| | AUGUST 20188Industrial Internet of Things (Industrial IoT), Digitalization, Cyber Security, and their Impact on the Energy IndustryBy Matt Morris, Managing Director, Industrial Cyber & Digital SecurityIntroductionHaving always been a technologist at heart, it is comforting to see how technology continues to impact today's Digital Energy industry. From the large scale adoption of Internet of Things devices, to private cloud adoption (with the first glimpses of public cloud), to artificial intelligence and increasingly automated systems, technology has become a staple of the industry. At the same time, the industry continues to deal with challenges such as a workforce nearing retirement, regulatory challenges, a burgeoning threat landscape, and a massive manpower and skills gap with respect to Cyber Security.And... then, there is the ugly side of technology, where the results don't always align with intentions and where it leads to new challenges. A few easy examples of this are nauseatingly complex networks that are full of design flaws and misconfigurations, and which invite new attack vectors.But I'd like to focus my time and energy addressing this readership on technologies and developments relative to cyber security that are impacting the industry, and that candidly requires a call to action. Applying relevant and effective cyber security is where I see the largest gaps in understanding when it comes to CIO/CISOs. Given the critical nature of our smart grid and energy infrastructure, cyber security is an area of great impact and consequence, and without this issue being solved, we'll likely never realize the real promise of IoT and Digitalization.Industrial Cyber Security is Essential, Yet Scantily Addressed TodayTo thrive in today's Digital industry requires connectedness. The digitally connected enterprise identifies opportunities, assesses health and operational status, lowers the cost of materials, and accesses expertise from wherever it is around the world. This ever-connected and information rich world is driving measurable gains in a variety of examples, however the rush into new technology, connections, and mobility also adds more risk. The reality is that operational networks are more complex than ever before, putting the operational resiliency of energy systems at risk. Meanwhile, security related incidents are on the rise. A December 2016 study conducted by Security Intelligence noted a 110 percent increase within ICS environments. Already, since that report, we've witnessed an even steeper increase in security events impacting operational networks. For example, WannaCry impacted at least 100K organizations across 150 countries, making it the largest and most disruptive ransomware attack ever launched. NotPetya reportedly cost two individual companies (Maersk and FedEx) more than $300 million, and now in 2018, we've already seen Meltdown, Spectre, and the TRITON attack, which targeted safety instrumented systems (SIS), responsible for ensuring the health and well-being of plant workers. For some companies, these incidents often drive knee-jerk reactions such as fortified perimeter defenses and de-militarized zones (DMZs) between the corporate network and their industrial control systems networks. They reason that this will effectively block outside threats to their operations. Unfortunately, there is new data that suggests that some of the largest | |AUGUST 20188IN MY OPINION
< Page 7 | Page 9 >