Tigerspike - Cybersecurity and Mobility in the Energy Industry

604 views

Published on

An overview of the cyber security considerations of enterprise mobility and how to address them.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
604
On SlideShare
0
From Embeds
0
Number of Embeds
18
Actions
Shares
0
Downloads
5
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Tigerspike - Cybersecurity and Mobility in the Energy Industry

  1. 1. Cybersecurity and mobility in theEnergy IndustryAdvanced Energy 20131 May 2013Christian Glover Wilson"Vice President, Technology & Strategy"Tigerspike
  2. 2. Cybersecurity and mobility in the Energy IndustryAbstractEnterprise mobility has progressed from email on a BlackBerry to a vastproliferation of personal media devices in the hands of employees, engineersand the end consumers. Mobility is key to how remote teams now collaborateand access files and data with the advent of cloud computing accelerating thatfurther. The distributed nature of energy production and distribution make thiseven more pronounced for the energy industry. This new ecosystem has led to a variety of new cybersecurity threats that needto be understood and prevented. The widespread adoption of smart devicesand the rise of the Internet of Things need to be secured with a combination ofbest practice and technology – protecting but not limiting the continuous pushtowards anywhere and any device productivity.
  3. 3. Rise of MobilityUnderstanding the ThreatsAddressing the ProblemCybersecurity and mobility in the Energy IndustryContents
  4. 4. Cybersecurity and mobility in the Energy IndustryRise of Mobility
  5. 5. Proliferation of Personal Technology DevicesCybersecurity and mobility in the Energy Industry•  As of late 2010, smartphone sales started surpassing thoseof traditional computers. •  “By 2015 shipments of tablets will outstrip those ofconventional PCs such as desktops and notebooks”-GartnerSource: Gartner, April 2013
  6. 6. Proliferation of Personal Technology DevicesCybersecurity and mobility in the Energy Industry•  Tablets will overtake desktop and notebook shipments combined,while ultra-mobiles will grow•  Shift in device preference is coming from a shift in user behavior•  Leads to a bigger embrace of the cloud for sharing and for accessto contentSource: Gartner, April 2013
  7. 7. Enterprise MobilityCybersecurity and mobility in the Energy Industry•  Rapidly growing adoption of BYOD•  Easy to push real-time alerts and crucial messages tousers, based on location•  Can capture vital analytics about usage and devicesused•  Enterprise apps can provide offline access to keepusing the app and entering data, with an automaticsync once the device comes back into range
  8. 8. Enterprise MobilityCybersecurity and mobility in the Energy IndustryMobile devices empower employees to do what they need to do — wheneverand wherever; enterprise mobility is not telecommuting.A rapidly maturing ecosystem of mobile app tools, technologies and platforms.
  9. 9. Internet of ThingsCybersecurity and mobility in the Energy Industry•  Growing network of IP-enabled componentsand appliances•  Meters and devices reporting their usageallowing reactive modeling •  Locks and control devices controlled overthe Internet•  Connected installations managed remotely
  10. 10. Internet of ThingsCybersecurity and mobility in the Energy IndustrySupply/Demand   Alterna1ve   Oil/Gas  Loca%ons   Power  Genera%on,  Transmission  and  Distribu%on  Low  Voltage  Power  Quality  Energy  Management  Solar  Wind  Co-­‐genera%on  Electrochemical  Rigs  Derricks  Well  Heads  Pumps    Pipelines  Devices   Turbines,  Windmills,  UPS,  BaJeries,  Generators,  Meters,  Drills,  Fuel  Cells,  etc.  Every industry has an individual set of uniquelyidentified “things” generating data and able tocontrolled remotely. For example:
  11. 11. The mobile world changes with every new device and set ofdevices. Smartphones and tablets are being joined in the marketplaceby new consumer devices.Wearable and augmented reality products will fast becomewidespread.New DevicesCybersecurity and mobility in the Energy Industry
  12. 12. Mobile device usesCybersecurity and mobility in the Energy Industry•  Voice•  Video•  Data•  Control•  NFC Interaction (RFID, Bluetooth, etc)•  Thin client for cloud-stored data•  BigData aggregation visualization
  13. 13. Cybersecurity and mobility in the Energy IndustryUnderstanding the Threats
  14. 14. The DeviceCybersecurity and mobility in the Energy Industry•  Vulnerable to malware, malicious apps posing as benign apps•  Legitimate apps can allow data loss and data leakage if poorly-written •  Vulnerabilities in Hardware, OS, Application and Third-PartyApplications•  Unsecured or Rogue Marketplaces
  15. 15. The DeviceCybersecurity and mobility in the Energy Industry•  Malware and attacks on mobile devices are on the rise•  Vulnerabilities found almost as soon as a device hits the market
  16. 16. Accidental breaches and device lossCybersecurity and mobility in the Energy Industry•  68% of employees reported that they did not have their devicescleaned when upgrading•  Access and data breaches are the most common results of lostphones... not recovery•  Social engineering tactics lead users to click malicious URLsspammed by trusted sources via SMS, social media and email.
  17. 17. BYOD – Statistics around usageCybersecurity and mobility in the Energy Industry0%   10%   20%   30%   40%   50%   60%   70%   80%   90%  ...user a personal electronic device for work-related functions...who use a laptop for work will connect to the companysnetwork via a free or public WiFi connection...who use a personal device for work have let someone elseuse it...who use personal device(s) for work have not activated theauto-lock feature...who use their personal device for work admit that theirorganizations data and/or files are not encrypted...who use a personal device for work say their organizationhas not implemented a "bring-your-own-device" policy...of employees U.S. adults have been a victim of malware orhacking on a personal electronic device81%31%46%37%33%66%25%
  18. 18. Encryption of DAR and signal Cybersecurity and mobility in the Energy Industry•  Given sufficient time, a brute force attack is capable of crackingany known serial encryption algorithm.•  To crack AES with 128-bit key would take 1 billion billion yearsfor a supercomputer of today.•  Using quantum technology with the same throughput,exhausting the possibilities of a 128-bit AES key would takeabout six months•  Encryption only ever as secure as the implementation
  19. 19. Connectivity weaknessCybersecurity and mobility in the Energy Industry•  Unsecured WiFi and rogue access points add vulnerability•  NFC/RFID has a low threat of breach but can allow mimicry•  Bluetooth defects allow "eavesdropping and caller "identification
  20. 20. Mobility introduces all these threatsCybersecurity and mobility in the Energy Industry
  21. 21. Internet of ThingsCybersecurity and mobility in the Energy Industry•  Increases exponentially the quantity ofsystems that will have to be protected•  Route of data to the provider is obviousweakness•  Multiple points of failure•  DDoS attacks on individual appliances•  Introduce vulnerability to associated financialrecords
  22. 22. WearableCybersecurity and mobility in the Energy IndustryNew devices means new threats and freshcyber security considerations
  23. 23. Cybersecurity and mobility in the Energy IndustryWearable
  24. 24. Cybersecurity and mobility in the Energy IndustryAddressing the Problem
  25. 25. Cybersecurity and mobility in the Energy IndustrySecuring the Device
  26. 26. Securing the DeviceCybersecurity and mobility in the Energy Industry•  MDMNotification, access control, quarantine, selective wipe•  MAMAuthentication, storage control, copy/paste limitation•  Data and apps•  Event monitoring•  Keep OS updated
  27. 27. People are demanding to use their owngadgets in their jobs. Trying to thwartthem is futileThe Economist92% of Fortune 500companies are testing or deployingthe iPad Tim Cook, CEO AppleWhen young employees first comeacross business-application screens,they scream in horror Willem Eelman, CIO UnileverEnterprise MobilityCybersecurity and mobility in the Energy Industry
  28. 28. Enterprise MobilityCybersecurity and mobility in the Energy Industry•  BYOD vs COPE (Corporate owned,personally enabled)•  Clear policy required•  Control non-work device use
  29. 29. Encryption•  Invest in parallel solutions, be prepared forQuantum Computing•  Encrypt data stored to cloud storage•  Encrypt any sensitive data stored on the deviceas well as while being transmitted•  Pay attention to key exchange•  Harden networksCybersecurity and mobility in the Energy Industry
  30. 30. Internet of ThingsCybersecurity and mobility in the Energy Industry•  Assume each device or appliance is the weakest part ofthe system•  Protect data captured even if it caches on the device orlocal network•  Consider remote control locks as insecure as thoseoperated locally•  Have lock passwords change"frequently and on demand to"allow temporary access
  31. 31. Securing mobile devicesCybersecurity and mobility in the Energy Industry
  32. 32. Christian Glover Wilson
Vice President, Technology & Strategy"christian.gloverwilson@tigerspike.com+1 917 310 5249"San Francisco875 Howard Street"6th Floor"San Francisco, CA 94103"+1 415 562 4001"sanfrancisco@tigerspike.comNew York133 W 19th St"7th Floor"New York, NY 10011"+1 646 330 4636"newyork@tigerspike.comContact meSan Francisco New York London Dubai Singapore Sydney Melbourne

×