Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Digital Energy 2018 Day 2

525 views

Published on

Now in its 5th year, the conference has established itself as the largest annual Digital Energy summit in the country: the event brought together senior IT, Digital and business leaders, providing a unique forum for knowledge exchange, discussion and high-level networking. The programme explored the use of Information Technology in driving tangible outcomes across the organisation, looking at key trends and providing practical insight from an array of industry leaders.

Published in: Technology
  • Be the first to comment

Digital Energy 2018 Day 2

  1. 1. Welcome to
  2. 2. Mark Stephen BBC Scotland @bbcscotland #de18
  3. 3. DI Eamonn Keane, Police Scotland Mandy Haeburn-Little, SBRC @policescotland @MandyHL_SBRC #de18
  4. 4. OFFICIAL: NONE OFFICIAL: NONE OFFICIAL: NONE OFFICIAL: NONE Digit Oil and Gas Cyber Activity Presentation Mandy Haeburn-Little Eamonn Keane May 2018
  5. 5. OFFICIAL: NONE OFFICIAL: NONE • Strategy - A more resilient Scotland/UK ! • What are the threats? • Where does SBRC sit in the landscape? • Who you gonna call? • Incident planning & response!. • Challenges! • Under-reporting & signposting. Agenda.
  6. 6. OFFICIAL: NONE OFFICIAL: NONE OFFICIAL: NONE OFFICIAL: NONE Scotland as a cyber world leader really?
  7. 7. OFFICIAL: NONE OFFICIAL: NONE The Ambition Safe, secure and prosperous: Scotland’s cyber resilience strategy Scotland can be a world leader in cyber resilience and be a nation that can claim, by 2020, to have achieved the following outcomes: i. Our people are informed and prepared to make the most of digital technologies safely. ii. Our business organisations recognise the risks in the digital world and are well prepared to manage them. iii. We have confidence in, and trust, our digital public services. iv. We have a growing and renowned cyber resilience research community v. We have a global reputation for being a secure place to live and learn, and to set up and invest in business. vi. We have an innovative cyber security, goods and services industry that can help meet global demand.
  8. 8. OFFICIAL: NONE OFFICIAL: NONE LEADERS BOARD COMMS DFM PUBLIC SECTOR Private Sector Leadership SKILLS RESEARCH BUSINESS ENABLEMENT Cyber Expert Group for Scotland Business membership groups – SCDI/CBI/IOD/COC/SLTA/STUC/LS (FSB National) Trusted Partners – Cyber Essentials Accreditors
  9. 9. OFFICIAL: NONE OFFICIAL: NONE National Cyber Resilience Leaders Board Development of action plans 1. Learning and skills 2. Public sector cyber resilience 3. Private sector cyber resilience 4. Third sector cyber resilience 5. Systems of advice, support and response 6. Economic opportunity 7. Communications and awareness raising Aligned approach
  10. 10. OFFICIAL: NONE OFFICIAL: NONE Building blocks of SG Private Sector Plan • Cyber Catalysts Scheme • Grading of risk and standards – cyber aware up to NIS supply chain • Public sector framework • Leadership and awareness raising • CISP/SCINET • unregulated sectors and third sector • Innovation and Growth - + Advice Support and resources • Supporting the SME community co-operating nationally and internationally
  11. 11. OFFICIAL: NONE OFFICIAL: NONE Why we do what we do? The Scottish & UK government is committed to making the UK a secure and resilient digital nation. A key aspect of this strategy is through robust engagement and an active partnership between government, industry and law enforcement to significantly enhance the levels of cyber security across UK networks.
  12. 12. OFFICIAL: NONE OFFICIAL: NONE
  13. 13. OFFICIAL: NONE OFFICIAL: NONE
  14. 14. OFFICIAL: NONE OFFICIAL: NONE So how has the threat changed in the last 5 years?
  15. 15. OFFICIAL: NONE OFFICIAL: NONE Scenario 2 – Malware Malware Phishing Ransom- ware Social Engineering Hacker The Usual Suspects!
  16. 16. OFFICIAL: NONE OFFICIAL: NONE
  17. 17. OFFICIAL: NONE OFFICIAL: NONE
  18. 18. OFFICIAL: NONE OFFICIAL: NONE Is this cybercrime?
  19. 19. OFFICIAL: NONE OFFICIAL: NONE
  20. 20. OFFICIAL: NONE OFFICIAL: NONE Saudi Aramco’s Khurais plant. A cyberattack wiped out data on three-quarters of Aramco’s PCs
  21. 21. OFFICIAL: NONE OFFICIAL: NONE In August 2017, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyber attack. The attack was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to sabotage the firm’s operations and trigger an explosion.
  22. 22. OFFICIAL: NONE OFFICIAL: NONE
  23. 23. OFFICIAL: NONE OFFICIAL: NONE
  24. 24. OFFICIAL: NONE OFFICIAL: NONE
  25. 25. OFFICIAL: NONE OFFICIAL: NONE
  26. 26. OFFICIAL: NONE OFFICIAL: NONE Never in Scotland!
  27. 27. OFFICIAL: NONE OFFICIAL: NONE Key questions that all CEOs & CISO’s should be asking this week? • "Are we vulnerable to a cyber intrusion, SQL injection, ransomware or DDoS based attacks?“ • "What assurance activity have we done to confirm that we are not vulnerable?“ • "If we were compromised, would an attacker be able to gain access to unencrypted sensitive data?“ • “Are we satisfied have we engaged sufficient 3rd party security provider?" • “What is our company posture on security?” • “What and how vibrant is your overarching cyber security policy?”
  28. 28. OFFICIAL: NONE OFFICIAL: NONE ORGANISED CRIME
  29. 29. OFFICIAL: NONE OFFICIAL: NONE THE WHAT?
  30. 30. OFFICIAL: NONE OFFICIAL: NONE Scottish Government Police Scotland Scottish Fire & Rescue SBRC CYBER RETAIL AND TOURISM SUPPLY CHAIN Curious FrankSAFER COMMUNITIES BBN RESILIENCE Menu of Services Menu of Services
  31. 31. OFFICIAL: NONE OFFICIAL: NONE PROTECTING BUSINESS Public Good Delivery . . . Police, Fire, Government Advice guidance information sharing State of the Art Commercial Services
  32. 32. OFFICIAL: NONE OFFICIAL: NONE
  33. 33. OFFICIAL: NONE OFFICIAL: NONE IT’S ALL ABOUT THE BASE
  34. 34. OFFICIAL: NONE OFFICIAL: NONE Cyber-security Information Sharing Partnership (CiSP) CiSP is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and dynamic environment, increasing situational awareness and reducing the impact on UK business.
  35. 35. OFFICIAL: NONE OFFICIAL: NONE CiSP Business Benefits • Engagement with Industry and Government counterparts in a secure environment • Early warning of cyber threats • Ability to learn from experiences, mistakes and successes and seek advice • An improved ability to protect your organisation’s network • Access to subject or sector specific content including latest incidents • Improved cyber situational awareness at NO COST to your organisation
  36. 36. OFFICIAL: NONE OFFICIAL: NONE Under this scheme, which is backed by Government and supported by industry, organisations can apply for a badge which recognises the achievement of government-endorsed standards of cyber hygiene.
  37. 37. OFFICIAL: NONE OFFICIAL: NONE Trusted Partners • Launched by SBRC and Police Scotland on 9th February 2017 • Nationally accredited Cyber Essentials Certifying Bodies based or operating across Scotland • Initially 12 independent Certifying Bodies in Scotland, now increased to 20 • Cyber Essentials Approved Practitioners list launched on 31st May 2017 • Nationally accredited to provide Cyber Essentials consultancy and advice but don’t certify • Trusted Partners & Approved Practitioners integral to Scottish Government’s Cyber Resilience Strategy and contributed during the development and consultation phase of Action Plans.
  38. 38. OFFICIAL: NONE OFFICIAL: NONE Cyber Essentials -Trusted Partners 7 Elements Ltd, Linlithgow - www.7elements.co.uk Aggress Ltd, Prestwick - www.aggress.co.uk BC Technologies, Dunoon - www.bc-technologies.co.uk Barrier Networks, Glasgow - www.barriernetworks.co.uk Clark IT, Aberdeen – www.clark-it.com Commissum Associates, Edinburgh - www.commissum.com ECSC Group, Edinburgh – www.ecsc.co.uk Grant McGregor Ltd, Edinburgh – www.grantmcgregor.co.uk ID Cyber Solutions, Glasgow - www.idcybersolutions.com MTI Technology, Livingston - www.mti.com MJD Systems, Moray - www.mjdsystems.co.uk NCC Group, Glasgow & Edinburgh - www.nccgroup.trust Net Defence, Stirling – www.net-defence.com Nethost Legislation, Aberdeen www.nethostlegislation.co.uk Pulsant, Edinburgh – www.pulsant.co.uk Quorum Cyber Security, Edinburgh – www.quorumcyber.com Sapphire, Glasgow – www.sapphire.net Secarma Ltd, Glasgow & Edinburgh – www.secarma.co.uk Seric Systems Ltd, Paisley - www.seric.co.uk Truststream, Edinburgh - www.truststream.co.uk
  39. 39. OFFICIAL: NONE OFFICIAL: NONE PERTH Current Position SCOTLAND’S KNOWLEDGE RESOURCE ST ANDREWS EDINBURGH DUNDEE SCOTLAND’S CYBER CRIME CENTRE SCOTLAND’S CYBER QUARTER LONDON NATIONAL CYBER SECURITY CENTRE GLASGOW FINTECH HUB KILMARNOCK HALO- FUTURE DIGITAL SKILLS CENTRE GARTCOSH LINLITHGOW ORACLE CYBER SCOTLAND BASE PS ABERDEEN CYBER HUB
  40. 40. OFFICIAL: NONE OFFICIAL: NONE So what are the challenges/threats? • Global, international, industrial & automated • Jurisdictional reach & anonymous • Increased criminal opportunities - Anyone can be (or hire) a cyber criminal! • Lack of clear & concise statistical data. • Under reporting • Technological advances provide opportunities but equally increases the threat of cybercrime - The ‘Internet of Things’ • Social media as an attack vector • Disaster Recovery & Business Continuity
  41. 41. OFFICIAL: NONE OFFICIAL: NONE
  42. 42. OFFICIAL: NONE OFFICIAL: NONE Cyber Resilience is thorough Preparation Overarching Cyber Security Strategy! Pre-planned Exercise. Incident Management & Response Plan. Communications Strategy. Investigative Strategy. Incident Manager & Team Gold, Silver, Bronze. Mitigation & Recovery Strategy. Logistics - Contingency
  43. 43. OFFICIAL: NONE OFFICIAL: NONE WHO YOU GONNA CALL
  44. 44. OFFICIAL: NONE OFFICIAL: NONE Reporting of Cyber Incidents • Incident evaluation and early reporting. • Police Scotland 101 – Incident No. & Action Fraud. • Business continuity and impact prime consideration. • ICT response and mitigation. Scene preservation? • Where possible preserve original copies of emails, attachments, device images and logs. • Is there a mandatory obligation to report? • Report to NCSC, Cert UK / GovCert UK . • Report to Scottish Government if appropriate. • Identify point of contact for law enforcement to facilitate enquiries and evidence gathering. • Submit attack details to CISP platform if appropriate share.cisp.org.uk (can assist with mitigation and fix)
  45. 45. OFFICIAL: NONE OFFICIAL: NONE
  46. 46. OFFICIAL: NONE OFFICIAL: NONE Why Curious Frank? We’re Curious. Not just about you but about Cyber Security in general. We’re curious to see what the latest threats are and how they work, we’re curious to find out how to defend against them, we’re curious to learn the latest techniques and put them in to practice to help secure businesses networks. Most of all we’re curious to find out how we can help you. We’re Frank. We’ll tell you in plain and simple terms what we think needs to be done to help protect your business. We’ll tell you in an open and honest manner what we found during our testing and what you can do to rectify any issues. We’re Curious, we’re Frank
  47. 47. OFFICIAL: NONE OFFICIAL: NONE
  48. 48. OFFICIAL: NONE OFFICIAL: NONE SBRC Intentions – building blocks • Keeping skills in Scotland (business) • Developing pipeline for hub and police • CE standards launch and SCiNET (dfm) • SOC concept • Cyber catalyst companies • GDPR trigger • Triaging • Trusted partners • Police scope industry • Commonality of language - 5th utility
  49. 49. OFFICIAL: NONE OFFICIAL: NONE This Photo by Unknown Author is licensed under CC BY-NC-ND SUPPLY CHAIN
  50. 50. OFFICIAL: NONE OFFICIAL: NONE Opportunities & Challenges • End to end order and delivery process • Online vulnerabilities • Supply chain and contractual management • Procurement policies • Premises Assessments • Transport • Post-Brexit
  51. 51. OFFICIAL: NONE OFFICIAL: NONE This Photo by Unknown Author is licensed under CC BY-NC RETAIL
  52. 52. OFFICIAL: NONE OFFICIAL: NONE • On and off-line management of instore process • Warehouse deliveries and management • Information sharing and protocols • Supply Chains • Staff vulnerabilities online trading • International competition • Mainstream Mega 4 competition
  53. 53. OFFICIAL: NONE OFFICIAL: NONE Caution - Your digital footprint!
  54. 54. OFFICIAL: NONE OFFICIAL: NONE Good practical advice!!
  55. 55. OFFICIAL: NONE OFFICIAL: NONE Thank you for listening Any Questions?
  56. 56. Bill Malik Trend Micro @WilliamMalikTM #de18
  57. 57. Securing Generations of IoT William J. Malik, CISA VP, Infrastructure Strategies
  58. 58. What is IoT? • Networked sensors, analytical engines, actuators • Connected non-traditional computing platforms • Industrial Control Systems ICS – Distributed Control Systems DCS – Supervisory Control And Data Acquisition SCADA – Programmable Logic Controllers PLC – Remote Terminal Units RTU – Intelligent Electronic Devices IED – https://blog.trendmicro.com/securing-three-families-iot/
  59. 59. Copyright 2018 Trend Micro Inc.59 Typical DCS ConfigurationProcess Historical Archives Engineering and Operator Workstations Ethernet TCP/IP Micro FCU LAN/WAN Hub SCADA Data ServerField Control Unit PLC I/O Field Devices Field Devices PLC I/O Field Control Unit LAN/WAN HubLAN/WAN Hub LAN/WAN Hub Field Devices Micro FCU Field Devices Operator Workstation Micro FCU SCADA Data Server PLC I/O Field Devices PLCs, RTUs, Other 3rd Party PLCs, RTUs, Other 3rd Party ---- Protocol: TCP/IP, Modbus, OPC, DDE, or Proprietary ---- ---- Connection: VSAT, LAN, WAN, Radio, Microwave -----
  60. 60. What is Information Security? • Information shall not be Lost, Altered, or Inadvertently Disclosed – I.e., Availability, Integrity, Confidentiality • ISO 7498-2, Security across the ISO/OSI Reference Model – Identification, Authentication, Data Confidentiality, Data Integrity, Non-repudiation
  61. 61. Integrating Information Security • Information Security Integrated with SDLC (DevSecOps) • Security Management Integrated with IT/OT Management (Operations) • Actuators (ICS) are out of scope for information security – Industrial processes are not “information”
  62. 62. IoT 0.9 and 1.0 Limitations • Hard-coded credentials (no identification or authentication) • Plain-text communication (no data integrity or confidentiality) • Flat system architecture (no secure kernel) • Simple or no software/firmware update • Minimal logging or alerting • Proprietary networking • Very low power • Sometimes physically inaccessible • Lightweight systems management infrastructure (if any) – XMPP, MQTT, CoAP, 6LowPAN
  63. 63. Securing IoT 1.0 • Restrict to segmented network – Reduce attack surface • Monitor network traffic – Detect unwanted signals • Monitor processor utilization – Detect unwanted processes • Deploy out-of-band sensors – Logging, analysis, reporting • Freeze servers and infrastructure – No updates, no upgrades, no installs
  64. 64. IoT 2.0 Additional Security Capabilities • Secure kernel • Certificate-based communication • Trusted over-the-air updates • Monitoring interface • Management APIs • Vendor liability • Field-replaceable units • Forensically durable logging
  65. 65. Copyright 2018 Trend Micro Inc.65 ARM Platform Security Architecture
  66. 66. Largest IoT 2.0 Challenges • ICS key operational constraints – Real-time responsiveness – Reliability – Non-disruptive failure modes – Safety • DevSecOps integration with IoT methodologies • IT operations integration with ICS operations
  67. 67. Copyright 2018 Trend Micro Inc.67
  68. 68. Case Study: Medical Instruments • Initially little technology in operating rooms • Technological improvements – patient monitors, blood-gas analysis, EKG, EEG, but independent • Introduce networked OR suite, link to hospital IT network … • Wannacry ransomware
  69. 69. Copyright 2018 Trend Micro Inc.69 Wannacry – Taiwan (happened)
  70. 70. Copyright 2018 Trend Micro Inc.70 Medical Implants (could happen) “… adversaries could change the settings of the neurostimulator to increase the voltage of the signals that are continuously delivered to the patient’s brain. This could prevent the patient from speaking or moving, cause irreversible damage to his brain, or even worse, be life- threatening.”
  71. 71. Case Study: Power Generation • Initially hard-wired on site • Technological improvements – sensors, safety systems, but still local • Introduce networked remotely managed operation and oversight • Link to utility corporate network … • Aurora attack: open breaker, close breaker
  72. 72. Copyright 2018 Trend Micro Inc.72
  73. 73. Copyright 2018 Trend Micro Inc.73 SCADA Vulnerabilities from ZDI Over 250 SCADA submissions to Zero-Day Initiative, 2015/2016 • Lack of authentication/authorization and insecure defaults 23.36% • Memory corruption 20.44% • Credential management 18.98% • Code injection 8.76% • Others 28.46%
  74. 74. How Trend Micro Can Help • Monitor network traffic (work and home) • Observe processor utilization • Report software/firmware level • Analyze logs • Integrate with SEIM • Consolidate reporting, management – One pane of glass
  75. 75. Conclusions and Future Work • “History doesn’t repeat itself, but it rhymes.” – We’ve been here before: PC security 1988, LAN security 1992, Internet security 1995, Wi-Fi security 1999, Cloud security • Inventory IoT landscape – Asset management, discovery, categorization • Upgrade weak IoT devices, networks • Support secure IoT architecture • Plan for regulatory mandates
  76. 76. Copyright 2018 Trend Micro Inc.76 References Typical DCS Architecture from “Protecting Industrial Control Systems from Electronic Threats,” Joseph Weiss, Momentum Press, 2010 https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and- exploits/the-state-of-scada-hmi-vulnerabilities Taiwan ransomware attack http://www.cbc.ca/news/technology/ransomware- cybersecurity-hack-conditions-1.4114349 Securing Wireless Neurostimulators. Proceedings of Eighth ACM Conf on Data and Application Security and Privacy, Tempe, AZ, Mar 19, 2018 (CODASPY ’18), 12 pp. https://doi.org/10.1145/3176258.3176310 ARM Platform Security Architecture https://developer.arm.com/products/architecture/platform-security-architecture Sayano Shushenskaya Dam Accident https://www.youtube.com/watch?v=yfZoq68x7lY
  77. 77. Copyright 2018 Trend Micro Inc.77 Thank you! william_malik@trendmicro.com @WilliamMalikTM
  78. 78. Tim Harwood HS & TC @HSandTC #de18
  79. 79. © Siker 2018 Cyber Security Awareness and Business Alignment Tim Harwood CEO Siker © Siker 2018
  80. 80. © Siker 2018 Introducing Cyber The key goal should be to grow your company into a cyber resilient organisation. Implementing a ‘best in class’ cyber security capability to: • facilitate a risk based approach to protect the information and systems; • drive an intelligence-led, agile and proactive approach to current and emerging threats; • drive rapid and adaptable response to cyber incidents and; • embed the necessary cyber security behaviours within the company’s culture. Cyber Security Risk to you Cyber Security risk is (or should be) one of your company’s highest priority Group Risks, comprised of three key elements: • inappropriate access to or misuse of information or systems, • disruption of business activity and • compromise of process automation systems. These risks come from both outside and inside the corporation. Cyber threats are growing rapidly and will continue to evolve. Managing cyber security risk is essential for the long term success. The Goal
  81. 81. © Siker 2018 Constantly Changing Environment Attacks are more sophisticated and harder to detect Cyber Warfare is a credible threat State sponsored cyber espionage Organised cyber crime is a booming industry The rise of Hacktivism GROWING THREAT LEVEL… CHANGING TECHNOLOGY LANDSCAPE... CHALLENGING BUSINESS ENVIRONMENT... The consumerisation of IT and mobile devices Cloud computing and software as a service Eroding corporate perimeter Social Media and generation Y joining the workforce A complex, global technology landscape National Partnerships and Joint Ventures Entry into new geographies More focus on HSSE and building trust in organisations Increased outsourcing Growing regulations for critical infrastructure and privacy
  82. 82. © Siker 2018 Nation states are establishing and improving their cyber capability There is a growing “dark economy” based on cyber crime In this changing environment risk of external attacks can’t be eliminated. A highly resourced and motivated attacker can compromise most defences Hence it is key to be prepared to sense and react to an attack An intelligence-led and agile cyber security approach is essential to respond to current and emerging threats There is a constant arms race in the external cyber environment New attack methods are developed on a daily basis External Threats – the Cyber Arms Race
  83. 83. © Siker 2018 Employees and trusted third parties have higher levels of access Hence internal threats can pose a significant risk: both in terms of malicious and accidental incidents External threats may also materialise through internal means (e.g. coercion, extortion). Often the best external attackers will attempt to impersonate or compromise an internal user Malicious insider risk can’t be eliminated. The risk of a person with legitimate access stealing information or causing damage can only be managed through increased supervision, screening, and access control Therefore, additional lines of defence for the most critical assets are key to protection Minimising the risk of human error through automatic controls and education is a key foundation element Internal Threats – Key Sources of Risk
  84. 84. © Siker 2018 Indicators of Weak Cyber Foundations 84
  85. 85. © Siker 2018 Why is this Happening? 85 There must be serious management of third-party risk Breaches will get more complicated and harder to beat Organisations will have to automate to keep pace Companies need to get firm on BYOD policies Organisations will need to focus on data integrity The IoT and IIoT will have repercussions across industry There will be more security available in the Cloud Organisations must get serious about monitoring Collaboration will be the solution for most aspects of the Supply Chain Cyber Security skills shortage is really taking hold
  86. 86. © Siker 2018 According to the ISA/IEC 62443 glossary, an ICS (or IACS) can be defined as: ‘A collection of personnel, hardware, software and policies involved in the operation of the industrial process and that can affect or influence its safe, secure and reliable operation’ What is an ICS? 86
  87. 87. © Siker 2018 Many Names For the Same Thing 87
  88. 88. © Siker 2018 PAS 555 states… Individuals and Organisations struggle to identify appropriate certifications and skills that demonstrate their ability to effectively mitigate ICS security-related risk A lot of Certifications are targeted at demonstrating and documenting compliance. What is the People part of the Problem?
  89. 89. © Siker 2018 A Workforce capable of identifying anomalous behaviour that may indicate when their ICS environment is under attack Teams who are able to respond to an identified incident in a timely and efficient way in order to best protect the business What Does the Business Want?
  90. 90. © Siker 2018 Culture and The Importance of Behavioural Change Cyber culture embraces and supports innovation and flexibility Historically resists standardisation across its diverse businesses The company is in a journey of change to drive more systematic risk management Additionally, incorrect behaviours can undermine the cyber security defences. There is a need to drive cultural and behaviour change. Incorrect behaviours can pose a risk, while correct behaviours act as a mitigation
  91. 91. © Siker 2018 Presence of the Abnormal Absence of the Normal Look for the ‘Out of Place’ 91
  92. 92. © Siker 2018 A Governance Framework • It is vital that a formal governance framework is established to ensure cyber security risks are identified and dealt with in a consistent and appropriate way. • These risks must be set against the business requirements to align the requirement for an appropriate level of security. • This framework will set out – Clear roles and responsibilities (RACI chart built into job descriptions) – An up to date strategy for managing the cyber security risk – Provides assurance that policies and standards are being followed 92
  93. 93. © Siker 2018 A Multi-layered Response to Cyber Threats INTELLIGENCE REPEL SENSE REACTHACKTIVISTS,ESPIONAGE, CRIMINALS&WARFARE EFFICIENTELECTRONICBUSINESS STILLNEEDSTOFLOW INFORMATION INTERCEPTION ABUSE OF PRIVILEGES UNAUTHORISED ACCESS LOSS/THEFT OF DEVICES PHYSICAL INTRUSION SYSTEM EXPOLITATION TARGETED MALWARE UNTARGETED MALWARE NETWORK ATTACK SOCIAL ENGINEERING BEHAVIOURS NATION STATES MALICIOUS INSIDERS BUSINESS PARTNERS ORGANISED CRIME RECKLESS INSIDERS HACKTIVISTS TERRORISTS 3RD PARTY PROVIDERS CORPORATE RIVALS
  94. 94. © Siker 2018 Strategic Objectives to Grow into a Cyber Resilient Organisation INTELLIGENCE REPEL SENSE REACTHACKTIVISTS,ESPIONAGE, CRIMINALS&WARFARE EFFICIENTELECTRONICBUSINESS STILLNEEDSTOFLOW INFORMATION LEAKAGE INFORMATION INTERCEPTION ABUSE OF PRIVILEGES UNAUTHORISED ACCESS LOSS/THEFT OF DEVICES PHYSICAL INTRUSION SYSTEM EXPOLITATION TARGETED MALWARE UNTARGETED MALWARE NETWORK ATTACK SOCIAL ENGINEERING BEHAVIOURS NATION STATES MALICIOUS INSIDERS BUSINESS PARTNERS ORGANISED CRIME RECKLESS INSIDERS HACKTIVISTS TERRORISTS 3RD PARTY PROVIDERS CORPORATE RIVALS Maintain agile, intelligence led security defences Implement integrated, useable and secure baseline controls Specially protect critical assets Make cyber security part of everyone’s job Develop best in class people and capability Regularly test & assure the defences and response Establish rapid and adaptable response
  95. 95. © Siker 2018 3 Year Roadmap – Indicative 2017 2018 2019 Information Security profession development Develop cyber component of Group Security competency framework Enhance Digital Security organisation and strengthen segment CISO role Increase line-embedded capability Advanced training for top 3 communities Group policy implementation, educate and support Group Leaders Advanced training for top communities in each segment Advanced vetting process Advanced Monitoring Strengthen government and industry ties, Deliver actionable threat intelligence Correlation with access and application data Correlation with physical data IAM foundation IAM advanced Independent review Operational asset assurance Behaviour assurance and practical exercises Architecture for secret (focus on Board and Critical users) PCN foundation controls Extended secret data protection PCN advanced controls Conformance with Continuity policy Strengthen contingencies and recovery provisions for key cyber scenarios Reduce human error data-loss and malware risk Reduce data leakage / theft risk Develop best in class People and capability Make cyber security part of everyone’s job Maintain agile, intelligence led security defences Implement integrated, useable and standard baseline controls Regularly test & assure the defences and response Specially protect critical assets Establish rapid and adaptable response IT&S cyber scenario testing & training Group-wide cyber scenario testing and training Revised based on threat landscape Revised based on threat landscape
  96. 96. © Siker 2018 Cyber Strategy alignment with Business Strategy Relentless focus on safety Playing to our strengths Stronger and more focused Simpler and more standardised More visibility and transparency to value Specially protect critical assets Mapping between Business Strategy and Cyber Security Strategy Regularly test & assure the defences Implement integrated, useable and standard baseline controls Implement integrated, useable and standard baseline controls Specially protect critical assets Establish best in class capability Regularly test & assure the defences Establish best in class capability Maintain agile, intelligence led security defences Make cyber security part of everyone’s job Regularly test & assure the defences Make cyber security part of everyone’s job Specially protect critical assets Establish rapid and adaptable response Maintain agile, intelligence led security defences Maintain agile, intelligence led security defences
  97. 97. © Siker 2018 Strategic Decision Support Framework How preferences inform implementation and investment decisions Area Passive VerifyASSURANCE APPROACH Regularly test the defences and assure that controls are effective. General TargetedAWARENESS & EDUCATION Broad and thin for all users. Narrow and deep for at risk communities. Training needs to be relevant and answer the question ‘What’s in it for me?' Manual Automatic CONTROL TYPE Automate controls that matter most to reduce room for human error Best of Breed IntegratedSECURITY SOLUTIONS Choose simple, integrated, standard solutions. Only select best of breed for critical assets and protection against advanced threats Organisational Position Preferred Emphasis Baseline Controls Critical AssetsSECURITY FOCUS Implement a solid baseline (industry standard) and raise security for critical assets as additional lines of defence (best security) Cost Focus Usability FocusSECURITY COST vs USABILITY Solutions need to be more usable for users to leverage them instead of working around them Rigid Agile DEFENCE BARRIERS Proactively implement flexible controls to respond to the fast changing threats. Never be as agile as the threats, but there is a need to strive for high agility
  98. 98. © Siker 2018 NIS Directive - Why is it Important? • Because most of you are either an OES or supply products/services to one! • Non-compliance may lead to a fine up to £17million • Contains 14 high-level security principles • Objective A Managing Security Risk • Objective B Defending Systems against cyber attack • Objective C Detecting cyber security events • Objective D Minimising the impact of cyber security incidents Includes Objective B6 – Staff Awareness and Training
  99. 99. © Siker 2018 How can we help? • Siker is a GCHQ Accredited Training Organisation (ATO) and currently has a suite of ICS-related training courses and more are in development. • We do Cyber Essentials consulting for your Supply Chain assurance. • We design skills and competency frameworks for your teams so you get the right people with the right skills in the right places.
  100. 100. © Siker 2018 Example Framework
  101. 101. © Siker 2018 Where do you go from here? Understand your current skillset and gaps Keep an eye on what’s coming your way Push your requirements into the Supply chain The aim is not to make staff Security Professionals but to make them professionally secure “In times of change, Performers inherit the earth… while the learned find themselves beautifully equipped to work in a world that no longer exists.” Eric Hofer, 1932
  102. 102. Questions & Discussion #de18
  103. 103. Please check rear of badge for breakouts #de18
  104. 104. Refreshments & Networking #de18
  105. 105. CONFIDENTIAL FOR INTERNAL USE ONLY The IT Resilience Platform Releasing data mobility in the multi-cloud, multi-site world Nick Williams
  106. 106. CONFIDENTIAL FOR INTERNAL USE ONLY ++ Mergers & Acquisitions Move to Cloud Datacenter Consolidation Maintenance & Upgrades PLANNEDUNPLANNED User Errors Infrastructure Failures Security & Ransomware Natural Disasters IT Resilience
  107. 107. CONFIDENTIAL FOR INTERNAL USE ONLY Deliver an always-on customer experience Move with ease and without risk Leverage cloud to accelerate business Workload Mobility Multi-Cloud Agility Continuous Availability Zerto IT Resilience Platform
  108. 108. CONFIDENTIAL FOR INTERNAL USE ONLY One Platform For IT Resilience Multi-Cloud Workload Mobility Non-Disruptive Orchestration & Automation Continuous Data Replication Continuous Data Protection Application Consistency Grouping Journal-based Recovery Long-term Retention Analytics & Control
  109. 109. CONFIDENTIAL FOR INTERNAL USE ONLY IT Resilience Platform Powerful & Resilient Scale-out, compression, throttling Production Site BC/DR Site No Impact Protection and Testing Block-level, no snapshots, no agents Continuous Data Protection Checkpoints in seconds, Recover any to any vCenter VM-Level Replication vCenter Simple Deployment No downtime install in minutes
  110. 110. CONFIDENTIAL FOR INTERNAL USE ONLY Solve for Multi-Cloud Zerto Virtual Replication 6.0 Single platform for continuous availability, data protection and workload mobility to, from, and between multiple clouds.
  111. 111. CONFIDENTIAL FOR INTERNAL USE ONLY Any2Any Mobility Remote Upgrades JFLR for Linux Network Analysis Continued Scalability Multi-Cloud, Hybrid Cloud Zerto Virtual Replication 6.0 Enhanced APIs
  112. 112. CONFIDENTIAL FOR INTERNAL USE ONLY Any2Any Mobility Azure to Azure Failback from AWS Public Cloud to Public Cloud
  113. 113. CONFIDENTIAL FOR INTERNAL USE ONLY Any2Any: Microsoft Azure Intra-Cloud – Region to Region New Azure regions support-Azure Government, Germany, China Replication & Automation On-Premises One-to-Many Bi-directional Replication & Automation New Intra-Cloud Azure Azure
  114. 114. CONFIDENTIAL FOR INTERNAL USE ONLY Replication & Automation Any2Any: AWS Failback from AWS On-Premises S3 • No performance impact • No agents • One experience, One platform
  115. 115. CONFIDENTIAL FOR INTERNAL USE ONLY Any2Any: Multi-Cloud Inter-Cloud – Public Cloud to Public Cloud * Azure to AWS One-to-Many supported Replication & Automation On-Premises Bi-directional Replication & Automation New Inter-Cloud S3 Azure
  116. 116. CONFIDENTIAL FOR INTERNAL USE ONLY Any2Any:Multi-Cloud, Hybrid Cloud One-to-Many On-Premises On-Premises On-Premises Azure Zerto CSPIBM Cloud Azure S3 IBM Cloud Zerto CSP
  117. 117. CONFIDENTIAL FOR INTERNAL USE ONLY One User Experience Across Clouds
  118. 118. CONFIDENTIAL FOR INTERNAL USE ONLY Simplicity Through Automation 4-Click Recovery Process Click Failover1 Select Apps2 Verify3 Start Failover4 FOR INTERNAL USE ONLY || 119 ||
  119. 119. CONFIDENTIAL FOR INTERNAL USE ONLY Zerto Analytics Multi-Site, Multi-Cloud Visibility New Network Performance Analysis New 30 Day Network History API Driven
  120. 120. CONFIDENTIAL FOR INTERNAL USE ONLY Visibility Across Multi-Site, Multi-Cloud Zerto Analytics
  121. 121. CONFIDENTIAL FOR INTERNAL USE ONLY New Live Network Reports Zerto Analytics
  122. 122. CONFIDENTIAL FOR INTERNAL USE ONLY New Live Network Reports Zerto Analytics Network Summary
  123. 123. CONFIDENTIAL FOR INTERNAL USE ONLY New Live Network Reports Zerto Analytics Network Performance History • Throughput-max/avg • WAN Traffic-max/avg • Zoom in to troubleshoot
  124. 124. CONFIDENTIAL FOR INTERNAL USE ONLY New Live Network Reports Zerto Analytics IOPs History • IOPs-max/avg • Zoom in to troubleshoot
  125. 125. CONFIDENTIAL FOR INTERNAL USE ONLY Continued Scalability Support 10,000 VMs within each ZVM / VMware vCenter pair
  126. 126. CONFIDENTIAL FOR INTERNAL USE ONLY Any2Any Mobility Remote Upgrades JFLR for Linux Network Analysis Continued Scalability Multi-Cloud, Hybrid Cloud Zerto Virtual Replication 6.0 Enhanced APIs
  127. 127. CONFIDENTIAL FOR INTERNAL USE ONLY Zerto Virtual Replication 6.0 Solve for Multi-Cloud
  128. 128. CONFIDENTIAL FOR INTERNAL USE ONLY Not just insurance Production Site VM-Level Replication AWS • Hybrid Cloud • Multi-Cloud• One-to-Many
  129. 129. Security & Resilience for next generation infrastructures and the IoT: activities and lessons learned 5th Digital Energy Conference 2018 Aberdeen, 1-2 May, 2018 Dr. Angelos K. Marnerides Lecturer (Assistant Professor) in Computer Networks InfoLab21 School of Computing & Communications Lancaster University angelos.marnerides@lancaster.ac.uk
  130. 130. Outline • Resilience in Systems • Part I : Activities on SmartGrid E2E cybersecurity & resilience – EU EASY-Res – Upside KTP – Showcase: Anomaly detection/power profiling on AMIs • Part II: SCC ICS testbed – cybersecurity & resilience assessment – ICS testbed Architecture – Showcase: Attack detection in ICS • Part III: On large-scale IoT-based attacks – MATI: Macroscopic Analysis of ioT-based Intrusions – Showcase: Botnet scan traffic characterisation
  131. 131. Resilience in systems • System resilience is defined as the ability of a system to maintain acceptable levels of operation in the face of challenges, including: – Malicious attacks, operational overload, misconfigurations equipment failures – Resilience management encompasses the traditional FCAPS (fault, configuration, accounting, performance, and security) functionalities • The Networking group as well as the Security Lancaster Institute in SCC at Lancaster University (since the early 2000s) addresses system resilience in a range of topics such as the backbone Internet, cloud computing, sensor networks, the SmartGrid, ICS and the IoT (national/international research projects, 50+ PhD/MSc/BSc theses).
  132. 132. Part I: Enable Ancillary Services bY Renewable Energy Sources (EASY-RES) - EU H2020, 2018-2021 • Aims: – Develop novel control algorithms for all converter-interfaced Distributed Renewable Energy Sources (DRESs) and enable them to operate similarly to conventional Synchronous Generators (SGs) – Providing damping of transients, reactive power, fault ride through and fault-clearing capabilities • Lancaster contribution – Definition of a novel high-level substrate architecture for interactions in the EASY-RES ecosystem – Development of novel mechanisms for secure and resilient data communication – Provision of data processing, analysis, and visualization to support the Transmission System Operator (TSO) and Distribution System Operator (DSO) operations such as accounting, optimization and control support.
  133. 133. Part I: EASY-RES (cont..) identification of roles stakeholders inside EASY-RES ecosystem their correspond connection with diffe software components. T subtask is closely rel to WP5, but within T the focus lies on softw component side; Analysis of avail communica infrastructure selection of feas communication chan for use within the pro (considering requirements analy This also includes Legend TSO = Transmission System Operator DSO = Distribution System Operator ICA = Individual Control Area μG = micro grid BESS = Battery Energy Storage System DRES = Distributed Renewable Energy Source SDDC = Software Defined Data Centre PKI = Public Key Infrastructure AS = Ancillary Service
  134. 134. Part I: Upside LTD – Knowledge Transfer Partnership • Funding body : Innovate UK, duration: 2 years (2018-2020) • Upside LTD runs a virtual energy store: – Shifting electricity usage from peak to off-peak times – Relieve stress on the grid – Reduce costs and environmental impact • Technology – Use available battery capacity (e.g. UPS capacity) – Interconnect batteries to form a distributed system – A power plant with properties of an IoT application
  135. 135. Part I: Upside LTD – Knowledge Transfer Partnership (cont..) • Goal: – Design & implement a novel, unified security framework that expands the OpenADR protocol, complies with ISO27001 standard and GDPR. • Core technical objectives: – Secure the end-to-end (E2E) interaction of their customers with their cloud-based services and further empower service reliability. → E2E Privacy-aware Public Key Infrastructure (PKI) – Detect in advance any malicious intent throughout the complete E2E communication between the Upside Fleet Devices and the Upside Cloud services. → Anomaly detection under privacy-aware Big Data analytics.
  136. 136. Part I: Showcase: Power consumption profiling & anomaly detection on smart meter data • Consumption from an Advanced Metering Infrastructure “pilot” deployment in the US (440 households in the state of Massachusets in 2016). • Novel mathematical methods on feature composition and data clustering using time- frequency and information theory metrics (i.e., information entropy). 0 5 10 15 20 0 500 1000 1500 2000 0 1 2 3 4 5 6 x 10 4 Renyi Entropy (bits)Mean Frequency Marginals (Hz) MeanTimeMarginals(sec) HC LC EC MC LMC Load altering attack Appliance-level failures Attacks & Failures (320 houses microgrid) v Marnerides, A., K., Smith, P., Schaeffer-Filho, A., Mauthe, A. Power Consumption Profiling using Energy Time-Frequency Distributions in Smart Grids, in IEEE Communication Letters, Processing cost < 1.2 sec Common “bad” clustering Our method
  137. 137. Part II: U. Lancaster Industrial Control Systems Lab • Primarily funded by the GCHQ. • Supported by Fujitsu, Raytheon and Airbus. • 5 active academics, 10 PhD students, 8 MSc students
  138. 138. Part II: ICS Architecture
  139. 139. Part II: Showcase: Attack detection in ICS • Scenario : Load altering through two types of Man-in-the-Middle (MITM) attack.
  140. 140. Part II: Showcase: Attack detection in ICS (cont..)
  141. 141. Part III: Large-scale IoT-based attacks (background) • Large-scale network intrusions/attacks (e.g. DDoS)…. → recently seen as coordinated large-scale IoT-based attacks (e.g. Mirai botnet) → IoT devices : compromised “bots” for a given botmaster • How such devices are initially located? – Customized network scans (shown shortly in the showcase...) – Recently: Hacker-friendly Search Engines (HfSEs) • How attackers hide such scans and themselves? – IP Spoofing over legit IPv4/IPv6 addresses – Darkspace’s unused IPv4/IPv6 address range (a.k.a Internet background radiation)
  142. 142. Part III: Large-scale IoT-based attacks (activities: SCC threat intelligence lab) • Fujitsu have provided: – Equipment and licencing – Technical resource to build the system • Provides a fully isolated experimental environment – Typical honeypot – Experimental networks for malware analysis – Malware teardown and reverse engineering – Automated testing and realistic traffic – IoT testbed integration
  143. 143. Part III: Activities: MATI - Macroscopic Analysis of ioT-based Intrusions • Supported by the GCHQ, Fujitsu, Raytheon • Technical Aims: ➢ IPv4/IPv6 Darkspace & HfSEs measurement & monitoring ➢ Network Traffic Big Data-based Characterization ➢ Service resilience impact prediction ➢ Cloud-based Diagnostic Tool Development (MATIaaS)
  144. 144. Part III: Showcase: Botnet scanning characterisation • Network scans → botnet propagation • Scanning is also a useful NOC tool and may be considered as a legitimate process. • Can we distinguish botnet-related scanning activity from other types? • Approach: Comparison of botnet scans vs. NMAP scans of various types using real network traffic from backbone Internet links (2014-2016). • Method: Multivariate timeseries analysis of flow features under conditional entropy Conclusion: Botnet-related scans are carefully crafted and they look alike in terms of their entropy!
  145. 145. Future Directions • Next generation infrastructures systems have large overlap with – the …”not so smart” yet Grid – Internet of Things (IoT) applications – Industrial Control Systems (ICS) – The Internet backbone • Energy and ICS systems have unique security challenges – Security & resilience impacts on the physical world – Energy systems cannot be shut down – Energy systems are highly distributed – System changes/improvements are challenging Work in this space requires collaboration between industry and academia!
  146. 146. Thank you! Questions?
  147. 147. VICKY GLYNN PRODUCT MANAGER, BRIGHTSOLID 2ND MAY 2018 WHY HYBRID CLOUD MARKS A SEA CHANGE FOR OIL & GAS
  148. 148. 149 TECHNOLOGY TRENDS MADE POSSIBLE BY CLOUD COMPUTING THAT ARE TRULY REVOLUTIONARY HYBRID CLOUD MANAGEMENT ALLOWS ORGANISATIONS TO ACTUALLY DELIVER BUSINESS CHANGE SKILLS & EXPERIENCE WITHIN OIL & GAS WILL ENSURE BARRIERS TO CLOUD CAN BE OVERCOME
  149. 149. 150 INTELLIGENT DIGITAL MESH 2018 TECHNOLOGY TRENDS
  150. 150. 151 SPECIALISED AND PUBLIC CLOUD SERVICES WITH A MANAGEMENT OR ORCHESTRATION LAYER WHAT IS HYBRID CLOUD?
  151. 151. 152 CLOUD REPATRIATION SINGLE VENDOR REGRET MARKET VOLATILITY CLOUD EVOLUTION… OR GROWING PAINS?
  152. 152. 153 ESTABLISHING A STRATEGY IDENTIFYING PARTNERS WORKLOAD MIGRATION & MANAGEMENT PROCESS & VISION TOP CHALLENGES ADOPTING CLOUD*
  153. 153. 154 THE SECOND WAVE OF CLOUD ADOPTION BY MORE CONSERVATIVE AND REGULATED INDUSTRIES* * GARTNER
  154. 154. 155 HYBRID CLOUD IS A JOURNEY NOT A DESTINATION * GARTNER
  155. 155. 156 * GARTNER “TECHNOLOGY GROUNDED IN THE BASICS OF THE OIL & GAS INDUSTRY”
  156. 156. 157 * GARTNER
  157. 157. Welcome Back #de18
  158. 158. Steven Ritchie Baker Hughes GE @BHGECO #de18
  159. 159. Cash Flow Statement Balance Sheet Income Statement
  160. 160. Order Taker Necessary Linkages Mutual Dependency Synchronised Teams True Partner
  161. 161. Angela Mathis Think Tank Maths #de18
  162. 162. Copyright ThinkTank Maths Ltd 2017 Embracing the possible: applying cross-transferable innovation from other industries Angela Mathis Chief Executive Digital Energy 2018 5th Annual Conference 2nd May 2018
  163. 163. Copyright ThinkTank Maths Ltd 2017 New MER Landscape OGA - technology plans, behaviour and R&D spend measurement - Operator evaluation; leader, fast follower, informed buyer - NDR (National Data Repository) https://www.ogauthority.co.uk/media/4807/documentsscottish-oil- club-presentation.pdf ‘ONE’ - vision and leadership OGTC - shared risk investment (50% and in-kind) - JIP opportunities - partner with new capability providers
  164. 164. Copyright ThinkTank Maths Ltd 2017 Accelerating innovation through applied learning from other sectors ….aerospace, defence, transport, health
  165. 165. Copyright ThinkTank Maths Ltd 2017 Data Science, the new ‘god we trust’ or just jargon?
  166. 166. Copyright ThinkTank Maths Ltd 2017 What do all our customers have in common? • Need support in decision-making to drive better outcomes • Huge, unstructured, fast-growing complex datasets …want to find and operationalise the value in their Data • Data analysis …various technics (maths & stats) • Need new tools that are integrated into existing processes – must fit within the system and context of how organisations currently do business …’trusted’, userfriendly, legacy-compatible software
  167. 167. Copyright ThinkTank Maths Ltd 2017 Director, Public Health and Intelligence “In God we trust; all others must bring data.” W . Edwards Deming Public Health Improvement “Data driven action” Example: Health
  168. 168. Copyright ThinkTank Maths Ltd 2017 Population Health Challenge Life expectancy compared with other European countries. Scotland
  169. 169. Copyright ThinkTank Maths Ltd 2017 Benchmarking the energy sector against the digital innovation curve of other industries
  170. 170. Copyright ThinkTank Maths Ltd 2017 Why Digitalisation Now? May 3, Slide 181 Global data generation has increased by 90% in the past two years Processing power costs have decreased by 50 times since 2007 3D printing will increase by 2,000% between 2015 and 2030 The use of digital sensors will grow by 700,000% by 2030
  171. 171. Copyright ThinkTank Maths Ltd 2017 Examples of cross-transferable capability intelligence and application
  172. 172. Copyright ThinkTank Maths Ltd 2017 - Asset Integrity; through-life monitoring and risk assessment (CBM), anomaly detection, root cause analysis, prediction of failure (integrity kick) for timely maintenance - Manage Drilling Operations; dynamic wellbore positioning accuracy, wellbore planning, relief well planning, wellbore stability prediction – preventing troubles while drilling (e.g. avoiding stuck pipe ...) - P&A; identify viable cost savings, predict leakage to surface (HSE compliance) Cross-over capability from Military and Aerospace to the Oil and Gas industry.
  173. 173. Copyright ThinkTank Maths Ltd 2017 TTM’s Trusted Reasoning Architecture (TRA) is a novel mathematical architecture for semi-autonomous (man-in-the-loop) ‘command and control’ decision aids, intelligent cockpit, urban search, drones... (UK Ministry of Defence) TRA-based systems : - non rule-based - learn (capture the world real-time and update their situational awareness), - flag up subtle anomalies in static and real-time sensor data Why ‘trusted’? - they explain their reasoning to the human operator Example : ‘Trusted’ Decision Support Systems with Dynamic Situation Awareness
  174. 174. Copyright ThinkTank Maths Ltd 2017 SiteCom WITSML Server “Real-time” Visualisation Archive CSV Internal Archive Bespoke format “Static data” ServerNominal Field Values BGGM + IFR + IIFR BGS TRA Server ( + Client ) Sensor Data from BHA MWD + LWD Drilling Company TRA Clients Browser “Drill Simulator” Historical Surveys CSV, LAS Trusted Reasoning Architecture (TRA) Example 1: Dynamic System for Wellbore Positioning Quality Control Trusted Reasoning Architecture (TRA) Workflow
  175. 175. Copyright ThinkTank Maths Ltd 2017 Dynamic System for Wellbore Positioning Quality Control Decision support: Output Visualisation Screen and Dashboard
  176. 176. Copyright ThinkTank Maths Ltd 2017 Quality Control from LWD data provides information about the magnetic environment at higher resolution than sparse MWD surveys. • Additional information about geological environment • Provides information to refine magnetic processing methods Dynamic System for Wellbore Positioning Quality Control High Resolution LWD-based Quality Control – Using Different Data
  177. 177. Copyright ThinkTank Maths Ltd 2017 Example 2: Prediction of Well Integrity and Leakage to Surface Intelligent Diagnostic and Decision Support System Optimised Plug and Abandonment
  178. 178. Copyright ThinkTank Maths Ltd 2017 Plug and Abandonment Output Dashboard – Single Well Current Conditions Intervention 2 - 06/11/09 Depth : 15032.1 – 16604.2 Sensors: CBL, Gamma, Acoustic Depth : 6342.3 – 6520.4 Sensors: Gamma, Ultrasonic Depth : 8023.2 – 8198.3 Sensors: CBL, Ultrasonic Depth : 18023.2 – 18198.3 Sensors: CBL, Ultrasonic Geology Integrity TTM Diagnostic Sensor Inputs
  179. 179. Copyright ThinkTank Maths Ltd 2017 P&A Output Dashboard – Single Well Future Conditions Static Integrity Integrity Evolution
  180. 180. Copyright ThinkTank Maths Ltd 2017 Well Current Integrity Predicted Condition Rigless Procedure Q-14 Q-20 Q-17 Q-23 Q-21 Q-16 Q-13 Q-15 Q-10 P&A Output Dashboard – Multi-Well Assessment
  181. 181. Copyright ThinkTank Maths Ltd 2017 The shift from strategy to action implementation
  182. 182. Copyright ThinkTank Maths Ltd 2017 Leadership Domain Experts i.e. operations, engineering, I.T. Maths/Stats capability DATA The Essentials
  183. 183. Copyright ThinkTank Maths Ltd 2017 - Leadership engagement; resource and budget commitment - create an empowered, multi-skilled expert team with a shared vision - partner to fill skills gap (Maths/Stats) - identify and prioritise business issues of strategic importance - agree a project ‘challenge statement’ - define target outcomes; savings, efficiency goals - gather existing data and check what you can do with it Getting started
  184. 184. Copyright ThinkTank Maths Ltd 2017 Fundamental change: avoid siloed teams, siloed data and isolated programmes
  185. 185. Copyright ThinkTank Maths Ltd 2017 Example : New Space or Space 4.0 from Air Traffic Control to Smart Airports and Cities - utilising existing core engineering and I.T. competencies - breaking the traditional organisational and domain expert siloes - creating new (versatile) capability, not (static) products - capturing value and opportunity of ‘data’ - create new working partnerships with innovative small companies (e.g. A.I., data analysis, machine learning, etc)
  186. 186. Copyright ThinkTank Maths Ltd 2017 Removing the blinkers and improving visibility and collaboration
  187. 187. Copyright ThinkTank Maths Ltd 2017 Consortium (JIP) Aspirational Projects are great as a sector call to action, ….it’s the deliverables in the road-map that count Companies can explore ‘the art of the possible’ as a sector – shared ideas, costs & risks Aerospace example: ‘The Conscious Aircraft’ or Digital Twin - CBM, failure detection, root cause analysis, predictive maintenance - pilot decision support (towards single pilot) augmented intelligence - efficient power usage
  188. 188. Copyright ThinkTank Maths Ltd 2017 “It takes courage to take on and recognise new ways of working. There is a need for a breed of sector leaders who are brave, courageous and committed.” Colette Cohen, CEO, UK Oil & Gas Technology Centre November 2016 “Digitalisation requires bold, forward-looking leadership.” Grethe Moen, CEO, Petoro AS - July 2017
  189. 189. Copyright ThinkTank Maths Ltd 2017 Thank you Contact: Angela Mathis, CEO a.mathis@thinktankmaths.com ThinkTank Maths Limited www.thinktankmaths.com
  190. 190. Stephen Ashley OGTC @digitalcloud #de18
  191. 191. • • • • • Using digital technology to drive operating performance
  192. 192. • • • • World Economic Forum -
  193. 193. MER UK Strategy – Central Obligation Relevant persons must take the steps necessary to secure that the maximum value of economically recoverable petroleum is recovered from the strata beneath UK waters.” Oil and gas production over the period 2016–2050 is now projected to total 11.7 billion barrels of oil equivalent (boe) – An extra 2.8 Billion barrels We need to use our data more effectively …….
  194. 194. • • • • • •
  195. 195. • • • •
  196. 196. OGTC Digital transformation themes Using digital technology to drive operating performance Digitally enabled supply chain Smart facilities Optimised production Digital and data architecture Digitally enabled worker Artificially intelligent sub-surface teams Deliver more barrels Become more efficient
  197. 197. • • • • • • • • • • •
  198. 198. Finance IT Business Accounts Service Master BU Services Apps Infrastructure Projects Teams Production Stakeholders R&D Projects Operations Exploration
  199. 199. • • • •
  200. 200. Silicon Valley Data Science Ingest Descriptive Analytics Predictive Analytics Prescriptive Analytics Intelligent Actions
  201. 201. • – • – – –
  202. 202. Data stores Data stores Data stores Dev Ops Cloud Data Science Platforms & API Agile workbench Foundation – Making data infrastructure available Platform – Making data available by building a solid base Data Scientist Data Engineer Domain Expertise Data Science – explore scenarios and answer questions
  203. 203. We inspire, accelerate and fund technology and innovation Driving digital trsnaformation We are all about technology innovation… Inspire Stimulate Accelerate Deliver … working in partnership with industry.
  204. 204. Current project activity 7 projects already underway 14 Proposals under evaluation Direct Approach or Open Call First call for ideas complete: 73 Ideas submitted 4 Projects identified £1.2 million of OGTC funding £1.4 million industry matching
  205. 205. Digital Technology Themes Digitally Enabled Supply Chain Digital Sub Themes Industry Sponsors Artificially Intelligent Subsurface teams Digitally Enabled Worker Smart Facilities Production Optimisation Digital and Data Architecture Industry Owner Value focus Efficiency Task Force Supply Chain Forum • Track & Trace • Integrated Planning • Data Exchange - Standardisation & Collaboration • Vessel Logistics • Applying Data Science • Machine & Cognitive Learning • Alexa for Subsurface • NDR 3.0 • Open application platforms • Wearable Technology • AR/VR workplace support • Digital Assistants • Back Office automation and bots • Upskilling • Digital Twins and 3D model convergence • Remote Operations • IOT and operational data platforms • Condition Based Monitoring • Shell • BP • • Inventory reduction Reduced Duplicate orders Increased Asset Uptime • Smart Optimisers • Well integrity • Production monitoring • Sensor Development • Communication technologies • Cyber security • Data Architecture • NDR 4.0 – Open Data platforms Exploration Task Force Asset Stewardship Task Force
  206. 206. Using digital technology to drive operating performance
  207. 207. = Area of Interest Northern North Sea Area of Interest: • Use Machine learning techniques to identify remaining ‘overlooked pay’ • Use available well data within the AOI • Excludes seismic data for this phase • ~1,200 exploration wells • Up to 7,000 including A&D wells • Mainly log data plus available associated data, e.g. core, reports, etc. Deliverable = • Ranked list of ‘overlooked pay’ opportunities in order of confidence
  208. 208. Approved projects Asset Healthcare and Diligence Assessment using Advanced Analytics Value OGTC / Industry Using predictive technology and behavioural diagnostics to identify human risk SEER - Alarm RCA Application Well Intelligence Application LoRaWAN for offshore Marine Logistics Vessel Optimisation UK Hub - Shared supplier information repository for the UK Oil and Gas Industry Seismic in the Cloud Goal Value driver scoreTRL £86,200 46.42% / 48.46% Fix Today 4 - 6 69% £164,910 £598,000 19% / 81 % 36.46% / 22.92% 38.93% / 57.73% 41.09% / 47.27% 28.73% / 69.75% 37.62% / 60.7% 41.2% / 51.43% £2,170,900 £982,950 £89,900 £27,500 £264,500 Fix Today Fix Today Fix Today Fix Today Fix Today Fix Today MER UK 71.5%4 - 6 5 - 9 4 - 8 7 – 8 3 - 4 6 - 8 6 - 7 71.5% 72% 68.5% 64% 75% TBC Cults Telecom Services Ltd
  209. 209. We need your help! Come and talk to us
  210. 210. Closing Panel Session Steven Ritchie, Baker Hughes GE Stephen Ashley, OGTC Angela Mathis, Think Tank Maths Jackie Doyle, Opportunity North East Emma Perfect, Lux Assure #de18
  211. 211. Questions & Discussion #de18
  212. 212. Digital Energy 2019 30 Apr – 1 May AECC Aberdeen #de18
  213. 213. Conference Close #de18
  214. 214. Security & Resilience for next generation infrastructures and the IoT: activities and lessons learned 5th Digital Energy Conference 2018 Aberdeen, 1-2 May, 2018 Dr. Angelos K. Marnerides Lecturer (Assistant Professor) in Computer Networks InfoLab21 School of Computing & Communications Lancaster University angelos.marnerides@lancaster.ac.uk
  215. 215. Outline • Resilience in Systems • Part I : Activities on SmartGrid E2E cybersecurity & resilience – EU EASY-Res – Upside KTP – Showcase: Anomaly detection/power profiling on AMIs • Part II: SCC ICS testbed – cybersecurity & resilience assessment – ICS testbed Architecture – Showcase: Attack detection in ICS • Part III: On large-scale IoT-based attacks – MATI: Macroscopic Analysis of ioT-based Intrusions – Showcase: Botnet scan traffic characterisation
  216. 216. Resilience in systems • System resilience is defined as the ability of a system to maintain acceptable levels of operation in the face of challenges, including: – Malicious attacks, operational overload, misconfigurations equipment failures – Resilience management encompasses the traditional FCAPS (fault, configuration, accounting, performance, and security) functionalities • The Networking group as well as the Security Lancaster Institute in SCC at Lancaster University (since the early 2000s) addresses system resilience in a range of topics such as the backbone Internet, cloud computing, sensor networks, the SmartGrid, ICS and the IoT (national/international research projects, 50+ PhD/MSc/BSc theses).
  217. 217. Part I: Enable Ancillary Services bY Renewable Energy Sources (EASY-RES) - EU H2020, 2018-2021 • Aims: – Develop novel control algorithms for all converter-interfaced Distributed Renewable Energy Sources (DRESs) and enable them to operate similarly to conventional Synchronous Generators (SGs) – Providing damping of transients, reactive power, fault ride through and fault-clearing capabilities • Lancaster contribution – Definition of a novel high-level substrate architecture for interactions in the EASY-RES ecosystem – Development of novel mechanisms for secure and resilient data communication – Provision of data processing, analysis, and visualization to support the Transmission System Operator (TSO) and Distribution System Operator (DSO) operations such as accounting, optimization and control support.
  218. 218. Part I: EASY-RES (cont..) identification of roles stakeholders inside EASY-RES ecosystem their correspond connection with diffe software components. T subtask is closely rel to WP5, but within T the focus lies on softw component side; Analysis of avail communica infrastructure selection of feas communication chan for use within the pro (considering requirements analy This also includes Legend TSO = Transmission System Operator DSO = Distribution System Operator ICA = Individual Control Area μG = micro grid BESS = Battery Energy Storage System DRES = Distributed Renewable Energy Source SDDC = Software Defined Data Centre PKI = Public Key Infrastructure AS = Ancillary Service
  219. 219. Part I: Upside LTD – Knowledge Transfer Partnership • Funding body : Innovate UK, duration: 2 years (2018-2020) • Upside LTD runs a virtual energy store: – Shifting electricity usage from peak to off-peak times – Relieve stress on the grid – Reduce costs and environmental impact • Technology – Use available battery capacity (e.g. UPS capacity) – Interconnect batteries to form a distributed system – A power plant with properties of an IoT application
  220. 220. Part I: Upside LTD – Knowledge Transfer Partnership (cont..) • Goal: – Design & implement a novel, unified security framework that expands the OpenADR protocol, complies with ISO27001 standard and GDPR. • Core technical objectives: – Secure the end-to-end (E2E) interaction of their customers with their cloud-based services and further empower service reliability. → E2E Privacy-aware Public Key Infrastructure (PKI) – Detect in advance any malicious intent throughout the complete E2E communication between the Upside Fleet Devices and the Upside Cloud services. → Anomaly detection under privacy-aware Big Data analytics.
  221. 221. Part I: Showcase: Power consumption profiling & anomaly detection on smart meter data • Consumption from an Advanced Metering Infrastructure “pilot” deployment in the US (440 households in the state of Massachusets in 2016). • Novel mathematical methods on feature composition and data clustering using time- frequency and information theory metrics (i.e., information entropy). 0 5 10 15 20 0 500 1000 1500 2000 0 1 2 3 4 5 6 x 10 4 Renyi Entropy (bits)Mean Frequency Marginals (Hz) MeanTimeMarginals(sec) HC LC EC MC LMC Load altering attack Appliance-level failures Attacks & Failures (320 houses microgrid) v Marnerides, A., K., Smith, P., Schaeffer-Filho, A., Mauthe, A. Power Consumption Profiling using Energy Time-Frequency Distributions in Smart Grids, in IEEE Communication Letters, Processing cost < 1.2 sec Common “bad” clustering Our method
  222. 222. Part II: U. Lancaster Industrial Control Systems Lab • Primarily funded by the GCHQ. • Supported by Fujitsu, Raytheon and Airbus. • 5 active academics, 10 PhD students, 8 MSc students
  223. 223. Part II: ICS Architecture
  224. 224. Part II: Showcase: Attack detection in ICS • Scenario : Load altering through two types of Man-in-the-Middle (MITM) attack.
  225. 225. Part II: Showcase: Attack detection in ICS (cont..)
  226. 226. Part III: Large-scale IoT-based attacks (background) • Large-scale network intrusions/attacks (e.g. DDoS)…. → recently seen as coordinated large-scale IoT-based attacks (e.g. Mirai botnet) → IoT devices : compromised “bots” for a given botmaster • How such devices are initially located? – Customized network scans (shown shortly in the showcase...) – Recently: Hacker-friendly Search Engines (HfSEs) • How attackers hide such scans and themselves? – IP Spoofing over legit IPv4/IPv6 addresses – Darkspace’s unused IPv4/IPv6 address range (a.k.a Internet background radiation)
  227. 227. Part III: Large-scale IoT-based attacks (activities: SCC threat intelligence lab) • Fujitsu have provided: – Equipment and licencing – Technical resource to build the system • Provides a fully isolated experimental environment – Typical honeypot – Experimental networks for malware analysis – Malware teardown and reverse engineering – Automated testing and realistic traffic – IoT testbed integration
  228. 228. Part III: Activities: MATI - Macroscopic Analysis of ioT-based Intrusions • Supported by the GCHQ, Fujitsu, Raytheon • Technical Aims: ➢ IPv4/IPv6 Darkspace & HfSEs measurement & monitoring ➢ Network Traffic Big Data-based Characterization ➢ Service resilience impact prediction ➢ Cloud-based Diagnostic Tool Development (MATIaaS)
  229. 229. Part III: Showcase: Botnet scanning characterisation • Network scans → botnet propagation • Scanning is also a useful NOC tool and may be considered as a legitimate process. • Can we distinguish botnet-related scanning activity from other types? • Approach: Comparison of botnet scans vs. NMAP scans of various types using real network traffic from backbone Internet links (2014-2016). • Method: Multivariate timeseries analysis of flow features under conditional entropy Conclusion: Botnet-related scans are carefully crafted and they look alike in terms of their entropy!
  230. 230. Future Directions • Next generation infrastructures systems have large overlap with – the …”not so smart” yet Grid – Internet of Things (IoT) applications – Industrial Control Systems (ICS) – The Internet backbone • Energy and ICS systems have unique security challenges – Security & resilience impacts on the physical world – Energy systems cannot be shut down – Energy systems are highly distributed – System changes/improvements are challenging Work in this space requires collaboration between industry and academia!
  231. 231. Thank you! Questions?
  232. 232. VICKY GLYNN PRODUCT MANAGER, BRIGHTSOLID 2ND MAY 2018 WHY HYBRID CLOUD MARKS A SEA CHANGE FOR OIL & GAS
  233. 233. 248 TECHNOLOGY TRENDS MADE POSSIBLE BY CLOUD COMPUTING THAT ARE TRULY REVOLUTIONARY HYBRID CLOUD MANAGEMENT ALLOWS ORGANISATIONS TO ACTUALLY DELIVER BUSINESS CHANGE SKILLS & EXPERIENCE WITHIN OIL & GAS WILL ENSURE BARRIERS TO CLOUD CAN BE OVERCOME
  234. 234. 249 INTELLIGENT DIGITAL MESH 2018 TECHNOLOGY TRENDS
  235. 235. 250 SPECIALISED AND PUBLIC CLOUD SERVICES WITH A MANAGEMENT OR ORCHESTRATION LAYER WHAT IS HYBRID CLOUD?
  236. 236. 251 CLOUD REPATRIATION SINGLE VENDOR REGRET MARKET VOLATILITY CLOUD EVOLUTION… OR GROWING PAINS?
  237. 237. 252 ESTABLISHING A STRATEGY IDENTIFYING PARTNERS WORKLOAD MIGRATION & MANAGEMENT PROCESS & VISION TOP CHALLENGES ADOPTING CLOUD*
  238. 238. 253 THE SECOND WAVE OF CLOUD ADOPTION BY MORE CONSERVATIVE AND REGULATED INDUSTRIES* * GARTNER
  239. 239. 254 HYBRID CLOUD IS A JOURNEY NOT A DESTINATION * GARTNER
  240. 240. 255 * GARTNER “TECHNOLOGY GROUNDED IN THE BASICS OF THE OIL & GAS INDUSTRY”
  241. 241. 256 * GARTNER
  242. 242. BYTES SECURITY PARTNERSHIPS WELCOME TO
  243. 243. WHAT WE OFFER Agility, insight and a personal approach Specialis m Security our Sole Focus for 16 Years Stability Part of multi- billion Bytes Altron Group Expertise Fully accredited engineers & account managers In-house Consultanc y Full Technical Services Portfolio Top Tier Vendor Status Commercial Value & Technical Delivery Unrivalled Support No First line - Escalation Engineers on Every Call
  244. 244. OUR EXPERTISE Network Security Application SecurityContent Security Data Security Access & Authentication Mobile SecuritySecurity Intelligence Breach & Vulnerability Management
  245. 245. OUR EXPERTISE Network Security Application SecurityContent Security Data Security Access & Authentication Mobile SecuritySecurity Intelligence Breach & Vulnerability Management Next Generation Firewall; Endpoint Security; Intrusion Prevention; Network Access Control; Malware/APT Protection Web Security; Email Security; Anti Spam; Content Control; Antivirus Data Loss Prevention; Data Theft Protection; Data Encryption; Data Classification Load Balancing; Denial of Service; Web Application Firewall; Datacentre Security; Cloud Application Delivery Multifactor Authentication; Privileged Accounts; Access Policy Management; VPN; Removables Network Visibility; Anomaly Detection; SIEM; Log Management; Rogue Devices; Internal Threats Attack Detection; Patch Management; Vulnerability Management; Penetration Testing Mobile Threat Prevention; Secure Remote Access; Mobile Device Management; BYOD Security
  246. 246. INDUSTRY LEADING COMPANY FOCUS ON YOUR BUSINESS CHALLENGES EXPERIENCED , QUALITY CONSULTANC Y DIRECT TO ENGINEER – NO FIRST LINE Top Tier Partnerships with World Leading Technology Providers = Value + Insight • Speak to an accredited support expert straight away • Fix in shortest possible time - avoid downtime • Translate business challenges into technical projects • Experience and market insight of security specialist • Proven Track record - 16 years of consistent growth • Specialists in field – 100% security focused • All engineers 5 years+ consulting & support experience • Full engineer engagement in pre-sales & account reviews
  247. 247. SECURITY STRATEGY DEVELOPMENT AND TECHNOLOGY MAPPING ACCREDITED CONSULTANT TECHNOLOGY DELIVERY, INSTALLATION & MAINTENANCE IN-HOUSE DIRECT TO ESCALATION ENGINEER SUPPORT 10X5 OR 24/7 END TO END INHOUSE PROJECT SCOPING, PLANNING AND DELIVERY MARKET & TECHNOLOGY ANALYSIS, PRODUCT UPDATES AND SECURITY ESTATE REVIEWS TRAINING AND KNOWLEDGE TRANSFER SERVICES AND SOLUTIONS WHAT WE OFFER
  248. 248. OUR VALUE PROPOSITION Our Account Services help customers future proof their security estates Regular Account Reviews Licensing Reviews & Rationalisation Regular Product Roadmap updates & events Learning and Knowledge Share Threat Advisory Webinars Consistent Proactive Account Management Security Strategy Days Topical security conferences & seminars Features The result – high customer satisfaction
  249. 249. WHO WE WORK WITH

×