Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers
Siemens Energy, Saudi Aramco and the World Economic Forum launched a cybersecurity playbook for the oil and gas industry. The report, “Cyber Resilience in the Oil and Gas Industry Playbook”, establishes a blueprint for boards and business leaders to evaluate cyber risk and enhance cyber resilience across the industry.
Our MissionIn strengthening their cyber defenses, we navigate our customers through the complex relationship between their information technology (IT) and operational technology (OT) environments. We deliver clarity and focus to help our customers make better decisions. We keep our customers safe with our in-depth market knowledge and comprehensive set of solutions along the full value chain.
Transforming the energy industry with AI
For oil and gas companies, digital transformation is a priority—not only as a way to modernize the enterprise, but also to secure the entire energy ecosystem from the increasing threat of cyberattacks.
The rapid advancements propelling the energy transition are in large part due to the deployment and connection of information technology (IT) systems, which revolutionized the wider economy in past decades, to the operational technology (OT) that controls physical energy assets through automation, remote operations and digital commands. The wave of digitalization across the energy industry is producing business efficiencies, reducing costs and cutting emissions for energy companies around the world. But managing and securing the complexities of this digital ecosystem requires artificial intelligence (AI) to provide context and visibility across industrial operating environments that generates billions of data points each day.
As energy companies continue to optimize automated systems, control operations remotely, and ensure the affordable and reliable delivery of energy to customers, they must increasingly put AI-driven technologies at the center of their business model to secure digital operations from cyberattacks. This MIT Technology Review report, Transforming the Energy Industry with Artificial Intelligence, gathers insights from leading practitioners in the oil and gas sector to better understand how global companies are applying advanced digital technologies to both improve efficiency and protect themselves from cyberattacks — and why AI is the key to unlocking and securing the energy transition.
Illuminate. Secure. Empower.
The energy industry is in the midst of a technological revolution -- enabling a more distributed and interconnected ecosystem where both old and new energy technologies are armed with digital capabilities that will allow for increased resiliency. Over the next two years, 2.5 billion industrial devices will be brought online and connected to energy assets and critical infrastructure. Each new digital connection can make utilities, energy companies, and critical infrastructure operators more vulnerable to cyberattacks. To realize the full promise of the energy transition, innovative cyber solutions must be implemented by utilities of all sizes to provide the monitoring and visibility necessary to protect the grid at-large.
Siemens Energy’s Managed Detection and Response (MDR) powered by Eos.ii™, is a built-for-purpose service that provides full visibility into the operating environment, and equips entities with the expert context needed to most effectively to detect and respond to attacks. MDR powered by Eos.ii leverages both AI and machine learning with human operational expertise to reduce the risk of successful attacks and secure the future of energy.
Siemens Energy and SparkCognition have partnered to offer a new, revolutionary cybersecurity system — DeepArmor Industrial, fortified™ by Siemens — to protect the energy industry’s endpoint operational technology by leveraging artificial intelligence to monitor and detect cyberattacks. This new collaboration draws on SparkCognition’s award- winning machine learning technology and Siemens’ global cybersecurity and energy equipment expertise to define a new category in endpoint cybersecurity.
The innovative AI-driven system will deliver next-generation antivirus, threat detection, application control, and zero-day attack prevention to endpoint power generation, oil and gas, transmission and distribution assets, which for the first time brings fleet level cybersecurity monitoring and protection capabilities to the energy industry. Learn more about the solution here:
Cyberattacks now threaten the core value proposition for energy companies. Digitized operating technologies make an attractive target for a host of actors whose objectives range from financial gain to sheer disruption; and today a cyber arms race is the new normal for utilities and its suppliers. As digital technologies spread through and add value to energy infrastructure, attacks will continue to escalate in frequency and sophistication.
Explore the cyber challenges and opportunities facing the utility industry.
With a more than a 170 year legacy of building and securing critical infrastructure, Siemens stands ready to assist utilities in enhancing their security, detecting anomalies, and responding to threats before damage occurs. This white paper offers an example of an attack against a fictional electric utility, as it manages an unfolding crisis and illustrates how IR planning can make a difference in reaching the least disruptive outcome.
The survey results show that risk is worsening, with potential for severe financial, environmental and infrastructure damage. Industry-wide, readiness is uneven and has common blind spots. In particular, this report highlights the unique cybersecurity requirements for Operational Technologies (OT), and the importance of distinguishing between security for OT and security for Information Technology (IT). This remains a major challenge for many organizations across the industry.
Industry leaders can, and should, check their organization’s readiness and implement solutions that keep up with the proliferation of connected technologies and protect existing brownfield environments.
Siemens Energy Collaborates with ServiceNow to Enable Precision Defense Against Cyber Threats Targeting the Energy Industry
Understand your cyber strengths and weaknesses
What you will get:
Findings report that includes both a critical gap summary and a roadmap for recommended remediation
industrial espionage and
attacks from malicious software
Protect your perimeter, review your security and deploy regular malware updates
Firewall assessment and patch management
What you will get:
Findings and recommendations for heightened security; malware pattern updates and management
Reduce business risk
by minimizing exposure
to cyber intrusions
Increase your preparedness to respond to a security event or cyber attack
Incident response planning and testing
What you will get:
Detailed plan on how to respond to and remediate cyber attacks, including emergency procedures, roles, and resources
Gain the capability for real-time detection and prevention of security threats
Security event monitoring system
What you will get:
Real-time monitoring by collecting and parsing security logs
Cybersecurity has become top of mind for energy companies – here is why:
Together we are signing for cybersecurityIn order to keep pace with continuous technological advances in the market, as well as threats from the criminal world, businesses and governments must coordinate their actions in a targeted manner. That is why we are joining together to protect our democratic and economic values against cyber and hybrid threats. In this charter, the signing partners outline the key principles we consider essential for establishing a new charter of trust between society, politics, business partners, and customers.
As a global leader in industrial control room systems, we help our customers protect their complete operating environment, from the field to control to the enterprise network.
What are the challenges you face in building a cyber defense program?
Do you fear that connectivity makes you more not less vulnerable to cyber attacks?
Many energy companies keep their networks unconnected because they believe this makes them cyber secure.
This misguided strategy will fall victim to more successful attacks, from inside and outside.
Connectivity gives you visibility which provides insight.
Do you lack understanding of what assets to protect?
Many companies do not know what assets and devices exist on their OT networks.
This limits their understanding of where their infrastructure is most vulnerable.
Do you have a shortage of in-house OT cyber expertise?
Most energy companies have focused on building up their IT cyber capabilities. But these cannot be simply deployed into the OT environment because of differences in the systems, data, devices, and critical dependencies.
Because of this inattention to OT, cybersecurity experts who can secure complex, aging, and interdependent infra-structure are hard to find.
Do you have older legacy systems with exposures and vulnerabilities that are difficult to protect?
OT systems are older than IT systems.
OT equipment, which can last decades, is often developed with proprietary systems that have exposures and vulnerabilities difficult to protect.
Are your security monitoring and response capabilities adequate?
Even if a company detects a potential intrusion into its OT cybersecurity environment, it may lack the plans or capabilities to respond effectively.
Do you need a multi-vendor cyber solution?
Cyber solutions must apply across multiple vendors to provide a single, seamless cyber program.
If you say “yes” to one or more of the questions above, you are not alone. For energy companies, the probability of a cyber attack is nearly 100%.
Overcoming the fear of connectivity is essential because the benefits of digitalization are too great. Organizations must focus on agility and resiliency so they can respond when – not if – they are attacked.