Energy companies are emerging as a prime target for cybercrime, and study after study shows that the energy sector is not as prepared as it should be to prevent cyberattacks — especially given the criticality of the industry.
Security in the energy sectors, from oil to gas to electric, is failing. Old-concept security, built around a failed premise of keeping all the bad guys out, no longer works in today’s energy environment where we face challenges related to three technology trends.
Eco-system interdependence, where an attack on a tier three provider can be as devastating as a full frontal assault on your headquarters.
Technology shifts away from owned data centers toward more efficient clouds, software-as-a-service, industrial control systems (ICS), and bring-your-own-device (BYOD) mobility.
Increasing threats from highly organized criminals, highly motivated terrorists, and highly bankrolled foreign intelligence services, looking to steal from you, and/or degrade your ability to provide energy to your constituents.
Today’s energy security must move away from outdated concepts of building higher walls and simply watching as ever increasing numbers of security events unfold. It needs a basic core premise that works for today’s environment. In short, security must change to succeed.
A working premise for today: Some malware will get in, but it won’t cripple your company or endanger the consumers you support. This simple security concept is rooted in fact, believable as to be trusted, and able to be implemented in today’s real energy environments. But it also requires a change in thinking at the top. It requires bold leadership and the confidence to admit to what’s failed in the past while charting a better course for the future.
This new style of thinking works for upstream and downstream in oil, production and distribution in gas, and generation and distribution in electric. It works with the computers that manage these businesses, as well as the industrial control systems that operate it. It works across an energy eco-system, and in challenging security environments. It works in energy data centers, hybrid and public clouds, ICS/SCADA, and global mobile. In short, it works in today’s real world environments.
This new approach to security is called micro-segmentation (uSeg), and when implemented correctly is a simpler and safer way to operate in the energy sector. The concept of uSeg is very straightforward: Use encryption to wall off your most valuable data and organize data into functional “communities” so that only those who are authorized can access it.
uSeg efficiently delivers what smart chief security officers have failed to do with old-style firewalls, invasive application security retrofits, and cumbersome additional management systems. Newly available uSeg technology delivers on the promise, without firewall rules or application rewrites, by performing these services at the packet level, between layers two and three in the existing IP stacks.
While there are several approaches to implement uSeg in the energy space, I recommend a system that can be quickly and easily layered on to your current environment. It requires a system that is identity based and driven from your current Active Directory or LDAPs to minimize overhead, and that works immediately in all of your new environments including data centers, clouds and mobile devices.
With uSeg, it’s possible to:
uSeg is the answer to today’s energy security. While new, it’s already being deployed in the energy sector around the world, and beginning to make a real difference for the secure production and delivery of vital energy today.
This post was first published in Intelligent Utility at http://www.intelligentutility.com/article/15/11/fresh-look-energy-security-useg.