Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Evolution of cyber threats and the development of new security architecture

EY presented at the 22 World Petroleum Congress, focusing on the current cyber threats for oil and gas companies, the impact of new security architecture and the rise of IIOT.

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

Evolution of cyber threats and the development of new security architecture

  1. 1. Evolution of cyber threats and the development of new security architecture Piotr Ciepiela — Executive Director Ernst & Young sp. z o.o. EMEIA OT/IoT Security & Critical Infrastructure Leader, EY Bala V. Venkateshwaran — EY, India
  2. 2. Page 2 Evolution of cyber threats and the development of new security architecture Digitalization’s inexorable march will transform the O&G sector But its full benefits are contingent on effective risk mitigation and harnessing market trends Trends in the oil industry: Increasing emphasis on reducing per barrel lifting cost as industry cuts capital expenditure Dramatic growth in unconventional oil and gas production reliant on technological innovations Increasing pressure to ensure cost competitiveness due to the rise of alternatives such as renewable energy sources Rising complexity of refineries and increasing integration of refining with petrochemicals Digital enablers ► Industrial IoT and increased connectivity improves asset performance management ► Industry value chain integration improves the entire supply chain ► Increased bandwidth and reliability allows for remote control room operations in distant harsh locations ► Advanced analytics allows for both margin improvements and growth strategies enablement Digital risks ► Cyber risks (ransomware, malware, DoS, unauthorized access/control) ► Information security risks (financial information, IP) ► Safety risks (functional safety, process safety) ► The “network effect” multiplies an impact of cyber attacks
  3. 3. Page 3 Evolution of cyber threats and the development of new security architecture The benefits of smart connected assets come with a price We need to learn a lesson from the past looking further into the future 1969 — Arpanet 1989 — world wide web 93/94 — Trojan House Coffee Pot and WearCam 2000–2003 — Big Chill, Cooltown, Internet 1.0, Disappearing Computer 2010 — Google introduces self-driving car Blockchain — distributed ledger 2010 — Stuxnet attack 2016 — Mirai attack 1960 1970 1980 1990 2000 2005 2010 2015 2020 1990 1995 2000 2005 2010 2015 2020 1974 — TCP/IP 1990 — First IoT device — connected toaster 2004 — RFID in US DD Savi and Walmart 3.1 Augmented realityIndustry 4.0 Billions of connected devices Billions of internet users 1999 — Internet of Things term coined by Kevin Ashton 8.7 12 30 2011 — IPv6 Internet Human-to-human connectivity Information assets are targeted Common threats — limited impact Internet of Things Machine-to-machine connectivity Physical assets are targeted Sophisticated threats — very high impact VSUnsolved problems Opportunities to protect
  4. 4. Page 4 Evolution of cyber threats and the development of new security architecture Cybersecurity in O&G faces multiple internal and external challenges It has to shield the entire O&G value chain from threats that are complex and evolving Busines Process Connect Things Communi tech Network &Infra ServicesSuppliers System integrators Support teams Hardware manufacturers Product development Enerprise services Cloud services Analytics services Orchestration services Private network and infrastructure Public network and infrastructure Mobile dev. Instruments Machines Industrial networks Wireless technologies Mesh networks
  5. 5. Page 5 Evolution of cyber threats and the development of new security architecture The O&G sector has made some progress in handling today’s cyber attacks But developing cyber resilience and cyber agility need systemic focus now onward ► Organizations need to take an unconventional approach to meet new challenges emerging. They need to design systems that are safe-to-fail rather than fail-safe! ► Plan for situations where we may need to sacrifice portions of information or operations in the interests of protecting the larger network GISS survey2 of O&G companies shows that only 6% have a robust incident response program and regularly conduct table-top exercises. 46%have had a recent significant cybersecurity incident 22%do not have an incident response plan. Top focus areas where companies plan to spend their cybersecurity budget in the coming year 47%Business Continuity Planning 41%SIEM and SOC3 Components of cyber resilience Sense: see the threats coming Resist: the corporate and operations shield React: recover from unplanned disruption + +
  6. 6. Page 6 Evolution of cyber threats and the development of new security architecture Effective cybersecurity will be essential to benefit from digitization in O&G Increase industry maturity through new capabilities and collaboration Do I really know my OT environment?1 Do I know the risks associated with my OT environment?2 Can I monitor my environment?3 Do I work with my vendors? (SLA, security standards)4 Am I prepared for cyber incidents? (IRP, BC/DR)5 nnn Asset SDLC Identify Protect Detect Respond Recover Engineer 4.0 Leadership Engineering Process automation Cyber security Industrial process
  7. 7. Page 7 Evolution of cyber threats and the development of new security architecture Thank You! Piotr Ciepiela Executive Director, EY EMEIA Advisory Center, OT/IoT Security & Critical Infrastructure Leader Bala V. Venkateshwaran — EY, India
  8. 8. Page 8 Evolution of cyber threats and the development of new security architecture For information visit Ey.com/digitaloil
  9. 9. Page 9 Evolution of cyber threats and the development of new security architecture References 1. Author name(s): EY, Why it’s time to invest in digital oil, EYG no. 03448-164Gbl 1609-2041453, Ernst & Young LLP., 2016, Available at http://www.ey.com/Publication/vwLUAssets/ey-why- the-time-is-right-for-digital-oil-companies/$FILE/ey-why-the-time- is-right-for-digital-oil-companies.pdf. 2. Author name(s): EY, EY 19th Global Information Security Survey 2016–17, EYG no. 01430-174Gbl, Ernst & Young LLP., 2017, Available at http://www.ey.com/Publication/vwLUAssets/ey-oil- and-gas-information-security-survye-2016-17/$FILE/ey-oil-and- gas-information-security-survye-2016-17.pdf. 3. SIEM stands for Security Information and Event Management, SOC for Security Operations Centre.
  10. 10. EY | Assurance | Tax | Transactions | Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. How EY’s Global Oil & Gas Sector can help your business The oil and gas sector is constantly changing. Increasingly uncertain energy policies, geopolitical complexities, cost management and climate change all present significant challenges. EY’s Global Oil & Gas Sector supports a global network of more than 10,000 oil and gas professionals with extensive experience in providing assurance, tax, transaction and advisory services across the upstream, midstream, downstream and oil field subsectors. The Sector team works to anticipate market trends, execute the mobility of our global resources and articulate points of view on relevant sector issues. With our deep sector focus, we can help your organization drive down costs and compete more effectively. © 2017 EYGM Limited. All Rights Reserved. EYG no. 04495-174GBL BMC Agency GA 1005401 ED None This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice. ey.com

    Be the first to comment

    Login to see the comments

  • ThomasBessineau

    Aug. 18, 2017
  • KennethJanoff

    Dec. 6, 2017

EY presented at the 22 World Petroleum Congress, focusing on the current cyber threats for oil and gas companies, the impact of new security architecture and the rise of IIOT.

Views

Total views

2,144

On Slideshare

0

From embeds

0

Number of embeds

856

Actions

Downloads

83

Shares

0

Comments

0

Likes

2

×