Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study

October 7, 2014
Coden-MacLeod
ICS-CERT-JWG, Idaho National Laboratory, October 7, 2014. By Michael Coden and Pete MacLeod. Copyright © 2014 NextNine Inc. and Accenture. All rights
Scalability of ICS
Cyber Security
By:
Michael Coden, CISSP, Vice President, NextNine Inc.
Pete MacLeod, Senior Manager, Accenture
October 7, 2014
Idaho National Laboratory
Idaho Falls, ID, USA

October 7, 2014
Coden-MacLeod
ICS-CERT-JWG, Idaho National Laboratory, October 7, 2014. By Michael Coden and Pete MacLeod. Copyright © 2014 NextNine Inc. and Accenture. All rights reserved. 2
Introductions
Michael Coden, CISSP
Vice President
• 30+ years experience in Cyber Security for
Critical Infrastructure Systems
• Research Affiliate at MIT-(IC)3, the M.I.T.
Interdisciplinary Consortium for Improving
Critical Infrastructure Cybersecurity
• Co-Architect of NextNine Secure Remote Site
Cybersecurity Automation Suite
• Co-architect of Real Time Operating Systems
used in Industrial Automation
• Contributor to ISA/IEC 62443-2-3 IACS Cyber
Security Standard
• Received Letter of Appreciation from the White
House for leadership on the NIST Cybersecurity
Framework.
• BSEE, MIT; MSBA, Columbia University; MS
Applied Math, Courant Institute of Mathematical
Sciences, NYU.
Pete MacLeod
Senior Manager – ICS Security
• 30 Years experience in the Oil & Gas Industry
• Data Acquisition, horizontal drilling, production
engineering & systems optimization
• Experience in United States, Canada, Gulf of
Mexico and South America
• 15 Years Designing, Deploying and
Commissioning field data capture, SCADA &
DCS
• 7 Years Industrial Automation & Control
Systems Security
• Contributor to ISA/IEC 62443-3-3 IACS Cyber
security standard

October 7, 2014
Coden-MacLeod
• Pete MacLeod will walk through a real live case study with actual
results
• Michael Coden will illustrate how centralized OT Cybersecurity
automation results in: improved cyber security, time savings, and cost
savings
How we are going
to do it:
Presentation Goals, and Plan of Attack
• Scalability of a security solution,
• Control Systems Security Project team and Run & Maintain
organization
• Reduce dependence upon rare hard to develop skill sets
• Minimize the Zero Day window of vulnerability
• Reduce the mean time to respond & remediate incidents
We would like to
provide an
understanding of
We plan to illustrate
significant time savings,
security enhancements
& cost reductions in
implementing ICS
cyber security
• How to scale and leverage the limited skill sets
• How to quantify savings and start building reasonable budget
estimates
• Control Systems Security Project team and Run & Maintain
organization
We hope to provide
you with an
understanding of:

October 7, 2014
Coden-MacLeod
Alignment to Cybersecurity Standards
ISA – International Society of Automation
ISA/IEC 62443 Series
International
2007 – Present
US – CERT
Vulnerability monitoring for industrial systems
US
NERC
Critical Infrastructure Protection (CIP) Standards
US
American Petroleum Institute
API 1164 Pipeline SCADA Security
US
NIST – US Department of Commerce
NIST 800-82 Guide to Industrial Control System Security
US
2011
Consensus Audit Group – SANS 20 Critical Controls
SANS 20 Critical Security Controls v5.0
US
2014

October 7, 2014
Coden-MacLeod
5ICS-CERT-JWG, Idaho National Laboratory, October 7, 2014. By Michael Coden and Pete MacLeod. Copyright © 2014 NextNine Inc. and Accenture. All rights
Case Study of Encana Corporation
A Mid-Size Oil and Gas Producer

October 7, 2014
Coden-MacLeod
ICS Cyber Security Case Study – Actual Example
Identify what you have
Classify what you haveScope of Encana North American Operations Project:
Operations criticality
• Approximately 10% of all
of the Servers, Hosts and
devices were classed as
critical to operations
Safety Rating
• Approximately 7% of the
systems were classed as
SIS level systems
30 Plants and Facilities with:
• 154 Servers, 490 Hosts, 2,500 WinCE Devices L1 – L3
(Excludes WinCE in L0)
• 1,800 of Ethernet Enabled Devices direct networked
• 60 Terminal Servers, 80+ media convertors
• 44 WAP’s or Wireless Mesh (plus 18 unidentified &
unsecured WAP’s)
52 Fields across Colorado, Wyoming, Texas, BC,
Louisiana, Michigan, Alberta, Nova Scotia with:
• 150+ Microwave backhaul Wireless hops & 1000’s of
SCADA Radios
• 30,000+ Wellheads plus 100’s of pipeline custody
transfer meters
• Each Wellhead having from 3-5 devices on average
(~90,000 – 150,000 devices)

October 7, 2014
Coden-MacLeod
Encana – 30 Plants & 52 Fields:
– We Examine a Typical Facility in Detail
Property or Plant SCADA Plant DCS
Fort Nelson BU
Deep Basin BU
Cutbank Ridge Plant #1A XXXXXX XXXXXXXXX
Cutbank Ridge Plant #1B XXXXXXXXX
Cutbank Ridge Plant #1B Field XXXXXX
Cutbank Ridge Plant #2 CygNet DeltaV
Kakwa XXXXXX
Bissette XXXXXX
Resthaven XXXXXX
Sexsmith XXXXXX XXXXXXXXX
Carrot Creek XXXXXXXXX
Cutbank XXXXXX
Edson West XXXXXX
Clearwater BU
North Rockies BU
South Rockies BU
Mid-Continent BU
1 of 5 Plants
and 9 Fields In
1 of 6 Business
Units

October 7, 2014
Coden-MacLeod
Encana Cutbank Ridge Plant #2:
– ICS Asset Inventory Included 19 Types of ICS Systems
Gear On Site
Control System Site
XXXX = 50+ Devices
XXX = 10+ Devices
XX = 3-9 Devices
X = 1-2 Devices
Primary
WAN
Link
Router
Switch
WirelessRadioTx/Rx
IP-SerialConverter
CorpDC
CorpMP
CorpAppServer
Printing
VoIP
Desktops
HMI's
Workstations
EngineeringStations
SCADAand
EndcontrolDevice
UPS
SCADAServer
PortServer
PlantDCSCluster
PIDataCollector
SpaceConstrained
PowerConstrained
Cutbank Ridge Plant #2 5 Mbps XX XX XX XX X X XX XX XXX XX XX X XXXX X Cyg X DV X
Swan (A-33-I) 6 Mbps X X X X X X X X X
A-33-I Riser 2 Mbps X X X X X X
C-19-H 3 Mbps X X X X X X X XX X
B-29-H 600 Kbps X XX X X X X XX X
1310F 100 Mbps X X X X XX X X
1310G 100 Mbps X X XX X X
1310H 100 Mbps X X XX X X
C-5-G 3 Mbps X X X X X X XX X
B-38-I 3 Mbps X X X X X X XX X
D-29-A 3 Mbps X X X X X X XX X
A-100-B 1 Mbps X X X X X X X X X
D-27-B 3 Mbps X X X X X X XX X
A-85-G 1 Mbps X X X X XX X X X

October 7, 2014
Coden-MacLeod
Comparison of Manual vs. Automated
Asset Inventory

October 7, 2014
Coden-MacLeod
Step 1 in Securing ICS Systems: Inventory
– Know what you need to protect
Identify what you have
Classify what you haveIdentify what you have
Operations criticality
• How critical is this
equipment to the
operations?
Safety Rating
• How critical is this
equipment to the health
and safety of the
operations, employees,
and nearby civilian
locations?
Plant Inventory and walk down
• Windows, Unix, & Linux: Servers & Hosts
• Embedded devices Embedded Linux and Windows CE
• Ethernet enabled PLC’s, RTU’s, and devices
• Networking equipment
• IP – Serial Media Convertors
• WAP’s, Wireless Meshes, etc.
Field Inventory and walk down
• All of the above plus:
• Wireless field communication gear (e.g.: Microwave
backhaul, PTP, PMP
• Inventory of remote unmanned stations

October 7, 2014
Coden-MacLeod
Step 3: Rebuild existing
networks
Step1: As built Drawings
for existing systems
networks
• Rebuild the network
– Segment the network
according to Perdue
principles
– Minimize IP
Readdressing to
eliminate operations
impacts
– Work within operational
work permitting process
& procedures
• As built drawings were
woefully inadequate
–Years out of date –
representative of “as
designed”
– 100’s of systems/devices
had been added but not
documented.
• Develop As Built
Drawings
– 2 Network Engineers 4
weeks in the Plant
–2 Network Engineers 8
weeks in the associated
fields
Initial Walk-through and Inventory – Manual
– Showed: Lack of, and need for, As-Built Documentation
Step 2: Design secure
network segmentation
baseline
• Redesign a segmented
network along the Basic
Perdue model
– Existing networks
typically designed by
operations and ICS
vendors rather than
skilled ICS network
engineers
– Segment into zones and
conduits based on
ISA/IEC 62443
– Classify zones based on
operational risk
assessment

October 7, 2014
Coden-MacLeod
• The As-Built drawings are created from the Asset Inventory DatabaseStep 4: Documentation
• An engineer installs a Virtual Security Engine (VSE) –- time to install
< 30 minutes
• The VSE is connected securely to a Central OT Security Center
staffed with experts
• The VSE then auto-discovers and creates a database inventory of
approximately 100 devices per hour (compared to a manual inventory
of 1-2 devices per hour)
• The VSE discovers all devices connected to the network (no matter
in what closet or drawer they are hidden ).
We would like to
provide an
understanding of
Step 1: Before the initial
walk-through
• Then engineer does a walk through to verify all auto-discovered
devices
• Simultaneously, the engineer uses a utility installed on a secure laptop
to inventory “islands” that are not connected to the network
• The engineer answers questions from the centralized secuirty experts
• The engineer collects certain “manual only” data
• The laptop then uploads its data to the VSE
Step 2: Walk-through
with auto-discovered
data, and laptop
discovery of islands
• The VSE securely uploads the complete inventory to a Security
Center database in a regional or corporate headquarters data center
Step 3: Auto-creation
of asset database
Initial Walk-through and Inventory – Automated
– Auto-Discovery of Assets, Auto-Creation of Database

October 7, 2014
Coden-MacLeod
Comparison of Manual vs. Auto Inventory Time and Costs
(For 1 of 30 Plants)
Function
Manual
Engineer
Time
Automated
Engineer
Time
Manual
Cost
Automated
Cost
Install VSE Software 0 30 minutes ~$40,000
Discover Networked
Devices
24 Weeks
for ~ 8000
devices
80 hours for
~8000
devices
$252,000 $0
Verify Auto Discovery included 4 weeks $42,000
Auto-Discover Islands Included 1 week $10,500
Enter Manual Information Included 1 week $10,500
Create As-Built Drawings 2 weeks 2 weeks $14,000 $14,000
Total Initial Inventory 26 weeks 8 weeks $266.000 $117,000
Elapsed Time 10 weeks 2 weeks
Ongoing Inventory Update Not Done
~1
hour/week
$266,000 <$500/week

October 7, 2014
Coden-MacLeod
Modified Perdue Model:
- Greater Security
- Lower Cost
- Secure Remote Connectivity
- Cyber Expert Centralization

October 7, 2014
Coden-MacLeod
Basic Perdue Model:
– How Cyber Security needs vary by level
Real Time
0 – 25ms
Near RT
25 – 50ms
SIS
0-15ms
0%
10%
20%
30%
90%
100%
100%
90%
80%
70%
10%
0%
LE V E L
0
LE V E L
1
LE V E L
2
LE V E L
3
LE V E L
4
LE V E L
5
IT OT

October 7, 2014
Coden-MacLeod
Typical Actual Perdue Model Implementation:
– A “Swiss Cheese” of Remote Access Exceptions

October 7, 2014
Coden-MacLeod
Limiting the Attack Surface While Implementing DID
– Centralization of OT Cyber Security Improves DID
Design your baseline with Defence in
Depth (DiD)
• Implement Perdue model with level
segmentation via firewall with routing
controls
– Proper configuration and maintenance on
Firewalls and ACL’s
– Dropping the firewall and disabling ACL’s is
not an accepted solution to connectivity
issues
• Build and commission a DMZ at level 3.5 for
IT services, agents, patch management etc.
– Virtualization can help solve space and power
constraints
– Virtualization requires proper design,
configuration and tuning
– Connect the DMZ to the Central Security
Operations Center via secure tunnel
– All communication with the remote site should
go through a single, well defended tunnel.
DiD Issues
• Scaling for large companies
– Centralized security experts
– Centralized patch management and AV
consolidation – by vendor, product, model,
version
– Remote distribution of patches and signature
files to plant and field site DMZ servers
– Remote monitoring for Intrusion Detection,
Event Detection
• Scaling for small companies
– Shared resources for effective use of limited
skill sets
– Cross training operations staff, IT staff, and
contractors

October 7, 2014
Coden-MacLeod
A Single, Carefully Protected, Outbound-Only, Remote Connection Provides
Complete Security, with the Advantages of Centralized Experts & Scalability
Manage Connectivity from Remote Site to Central Site Properly
– Single Firewall Rule = The Most Security & Easiest to Manage

October 7, 2014
Coden-MacLeod
A Single Firewall Rule: One-Port, Outbound Only
– Mutual Two-Factor M2M Authentication
Virtual Security Engines:
-Use one port, outbound only.
-All remote connectivity is through this
single outbound only connection.
-FIPS 140-2 Compliant & TLS Encrypted.
Remote Site A
Remote Site B
Remote Site C
Secure Center
– Data is compressed, encapsulated, encrypted.
– No possibility of VPN bleed, or fake
connections.
– A secure multipurpose tunnel to remote sites.
Certificate
Something I know
Certificate
Something I know
Certificate
Something I know
Certificate
Something I know
Finger Print
Something I AM
Finger Print
Something I AM
Finger Print
Something I AM
Finger Print
Something I AMFinger Print
Something I AMFinger Print
Something I AM

October 7, 2014
Coden-MacLeod
Secure Remote Access – Site Engineers Have Control
– Cyber Security Experts are “Virtually On-Site” in Seconds
“Virtual Security Engineers:”
– With Remote Access, view what your remote site
is seeing on their system
– Remote Site controls granting of access
– An invaluable training aid
Remote Site A
Remote Site B
Remote Site C
Secure Center
End-customer approves
remote access
VSE Interface

October 7, 2014
Coden-MacLeod
Adapted Perdue Model – Single Port for All Remote Access
Virtual
Security =
Engine
Single
Protected
Entry Point

October 7, 2014
Coden-MacLeod
Minimizing Attack Surfaces – Manual
– Turn off and remove all unused ports and services
Network
Equipment
Capabilities
Systems Services
Baseline Imaging
• Remove any
unnecessary
firewall rules
• Close all
unnecessary
ports
• Windows Hosts
Services
• UNIX & Linux
Daemons
• Application
Services
Requirements
Minimize your
Zero-Day
Footprint
• Turn off all
unused ports
• Remove all
unused Windows,
Linux, and UNIX
services
• Minimize your
footprint / attack-
surface, while
meeting your
system
requirements
Zero-Day
footprint is a
measure of the
services running
or the potential
exposure
• Minimize your
exposure duration
of the existing
footprint – this
requires
continuous
review of all
systems for
new open
ports, and
new services
running
Vulnerability
exposure duration
is a measure of
time between a
patch release and
install
Approved
Services
Windows Image
Default
Services
ICS Secured Image

October 7, 2014
Coden-MacLeod
• The As-Built
drawings are
created from the
Asset Inventory
Database
Vulnerability exposure
duration is reduced by
weeks or months, with
no on-site manual
intervention
• Virtual Security engine scans all ports and services in use –
reporting to central Cyber Security experts
• Central Cyber Security Experts create Whitelists and Blacklists
We would like to
provide an
understanding of
System Services
Baseline Imaging
• Central Cyber Security Experts use VSE to remotely close ports
and remove services on hosts
• Similar centralized / automated actions close ports and remove
unnecessary rules on network equipment
Minimize your Zero-
Day Footprint
• Continuously
monitoring your
footprint /
attack-surface
while meeting
your system
requirements
VSE Scans all Assets
and Network
equipment daily
Minimizing Attack Surfaces – Centrally Automated
– Ports and Service in use are monitored daily
Scan Open
Ports
– Verify against
Whitelist &
Blacklist
Scan
Windows
Services
– Verify against
Whitelist &
Blacklist
Collect Event
Logs &
Syslogs
– Input to SIEM
Analysis Tool
Analyze for
Anomalies
- Services Use
- SIEM Output
- Ports Use
Access
Equipment to
Investigate
Anomalies

October 7, 2014
Coden-MacLeod
• Virtualization
engines need to
be tuned for AV
scans
• Appropriate
hardware resource
allocation to Real
Time processing
• Remote storage
increases latency
for store and recall
as well as AV
scans
• Deliver to site only
patches qualified
by vendors –
available for
installation
• Installation of
patches and AV
must be tied into
operations work
permitting system
• Make sure to
install only patches
qualified for a
product & version
Protecting ICS from New Attacks - Manually
– Installing Patches and Anti-Virus Updates
• Vendor Anti Virus
Directory
Exclusions listing
• install only AV
updates approved
by vendor for each
product
• AV Scheduling
• Avoid batch
processing and
bulk data
extractions
• Take advantage of
existing work
permitting systems
• OS and Product
patches should be
installed as soon
as possible
• You are in a
race: Will you
install the
patch, before
the
vulnerability is
attacked?
Virtualization
Design & Tuning
for Industrial
Control Systems
Operational
Awareness of OS
and Product Patch
Management
ICS Antivirus
Baseline
Patch and A/V
Management is a
Continuous
Process – “A
Lifestyle”

October 7, 2014
Coden-MacLeod
Dynamics of Threats and Resilience
Systems Not
at Risk
Systems At
Risk
Affected
Systems
Risk Promotion
Risk Reduction
Attack Onset
Recovery
Adverse Behaviors &
Management
Risk Management
Threat
Management
Real-World
Implications
Financial,
Data,
Integrity,
Reputation
* Verizon Data Breach Report
67% were aided by significant
errors (of the victim)
How did breaches (threats) occur? *
64% resulted
from hacking
38%
utilized Malware
Over 80% of the breaches
had patches available for
more than 1 year
How are security and threat processes (resilience) managed? *
75% of cases go
undiscovered or
uncontained for
weeks or months
Note: System Dynamics Modeling cybersecurity research and breach research courtesy of MIT-(IC)3,
the MIT Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity – http://ic3.mit.edu

October 7, 2014
Coden-MacLeod
Protecting ICS from New Attacks – Centrally Automated
Centralized Synchronization of Patches and Anti-Virus Updates
WSUS
ePO
SEP
WSUS
ePO
SEzP
Devices
Systems
Applications
Network
Devices
Virtual
Security
Engine™
Network
& Security
Devices
Virtual
Security
Engineer™
Devices, Systems, Applications
Remote Sites
Internet
External Users
Partner / SI / OEM
Field Service
Full Web UI
Your
Product
Patch
Server
Full Web UI
Internal Users
DMZ
Central
Security Center
Application
Server
Comm
Server
Real-Time
Database
Server
Windows
WSUS
Server
McAfee
ePO
Server
Symantec
SEP
Server

October 7, 2014
Coden-MacLeod
Securely Backup and Restore Critical Files:
Multiple-Sites with Automated Verification
Devices
Systems
Applications
Network
Devices
Virtual
Security
Engineer™
Local
Peronnel
Network
& Security
Devices
Virtual
Security
Engineer™
Local
Personnel
Internet
External Users
Partner / SI / OEM
Field Service
Full Web UI
Backup
Location
# 2 With
Auto-Verify
of Backups
Backup
Location
# 1 With
Auto-Verify
of Backups
Full Web UI
Internal Users
DMZ
Houston
Central Security
Center
Application
Server
Comm
Server
Real-Time
Database
Server
Nigeria
California
Amsterdam
Qatar

October 7, 2014
Coden-MacLeod
One Critical Thing Missing From the Manual Budget:
– Run and Maintain – People, Processes, Technology, COST
Run & Maintain
Hybrid skill sets developed through the project
One critical thing is missing!
OS patch levels, firewalls, network drawings, inventories, remote access,
application patch levels, HW & device firmware versions, code vaults, password
maintenance, backups, restores, emergency remediation ….
Issue 3Issue 1
Make backups,
verify backups,
test restores.
Important to
update Asset
Inventory daily
or weekly –
looking for
rogue devices,
ports, services
and
configuration
changes.
Issue 2
Important to
continuously
patch OS,
Applications, AV
– and to
enforce this
policy.
Have a secure
remote access
capability for
Cyber Security
experts to “be
virtually on-site”
in seconds. We
are in a race
against
attackers.
Issue 4
Centralize OT
Security – The
only scalable &
cost effective
approach.
Issue 5

October 7, 2014
Coden-MacLeod
Site Compliance Report
Secure Remote Site 1
September 30, 2014
Compliance
Criticality Type IP Address Unique ID OS AV Log Complt. RMP Ports Services
WIN2003 Critical Connected 192.168.200.21 911101-D931818F-9752-43D9-9BD2-9B60 False False False True False True False
WIN2008 Critical Connected 192.168.200.22 911101-4B306D51-F7A1-41EE-9EAC-614C True False False True False True False
WIN7 Essential Connected 192.168.200.23 911101-AB0500F9-817D-4468-943A-7CF0 False False False True False True False
WINXP Necessary Connected 192.168.200.24 911101-F32D9FEB-E86D-4062-BC6E-B8FD True False False True False True False
Site Compliance Report
Secure Remote Site 1
September 30, 2014
Compliance
Criticality Type IP Address Unique ID OS AV Log Complt. RMP Ports Services
WIN2003 Critical Connected 192.168.200.21 911101-D931818F-9752-43D9-9BD2-9B60 False False False True False True False
WIN2008 Critical Connected 192.168.200.22 911101-4B306D51-F7A1-41EE-9EAC-614C True False False True False True False
WIN7 Essential Connected 192.168.200.23 911101-AB0500F9-817D-4468-943A-7CF0 False False False True False True False
Reports are used:
1. By management, on a daily basis, to ensure that assets are
hardened up to date, and to enforce compliance with company
security policies.
2. To provide auditors with a complete picture of the latest cyber
security status
Compliance and Enforcement of Cyber Security Policies

October 7, 2014
Coden-MacLeod
Instant App Delivery from Central Experts
Heartbleed Scanner was delivered in 48 hours
DMZ
Central Security
Center
Application
Server
Comm
Server
Real-Time
Database
Server
Network
& Security
Devices
Virtual
Security
Engine™
Remote Site/s
Internet
External Users
Partner / SI / OEM
Full Web UI
Full Web UI
Internal Users
• GUI based App Development Environment
• Develop new Apps in a few hours
• Distribute Apps to all VSE’s
• No recompile or reboot of VSE is
required
• App is used immediately
We are already
working on a
Shellshock
scanner now!

October 7, 2014
Coden-MacLeod
Case Study – Cost Comparison – Mid-Size Oil and Gas
– Initial Installation
Project Network Engineers – CCNA (Security/Router & Switch)
• As Built diagrams, redesign, VLAN segment, DiD, Firewalls
– 30 Plants and 52 Fields
$3,500,000
Project OS Specialists – MCSE (Desktop/Server)
• Reimage all systems to baseline, patch, software & firmware
– 154 servers, 490 hosts
$2,500,000
Project Automation Technicians & OS Specialist (Windows CE)
• Remediate embedded systems “Windows CE”
– 30,000 wellheads@ 4-12 Wells / day
$4,000,000
Direct Security Project Estimate $10,000,000
Indirect Operations Costs
• Operators & Electricians, Systems & Maintenance Engineers
$4,000,000
Total Cost $14,000,000
$5,000,000
$3,000,000
$10,000,000
$18,000,000
$10,000,000
$28,000,000
Initial Installation Costs
• to Secure 30 Plants and 52 Fields
Automated**
with NextNine
Software &
Accenture
Services
Manual
**Note: The Automated costs include installation of a complete
Automated – Centralized Run & Maintain OT Security System

October 7, 2014
Coden-MacLeod
Case Study – Cost Comparison – Mid-Size Oil and Gas
– Annual Run and Maintain Budget / Costs
Manual Run and Maintain Program:
• Inventory – 1/3 of plants each Year
• Patching, Ports & Services Scanning – once per Quarter
• Compliance Reports & Backups – once per Quarter
• Annual Software Cost ……………………………………..
• Annual Labor Cost …………………………………………
N/A
Total Cost $2,500,000
$ 100,000
$3,000,000
$3,100,000
Annual Run & Maintain Costs
• to Keep 30 Plants and 52 Fields Secure
Automated**
with NextNine
Software &
Accenture
Services
Manual
**Increased Cyber Security – Lower Annual Cost – Fewer personnel
Automated – Centralized Run and Maintain Program:
• Inventory of all plants – daily or weekly
• Patching, Ports & Services Scanning – Daily
• Compliance Reports & Backups – Daily
• Annual Software Cost ……………………………………..
• Annual Labor Cost …………………………………………
$1,500,000
$1,000,000
Prohibitively
Expensive &
Impractical
to
Implement

October 7, 2014
Coden-MacLeod
Acknowledgements
• The authors would like to acknowledge the important contributions
and gracious support of the following organizations in providing the
data, research, and resources to produce this analysis and report:
– Encana Corporation
• For graciously permitting us to use their actual data. In
particular we would like to thank Mr. Steve Biswanger
without whose help this analysis could not have been done.
• http://www.encana.com
– NextNine
• http://www.nextnine.com
– Accenture
• http://www.accenture.com
– Massachusetts Institute of Technology (IC)3
• MIT Interdisciplinary Consortium for Improving
Critical Infrastructure Cybersecurity
• http://ic3.mit.edu

Feedback & Brainstorm
34
Thank you
Michael Coden, NextNine
mcoden@nextnine.com
Pete MacLeod, Accenture
Pete.macleod@accenture.com
Email us for a copy of the presentation!

Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (18)

Similar to Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study

Similar to Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study (20)

Recently uploaded

Recently uploaded (20)

Accenture & NextNine – Medium Size Oil & Gas Company Cyber Security Case Study