Home Technology Rockwell Automation on Boosting Cybersecurity for Energy

Rockwell Automation on Boosting Cybersecurity for Energy

Inc. Arabia speaks to Naman Taldar, Regional Lead OT Cybersecurity, META, at Rockwell Automation, about how to optimize cybersecurity for the oil and gas industry.

Sponsored Content
images header

With cybersecurity threats on the rise, Operational Technology, or OT cybersecurity, has become instrumental in safeguarding the security and uptime of industrial environments. In addition to helping organizations comply with regulatory requirements, OT cybersecurity can help safeguard operational technology assets, systems, and processes from cyberattacks.

Inc. Arabia speaks to Naman Taldar, Regional Lead, Operational Technology (OT) Cybersecurity at Rockwell Automation, who oversees the OT cybersecurity consulting and business development for the Middle East, Turkey, and Africa markets, about cybersecurity threats in the oil and gas sector--and how to optimize cybersecurity for the industry.

Below is an edited transcript of our interview.

Rockwell Automation on Boosting Cybersecurity for EnergyNaman Taldar, Regional Lead, Operational Technology (OT) Cybersecurity, Rockwell Automation

Inc. Arabia: What makes the energy industry a target for attacks and why is it vulnerable?

Naman Taldar: An attack on the energy sector can impact entire communities and even countries. Cyber-attacks on a power plant or a pipeline can cause city-wide blackouts, impacting transportation, heating and ventilation, and the functioning of critical infrastructure, such as hospitals and schools.

Vulnerabilities in the energy industry originate from the use of legacy industrial control systems, particularly systems that have not been upgraded for a few years and are not fully integrated across control systems

Factors that contribute to vulnerability include:

  • Decentralized locations and global supply networks, which broaden the attack surface.
  • Financial attacks from threat actors such as nation-states or cybercriminals extorting ransom.
  • Gaps between operating infrastructure (OT) and IT networks, which introduce risk.

IA: What are your recommendations for oil and gas companies looking to enhance cybersecurity?

NT: Every industrial environment is different, and every organization has different requirements for cybersecurity controls. Developing a solid foundation requires starting with the basics:

  1. Network segmentation
  2. Patch management
  3. Access control
  4. Intrusion detection
  5. Incident planning and response
  6. Hardening of critical assets
  7. Employee training
  8. Security by design
     

IA: What does the future of cybersecurity in oil and gas look like?

NT: With digitalization becoming a business imperative in the energy industry, advanced cybersecurity measures are paramount. The future of secure operations in this sector hinges on integrating modern technologies with a proactive and agile approach. AI and machine learning-based applications will be pivotal for threat detection and response, facilitating real-time monitoring and security response across the domain of process automation.

The convergence of IT and OT environments necessitates a unified security strategy to preempt and combat traditional IT threats while building resilience against the unique vulnerabilities of operational technology. Rising geopolitical challenges emphasize the importance of network segmentation, asset visibility, and continuous security framework updates. Zero-trust architectures and stringent regulatory compliance are vital for secure, uninterrupted, and scalable business models.

In conclusion, a robust and adaptive cybersecurity foundation is essential to safeguard critical infrastructure and ensure operational continuity, without compromising the need for profitability and sustainability.

IA: What role do regulations and frameworks play in maintaining a strong cybersecurity posture?

NT: Regulators are increasingly aware of cyber threats and their implications. The regulatory landscape in the energy industry is highly nuanced, but the security environment doesn’t need to be. Energy companies are left no choice but to act now and double their cybersecurity and resilience efforts. A strong cybersecurity posture begins with the right security strategy.

Cybersecurity frameworks are structured guidelines that include best practices organizations can follow to mitigate the risk of cyber threats and lower the threat profile. Frameworks provide a systematic approach to managing cybersecurity risks, ensuring that security measures are timely, comprehensive, and well-coordinated.

However, to build the right framework for an organization presents unique challenges, as there is no single standard that can be applied to all sectors and industries. Each industry, whether energy, consumer goods or transport, will require a bespoke solution developed for their unique challenges and threats. Following tested frameworks is a good practice but personalizing it to integrate with a client’s environment is key to success.

Detailed planning and a phased approach are required to implement a framework in full. Since it involves multiple controls, deploying all of them together might not be possible, therefore system integration must be planned in phases, aligned with organizational requirements, and with minimum downtime.

IA: Why are ransomware attacks so successful?

NT: By denying access to core systems, ransomware can cause an organization to run its operations in a highly degraded state. The growing sophistication of ransomware groups and changing expectations have raised the risk to critical infrastructure. Organizations are now embracing digitization to meet stakeholder demands for simplicity, efficiency, and value within budget constraints. This includes converging IT with OT and leveraging the cloud and Industrial Internet of Things (IIoT) technologies. The pandemic also enabled remote access for OT personnel, which has resulted in increased exposure to cyber threats in OT environments.

IA: How can Rockwell Automation help oil and gas customers in their digital transformation journey?

NT: Rockwell Automation provides various solutions and services that can enhance cybersecurity within industrial environments, including:

  1. Risk Assessment and Consulting: Risk assessment services to identify vulnerabilities in industrial control systems and help organizations develop strategies to mitigate risks.
  2. Network Security: Network security solutions, including firewalls and intrusion detection systems, to protect industrial networks from cyber threats.
  3. Secure System Design: Automation solutions that are designed with security in mind, incorporating best practices and security features at the design phase.
  4. Cybersecurity Training: Training and educational resources to help organizations improve their cybersecurity awareness and skills among employees.
  5. Incident Response Support: Assistance in developing incident response plans, with the option to receive support during and after a cybersecurity incident.
  6. Regulatory Compliance: Compliance with industry standards and regulations related to cybersecurity, such as NIST, IEC 62443, among others.
  7. Patch Management and Updates: Ongoing support for patch management and updates to ensure that systems are protected against known vulnerabilities.
  8. Project Execution and Management: Assistance in implementing controls based on IEC62443, NIST, DESC, and NCA - OTCC standards.

By integrating these practices and solutions, Rockwell Automation helps industries secure their operations against cyber threats.

Last update:
Publish date: