Tigerspike - Cybersecurity and Mobility in the Energy Industry

Cybersecurity and mobility in the
Energy Industry
Advanced Energy 2013
1 May 2013
Christian Glover Wilson"
Vice President, Technology & Strategy"
Tigerspike

Cybersecurity and mobility in the Energy Industry
Abstract
Enterprise mobility has progressed from email on a BlackBerry to a vast
proliferation of personal media devices in the hands of employees, engineers
and the end consumers. Mobility is key to how remote teams now collaborate
and access ﬁles and data with the advent of cloud computing accelerating that
further. The distributed nature of energy production and distribution make this
even more pronounced for the energy industry.

This new ecosystem has led to a variety of new cybersecurity threats that need
to be understood and prevented. The widespread adoption of smart devices
and the rise of the Internet of Things need to be secured with a combination of
best practice and technology – protecting but not limiting the continuous push
towards anywhere and any device productivity.

Rise of Mobility
Understanding the Threats
Addressing the Problem
Contents

Rise of Mobility

Proliferation of Personal Technology Devices
•  As of late 2010, smartphone sales started surpassing those
of traditional computers.
•  “By 2015 shipments of tablets will outstrip those of
conventional PCs such as desktops and notebooks”-Gartner
Source: Gartner, April 2013

Proliferation of Personal Technology Devices
•  Tablets will overtake desktop and notebook shipments combined,
while 'ultra-mobiles' will grow
•  Shift in device preference is coming from a shift in user behavior
•  Leads to a bigger embrace of the cloud for sharing and for access
to content
Source: Gartner, April 2013

Enterprise Mobility
•  Rapidly growing adoption of BYOD
•  Easy to push real-time alerts and crucial messages to
users, based on location
•  Can capture vital analytics about usage and devices
used
•  Enterprise apps can provide ofﬂine access to keep
using the app and entering data, with an automatic
sync once the device comes back into range

Enterprise Mobility
Mobile devices empower employees to do what they need to do — whenever
and wherever; enterprise mobility is not telecommuting.

A rapidly maturing ecosystem of mobile app tools, technologies and platforms.

Internet of Things
•  Growing network of IP-enabled components
and appliances
•  Meters and devices reporting their usage
allowing reactive modeling
•  Locks and control devices controlled over
the Internet
•  Connected installations managed remotely

Internet of Things
Supply/Demand
Alterna1ve
Oil/Gas

Loca%ons
Power
Genera%on,

Transmission
and
Distribu%on

Low
Voltage

Power
Quality

Energy
Management

Solar

Wind

Co-‐genera%on

Electrochemical

Rigs

Derricks

Well
Heads

Pumps

Pipelines

Devices
Turbines,
Windmills,
UPS,
BaJeries,
Generators,
Meters,
Drills,
Fuel
Cells,
etc.

Every industry has an individual set of uniquely
identiﬁed “things” generating data and able to
controlled remotely.
For example:

The mobile world changes with every new device and set of
devices.

Smartphones and tablets are being joined in the marketplace
by new consumer devices.

Wearable and augmented reality products will fast become
widespread.
New Devices

Mobile device uses
•  Voice
•  Video
•  Data
•  Control
•  NFC Interaction (RFID, Bluetooth, etc)
•  Thin client for cloud-stored data
•  BigData aggregation visualization

Understanding the Threats

The Device
•  Vulnerable to malware, malicious apps posing as benign apps
•  Legitimate apps can allow data loss and data leakage if poorly-
written
•  Vulnerabilities in Hardware, OS, Application and Third-Party
Applications
•  Unsecured or Rogue Marketplaces

The Device
•  Malware and attacks on mobile devices are on the rise
•  Vulnerabilities found almost as soon as a device hits the market

Accidental breaches and device loss
•  68% of employees reported that they did not have their devices
cleaned when upgrading
•  Access and data breaches are the most common results of lost
phones... not recovery
•  Social engineering tactics lead users to click malicious URLs
spammed by trusted sources via SMS, social media and email.

BYOD – Statistics around usage
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%

...user a personal electronic device for work-related functions
...who use a laptop for work will connect to the company's
network via a free or public WiFi connection
...who use a personal device for work have let someone else
use it
...who use personal device(s) for work have not activated the
auto-lock feature
...who use their personal device for work admit that their
organization's data and/or ﬁles are not encrypted
...who use a personal device for work say their organization
has not implemented a "bring-your-own-device" policy
...of employees U.S. adults have been a victim of malware or
hacking on a personal electronic device
81%
31%
46%
37%
33%
66%
25%

Encryption of DAR and signal
•  Given sufﬁcient time, a brute force attack is capable of cracking
any known serial encryption algorithm.
•  To crack AES with 128-bit key would take 1 billion billion years
for a supercomputer of today.
•  Using quantum technology with the same throughput,
exhausting the possibilities of a 128-bit AES key would take
about six months
•  Encryption only ever as secure as the implementation

Connectivity weakness
•  Unsecured WiFi and rogue access points add vulnerability
•  NFC/RFID has a low threat of breach but can allow mimicry
•  Bluetooth defects allow "
eavesdropping and caller "
identiﬁcation

Mobility introduces all these threats

Internet of Things
•  Increases exponentially the quantity of
systems that will have to be protected
•  Route of data to the provider is obvious
weakness
•  Multiple points of failure
•  DDoS attacks on individual appliances
•  Introduce vulnerability to associated ﬁnancial
records

Wearable
New devices means new threats and fresh
cyber security considerations

Wearable

Addressing the Problem

Securing the Device

Securing the Device
•  MDM
Notiﬁcation, access control, quarantine, selective wipe
•  MAM
Authentication, storage control, copy/paste limitation
•  Data and apps
•  Event monitoring
•  Keep OS updated

People are demanding to use their own
gadgets in their jobs. Trying to thwart
them is futile
The Economist
92% of Fortune 500
companies are testing or deploying
the iPad
Tim Cook, CEO Apple
When young employees ﬁrst come
across business-application screens,
they scream in horror
Willem Eelman, CIO Unilever

Enterprise Mobility

Enterprise Mobility
•  BYOD vs COPE (Corporate owned,
personally enabled)
•  Clear policy required
•  Control non-work device use

Encryption
•  Invest in parallel solutions, be prepared for
Quantum Computing
•  Encrypt data stored to cloud storage
•  Encrypt any sensitive data stored on the device
as well as while being transmitted
•  Pay attention to key exchange
•  Harden networks

Internet of Things
•  Assume each device or appliance is the weakest part of
the system
•  Protect data captured even if it caches on the device or
local network
•  Consider remote control locks as insecure as those
operated locally
•  Have lock passwords change"
frequently and on demand to"
allow temporary access

Securing mobile devices

Christian Glover Wilson 
Vice President, Technology & Strategy"
christian.gloverwilson@tigerspike.com
+1 917 310 5249
"

San Francisco
875 Howard Street"
6th Floor"
San Francisco, CA 94103"
+1 415 562 4001"
sanfrancisco@tigerspike.com
New York
133 W 19th St"
7th Floor"
New York, NY 10011"
+1 646 330 4636"
newyork@tigerspike.com
Contact me
San Francisco New York London Dubai Singapore Sydney Melbourne

Tigerspike - Cybersecurity and Mobility in the Energy Industry

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Tigerspike - Cybersecurity and Mobility in the Energy Industry

Similar to Tigerspike - Cybersecurity and Mobility in the Energy Industry (20)

More from Christian Glover Wilson

More from Christian Glover Wilson (8)

Recently uploaded

Recently uploaded (20)

Tigerspike - Cybersecurity and Mobility in the Energy Industry