independent study conducted by the Ponemon Institute, the OT side is significantly more vulnerable to a cyber attack than the IT side, and breaches have a much bigger impact. “OT, which is everything outside the enterprise network, is the new frontier for the cyber risk.” Simonovich noted that attacks against OT have increased six-fold over the past few years, from five per cent to 30 per cent today. The Ponemon study revealed that nearly 70 per cent of US oil and gas cyber managers said their operations have experienced at least one security compromise within the past year, resulting in the loss of confidential information and OT disruption. This upsurge in attacks led Siemens and Atos, a global leader in digital services, to increase the scope of an alliance the two companies formed in 2011, which creates one of the largest strategic relationships between a global engineering company and a global IT provider. The two companies are now leveraging their portfolios to help US utilities and the oil and gas industry establish an integrated and seamless first line of defence against cyber-attacks. The cyber risk is greater on the OT side than to IT for several reasons. As legacy assets are digitalised, connectivity also grows. This leads to a larger attack surface that is harder to secure. Also, attackers are looking for new areas to penetrate, where they can extract additional cost out of the system. “When we think about the impact of an attack against the OT environment, things like ransomware become a lot more powerful,” said Simonovich. Finally, increased competitiveness in the power and oil and gas sectors has led to “lots of different bad actors looking to go after the environment”. Simonovich insists, however, that greater connectivity also creates endless opportunities for optimising operations. And it gives an organisation greater visibility into its assets and operations, and therefore greater ability to detect and respond to an attack. It is safe to say that most companies face 2-3 attacks a year, according to Simonovich. “This means that the possibility of a successful attack is 100 per cent. Companies must develop Special Supplement With digitalisation and decentralisation becoming more widespread in the energy sector, cyber attacks are on the rise. As a global company with expertise in operational technology, Siemens is well placed to deliver cyber security solutions to the industry. Junior Isles
Energy Industry Times July 2017
To see the actual publication please follow the link above