The 2018 Abu Dhabi International Petroleum Exhibition & Conference (ADIPEC) will begin on Monday 12 November, bringing together 110,000 industry experts from across the globe. As leaders and decision makers assess the future of energy and discuss the role of technology within their vision, Skybox Security calls on the industry to take a unified approach to securing IT and operational technology (OT) network that align with the needs and goals of each environment.
Last year, newly published vulnerabilities affecting OT saw a 120-percent increase over the previous year, according to Skybox Security’s 2018 Vulnerability and Threat Trends Report. For sectors like energy, manufacturing and utilities that rely on connected industrial control systems, this is a stark reminder of the growing and prevalent risk not just to operations and the bottom line, but also the safety of their employees and communities they serve.
Sean Keef, Director at Skybox Security:
“Many oil and gas providers contend with large and complex IT-OT networks with a huge exposure to vulnerabilities, and although security teams are addressing threats as soon as they are identified, often the path from vulnerability detection to remediation is too long and creates unacceptable levels of corporate risk. Actively scanning critical services can also disrupt networks and even is prohibited in many OT environments.”
“There is a clear need to passively identify risks on an ongoing basis and accurately prioritise their remediation and mitigation. Total visibility of the attack surface is key for the energy industry to not only understand the exposure of critical or vulnerable assets, but also what security controls can be put in place to mitigate that risk. Being able to identify network-based changes that would create layers of security and isolate vulnerabilities is incredibly important to protect OT assets that can’t be patched due to operational needs, are no longer supported by their vendors or could void warranties if they are patched.”
“By unifying and aligning IT and OT security, organisations can ensure that cyber risks are known controlled throughout the organisation; that IT teams can properly inform OT engineers of that risk; and the best risk reduction measures can be implemented without compromising uptime on the factory floor, at the oil well or at the power plant.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.