By Fady Younes, Cybersecurity Director, Cisco Middle East and Africa.
The energy sector has a pivotal role in the global economy but is faced with various challenges including cybersecurity. This is why establishing and maintaining a robust security infrastructure can play an important part to help ensure reliable supplies from extraction to delivery to consumers.
The energy sector is a key focus area for Cisco and over the years we have built a trusted reputation among many stakeholders in the industry. Our experienced teams and experts work closely with our customers to map out their needs and develop solutions. In a recent blog post, we outlined the primary principles for secure energy industry operations and how Cisco can help.
These are:
Visibility of Asset Posture and Activity
Acquisitions within the energy industry are a common practice and often see companies having to manage a very diverse range of assets such as pipelines, plants, and production facilities. This in turn results in a broad array of different control systems, instrumentation, and communication resources. Keeping an updated inventory of all assets and their security vulnerabilities is nearly impossible. Unfortunately, such an incomplete view of assets and security measures can leave companies at risk of undetected serious attacks by bad actors. Therefore, it is essential that asset inventory and visibility is maintained.
Cisco can support energy companies with strong cyber risk mitigation. This is an area where most money is spent by companies in the sector, including firewalls, endpoint security, malware detection, behaviour analytics, and many other tools. With so many different mitigation tools now available it is important for companies to select the best solutions to meet their needs.
A Response Plan
Governments and industry watchdogs have implemented far stronger regulations around reporting security incidents. As a result, more people within the industry are aware of how common such security breaches are. It is essential that companies develop a response plan that contains a strategy for identifying which experts will get called in to assess damage and restore operations following a security breach. An effective plan will also highlight a methodology for communication, reporting, and other post incident action items.
Visibility at the Edge
The last few years have seen Cisco deploy its integrated capabilities into the operations of heavy industry. We also employ tools that address OT visibility, risk mitigation, and incident response.
The most significant challenge to implementing better asset visibility solutions has been the high cost of installing software at the edge to analyse local behaviour. We now integrated this capability into the network infrastructure enabling one device to provide data switching and routing, as well as an agent to report on asset conditions and behaviour. This not only simplifies deployment but also reduces the cost of a parallel infrastructure.
Systematic risk mitigation
The process of systematic risk mitigation requires careful assessment of communication flows that are most critical to the operation. Risk can be introduced along any part of the flow including devices and operators themselves. At Cisco, we provide a wide range of tools that can help assess and mitigate risks and can assist with designing an optimal security framework and operation.
With a good response plan in place, teams and tools can be ready at a moment’s notice to respond to a crisis. This is made possible by response tools that are already integrated into the visibility and mitigation tools, so security operations personnel are not learning new systems in a time of emergency.
With decades of experience in the energy sector, Cisco has been at the forefront of developing innovative and effective solutions for the most common risk areas the industry experiences. From IT to OT, Cisco employs an industry-leading, integrated approach to securely protect assets.