Cybersecurity and The Digitalization of The Oil & Gas Sector
once again informed by the urgency of climate change and cyber attacks on critical infrastructure sectors such as oil and gas. According to the latest while they commit forms Global risk report released this week. Among the highest likelihood, risks of the next 10 years are extreme weather, climate action failure and human and environmental damage, as well as digital inequality and cyber security failure. But first, it is a great pleasure to me to introduce General Wesley Clark, who is going to talk about the urgency to address the basic, witty friends targeting critical infrastructure sectors. General Clark serves as the chairman and chief executive officer of Western Clark and associate is a retired four star general after 38 years in the United States Army, having served in his last assignment as a commander of the U. S Southern Command.
And then as the commander of the U. S European Command. You know, Clark, the floor is yours. Thank you very much, Georges. So in late December of 2020, much of the business and security world was rocked by news of a massive believed to be Russian cyber hack 4000 businesses, Most U. S government agencies. It was international,
not just against the United States. It turned out that Company called solar winds had permitted an intrusion into its network management software suite. I'm called Orion. There was an update to two or Ryan and somehow
it had been tampered with infected with malware, which enabled on outside agency to use the software for At least for massive surveillance of the networks that were Covered by Orion on day. How did they get in? Apparently, it was a compromise of a password of very complicated password called Solar winds 123 Now, how do we come to this? And what does it portend for the oil and gas sector and industry in general? You gotta go back, 100 years to an Italian dealio. Strict military there. His name Giulio do a because after World War, one
strategist we're trying to avoid the terrible stalemate of trench warfare. And do hey, envision clouds of bombers over enemies Cities. In World War two The U. S Air Force attempted to destroy Germany's industrial capacity by strategic bombing. Tens of thousands of casualties on both sides. Terrible surveyed casualties, but Largely it failed.
So in the aftermath, the Geneva Conventions proclaimed that attacks on civilians and civilian infrastructure with the intent of using public train. To coerce governments for illegal Three factors, however, brought us to where we are today. First looking at the failure of strategic bombing. Strategist began toe discuss network analysis. What were the key points of vulnerability in networks that could disable on adversaries? Industrial potential military industrial potential second? Two Chinese colonels and 1999 published a strategy booklet calling for unrestricted warfare. That is all civilian sectors were fair game everything from water and sewage to power and, of course, the oil and gas industry.
And third during the 19 sixties seventies eighties nineties, we developed computers, microprocessors and the Internet that made possible not only more efficient business activities. Increased management control, reducing labor costs, but may the remote control of machinery and whole industrial processes possible through so called skater systems. And this in turn lead to cyber crime. First, it was those unruly Ukrainians who were trying to steal money from your bank account on and then there was interference with businesses. Disrupting functions like accounting and building.
And then, um, going after the Iranian centrifuges. Program called Stuxnet, which showed that actually you could cause kinetic damage. Through cyber and this opened the door to a whole new level of cyber threat. Hard kills on key system components. Were possible and then into ransomware, walking down whole blocks of data and communications systems, So that's the nature of the threat to critical infrastructure today.
The Russians demonstrated it in 2015 by shutting down Ukraine's electricity supply, and that was partially mitigated by the fact that the Ukrainian electricity supply wasn't totally On skater. But in 2017, a series of efforts against Saudi infrastructure began, and by August, there was an effort to blow up a Saudi petrochemical plant. What does it mean for us? It means that borrows shields and firewalls, passive protection or in enough networks, but must be actively monitored intruders driven out. Secondly,
That Mel work and come in from components like Schneider Electric Strike Onyx controllers that were used in the Saudi plant. Third Human factors are always critical, so personal Reliability Programs Network administration Up and checking things like password control or critical. And finally, broad executive understanding and attention is required.
I've gentlemen, let's go into the details on oil and gas. Thank you. Thank you, General Clark for these insightful remarks. We will long transition to a panel discussion on the main two topics of the session. First, the risk and opportunities of digitalization and energy transition strategies. There really is under resilience of energy systems.
And second, the trends in cyber threats and attacks, putting pressure on existing and future energy in critical infrastructure. Four finish the Revolution and the U. N sustainable. The woman goals are opening up the energy market two more digital and green energy businesses, which raises the question on the digital resonance. Seven resilience and trust across ecosystem. Moreover, industrial this organization is exposing enterprises to new risk and Fred significantly altering the sophisticated threat landscape is development is forcing business leaders to make some important decisions about what to privatize. How is one risk more important than another? Are we managing the right risks? At least let me get it with this discussion.
Please ask your question using the mobile security function. Now let me introduce this wonderful panel. First Doctor Reem al Shammari, chief information secretly Officer the Kuwait Company.
Mr Toby around fourth executive vice president of industrial applications at Simmons Energy. Said John Market, Slavic co founder and chief executive officer at Carbonite and has been other least Mr Dario Pagani, executive vice president and chief information officer. Any Well, first start this questions on micro trends, and this first question would be for Toby alone. Could you share with us? What are the major supply and demand forces shaping the transformation of the All India sector? Well, ah, first. Well, thanks for having me and my pleasure to be among such a and experienced team on this pattern. Also looking forward to the next
few minutes of dialogue er Well for me there at least three and very clear on well known to most of us transfer one the ever increasing demand for energy. So both we a. We see that a few 100 million people are without electricity. Uh, have an ambition to get there to be Lee infrastructure and meet the needs off population but also in many parts of the world where we had planted entity with still consuming more.
And more. I think that's one of the trance that we need to manage moving forward. And we've seen that too many years. Of course, the other trend that is building momentum and have built momentum over the last few years is, of course, the public opinion in regard to climate change.
And in that respect and in our industry very much related to decolonization. And the and the third one is I would call it the technological breakthroughs that we see both in society with hybrid electrical cars affecting our industry, But it was so In our industries producing energy, You know a more efficient way monitoring assets in a more efficient way, and with a higher level of security they were never seen before. I think these three trans off technological development development, the energy demand and climate change creates a landscape on start to do so. For us, it's very much around
navigating. Uncertainty. And that drives us to focus on that cost efficiency drives us to focus on resilience and security of supply and our assets. And any tracks us. Also, of course, to ensure that we have the best
people around US talent development and pelant retention is more important than ever. Thank you. Tokyo on John, Would you like to add anything? In addition to the top you mention, of course, I think I think you know, important thing that has happened, of course, is the is the shift in the energy mix as well from You were, you know, carbon based in two more in a green neutral in energy, so just, you know, hydro power, but, you know, solar and wind. It's also changing a lot. Also, the dynamics of the market obviously
on do you know this drive's obviously up, you know quite a bit the renewables in a power production, which partly Serves the increased demand for for energy. But it's also clear demand for for the oil and gas industry to reduce its emissions as well. So you need both. The gas industry itself to be more effective in itself. And, of course, also to transition into new energies. And you know, and the United, for example, of course, a big driver for that in what they're doing. Thank you, John Ring being the cybersecurity expert in this panel. Could you share
with us? You know what are the cyber security challenges that the industry's to face is a result of the digitalization strategies which are transforming rapidly. The attack surface of this industry. Thank you so much. Judge actually tow cater the rabbit change off this presents information which has been in a counter a very lesage. Challenging times during the pandemic, who had the additional transformation plans with expedited that was planned for five years were executed.
All of them, it's within five months. That's why I brought us a cyber security professionals and entities and to catering and enabling these business requirements and a very difficult times, especially it comes to them oil sector and the market forces. It'll all be in exposing our best efforts, toe called cop up with these challenges with the whole world being changes and, of course, expediting our perimeters off the security. Not only around our companies is now being expanded to the employees working at home, so it's no longer the investment off our building our cyber security defenses around our company's actually Building it toward the security off. Our employees were working remotely raising the awareness is now even more important than ever. We're building a huge investment into those awareness programs because as our stretching is being changed What's this dish? A transformation adoption, the emerges, emerging threats are increasing rapidly. They are aware off this expansion off the
premises off all companies withdraw working remotely. They are aware off the vulnerabilities that have come out recently with this adoption. Off the noona because I believe it will never go back to the normal situations before. I believe we are adopting too then you know and be a equipped him with that.
S o. I would roll a cybersecurity is really now became, in addition to be decided defenders off our entities. We are not becoming the business enablers. So we have started building our partnership with
the business. We have became the partners and not really never spot the partners and understanding the business. We are shifting their mind set off from security. Being at the back seat actually are not becoming at the driver's seat, and security is being now injected at the ST Zero as we set on being weaved into the technology fact this transformation We're with no longer being seen as a tool or a service. We are being enabler and having these involvement at the early stages off any project or a digital adoption will always enable the technology to be embedded and implemented in a program and secure manner. So all of this is happening in the in the current world and I believe our leadership in the quake all sector on the payroll secret, which company has became aware of this challenges, and they have bean lesson involving security and information security at the early stages.
Uh, again, involving the huge investment of one's programs and again promoting the partnership between us and between the business. So with these challenges we always believe don't focus on the China Just look at the opportunities there's that is always residing and coming along with the challenges. On and pick best visit opportunities, and this is what our readership has done. They had taken this opportunities and building the partnership, raising the awareness and again injecting security at the state's deal. Thank you a ring. So and now I would like to
move to the technology topic and Dario. This first question will be for you as digitalization is driving growth innovation in the Omega sector. Has tremendous potential to deliver shareholder customer and rental value. Could you share with us some of the latest technological innovations driving the transformation of your organization and the sector as a whole? Okay. I think that there isn't a lot of aspect that talking about miss a technology innovation. I think that they never session in our sector that is to transform energy transition. I want just to folks in two main
area. One is data that is very important asset that Another scene that now is artificial intelligence. I try to explain better in dictate what I mean in term of data, of course, again, whether long story about starting from the oil and gas for the exploration part that can let me say stop that a lot of year ago intend to analyze it to produce in from the medical simulation, if a lot of a lot of model No, I think that we have the capability very easily toe reach on the market Auto on your premises. That is a super computer. I perform a computing. I think that we have to take into consideration that Argh! Where let me say after softer but mainly the competence is to put together can give very opportunity in temple supported position timeto reduce the risk it also to evaluate that At the beginning just in the air, indeed faces what will happens. Let me say when we were entering production off course, the challenges for the evolution of energy, this kind of transition we are using now this this approach manly with the new energy likely me, say the magnetic fusion Contento.
Simulate what happens when we will have this kind off capabilities. All the men are the marrying energy or the other side of that. What said before in, turn off the mission. The mission how to manage the carbon Capture and storage for this year to this is let me say data that means a lot off in time off, sensor out toe Get how tow capture the data to capture data and how to Mench.
And how many? How? What took kind off competences. We need to dwell inside the company or with let me say, and open us in time off ecosystem to collaborate with different partners. Data and artificial intelligence changed completely and supporting the challenge in term of Finnish transition. Now you if I may ask a follow up question as we were speaking about resilience off the energy systems. Are those new technologies contributing to greater resilience off energy systems, you know? In the picture. I think yes said, because you know that you are predicting a lot of in New York trying. You are way our investment investing term
off become more Robert. In time of infrastructure. You know that the one of the mystery witness point in term of Brazilian at the infrastructure in term off the overall system. This means that if you can Design at the beginning of every robust infrastructure that can anticipate the fault and I think that we will enter in the next step about the suburbs. Throat. You know, that is a dad a very big, stronger escape. I think
that can be more robust, already residence in time off global infrastructure. Them to mention all things formation in the real time. Thank you for being given that the Simmons energies a major supplier of pro off industrial control systems in the Omega sector. Could you also share your views on on those questions? That's look, I think First of all, I would just like, Echo what Dori was just referring to in there. It's coming back very much to date them on, and I can I can agree with Darius. Uh, you know, if you hear very much, and I think and the complexity of having both old assets, medium new assets and really new assets, where everything is already equipped and ready to You go. I think that's challenging complexity
is for us in the industry to result, so I think that's one of the key components will report many of the assets Minuto Por cuts on about All in the ass in this chair, being out there for corn extended period and had been upgraded and replying and retrofitted over time. But there there are opportunities to You make sure that we connect that with a new world, so to speak. I think The compensations to worry that we're looking at is basically coming out of three dimensions. It's an efficiency topic by we you state up a story was referring to to ensure that we If you're operating assets at its optimum point.
And many hats, Asano period or not there any longer. They were designed for a certain environment and in a certain context, and that that have changed over time. But to ensure that we do the best out of existing assets, so that's why we call it efficiency and road map. The second part is Tonto Hybridization, so partial step Into new fields into new opportunities to operate assets, and that can be to use more of the heat and and and its battery in integrations into the overall systems and and really make use all the entire energy system.
Here also include our activities around hydrogen on blue and and green Ha Jin. And then, of course, we are very active indeed. Colonization and as young, mostly living to hunger and very much related to renewables, for example, win power for our partnership and equity holding in since coming, sir. And then off course, our Electoral East side, electrolytes her activities and greet stability, activities and sound. So I think there are many different components here.
On them. And some of them are kind of a more complex than others, Of course, But coming back to my original topic off, managing and infrastructure pretty rich includes the latest technology. Had also technology from back to the fifties and earlier. I think that supported the process and industry peers to manage.
Thank you, Toby Jones. Um I now would like to move to the O. Brazilians.
But in the weather come for him were initiative. Looking at seven resilience in the only gas industry, Simmons Energy organized any and Kuwait. Our company are key contributors in this initiative and will be releasing next instead of boredom principles to support it all, I guess sector in their efforts to Indian summer resilience. Above the organizations and the brother ecosystem. One of those principles reflected the concept that several resilience is not solely a night issue. But it is a business challenge that
affect all aspects of the organization and ecosystem. John I would like to ask your personal Could you tell us how several resilience has bean Embedded in the operating model off carbonite, even with your software company. Sure, of course I think it Zaveri important. You know what has been pointed out that you know this is not just about security, our cyber security. It's about the brutality and the reliability of the systems.
On duh. I think you know also, as Dario said, they, uh is that the key is really the key fuel for this industrial develop your transformation within You start with the hole. That's a data journey, you know, going from, you know royalties, sensors equipment on towards, you know, very no decisions are being made. No better with it. That's happening with people making better decisions
through having you know, informational data available or if data is being used. You know, also in, you know, two optimization or or even in automation off of industry. When we think about, you know, resilience. It goes obviously from moral. The All the you know, the cyber cigarette departs is also related to data governance. Can you
trust the data in interesting quality of the day taken interest the integrity of the data. And also has not been touched upon comes back people as well. You need to take the people aspect as well into account so that you can both then you know, true, you know, to technology and through You know, human decisions anticipates universe coming. You need to be able to tolerate, you know, disturbance. You need to be able to rip the recover, You know from, you know, it's just because it's just been happened.
On then, of course, you need to learn from that and improved. Thank you, John. There's um I think your point is very important because when we speak about seven resilience is really about the organization's ability to withstand the recover from from several events and we need to look at it, You know, holistically, not just from I said basically the aspect and I know we're not two people out, maybe to the ecosystem dimension one of the principles that We're recovering in our You know, our boardroom set of principles also look at the fact that it is no longer enough to protect your house. You need to contribute to making your neighborhood.
Safe and more resilience eyes, especially in an industry that is becoming christening, interconnected and intemperate and independent like the all in your sector. If we refer to the reason it's separate incident and covered last one, which compromise and 80 software update and infiltrated government in critical infrastructure entities, I think it's stressed the urgency for critical infectious organizations rather quickly to the place of change. In this fast moving Fred landscape. S o phobia. And I would like to maybe ask you first about you know what Your views are in In the need for building greater resilience across ecosystem. And and me to getting the impact of those events. You know what?
What do we need to do more off within the industry? Well, First of all, I agree with the complexity around the town, off course with heritage Coming out off I t industry and PC industry and Sana nothinto OT and an hour why they're eco system. We see a need of collaborating more. You see a needle reaching out. Collaborating, more building trusts across the industry and trust, of course, being built on an open, transparent dialogues and and the governess model that Young was referring to as well to ensure that Eight days, not on the capture, but we were actually talking about. They're accurate data and quote qualified data. So I think those are key components on bond. We launched insane mints. Some years ago, in a chatty we called the shorter of trust.
Which is really about creating a foundation of trust. Among peers in the industry and to get it and work towards protection and prevention off them data for and videos, companies and infrastructure. On. I think that's you know. One very key enabler for us to build on what we have around us and ensure that we're connecting the dots. Get Tokyo Reema as an active member off this all in Gaza community with the world my form could you tell us? You know your perspective as a cybersecurity leader on what needs to happen more within the industry, too. Bill greatest of its resilience.
I would add upto Michael excuse on their valuable additions that yes, is about collaboration. It's about sharing the knowledge and the best practices. Being part of the World Economic Forum Initiative on the cyber resilience program and having different even arms that you will live together. It's true evidence and arrived with this with us as different cyber security professionals coming from private and public sectors and the oil and gas industry and actually sharing our challenge is where we find many common changes. Aziz, we speak the same language off cybersecurity and very We can say a highly targeted industrial. We know that after the financial sector or angles of the second targeted industry in the world, and again with the district transformation and the pressure off our economy when it comes to oil and gas were forced into adopting more digitalization technologies where it comes to air I as his mentioned the automation, the robotics The threat actors actually already watching this emerging technologies they're making best toe. Utilize these technologies to over
come the systems and defense lines, but what we're doing currently Is building that resilience on different layers. When it comes to technology. We are again adopting this trending technologies that comes to our automation and building the counterintelligence. It's not only about sharing the cyber security threat intelligence between us as a forums. It's about
utilizing the AI and automation and closing the gap off as we all know the shortest off our human factor. And the the resource is off our employees. When it comes to enforce it Community again, we will the resilience And as you have mentioned George, that it's not about really utilizing the efficiency of the systems or defense lines. That's actually how I react and how a giant company can Continue its operations after that attack. It's not about matter off Willoughby attacked. It's about matter off. How a giant and how
quick I can recover. I can control on and determine the damage and carry on my operations. This is where agility and resilient spirit comes into this place. And today's cybersecurity resilience can, which is being built because we needed more than ever with the agile and with the district transformation. It's a must a community that needs to be set and let best and different layers whether it was, as I said, from the counter intelligence where it was from the That's sharing where we need to collaborate more or whether it was from our users themselves. There's a resilience in our first line of defense, our employees we need toe. Think that
there's a make our our story. Our companies and our environment. Our organization aside that our culture this is one of the will. His department's off being Resilience company that you have a cyber, our culture or the other employees would be your strongest link rather than always seen as the weakest link.
Thank you. Ream John. I would like to close this conversation with you. Given that cog night designs and build industrial applications for several critical infrastructure sectors that we've seen a rise in a Suppression attacks. Targeting specifically software companies crew tell us you know how your organization is ensuring that your software's are Build and design or with security, you know, by the fault and and by design.
It's probably one of the advantages of being a relatively younger company that they could really start from. A cyber security here in the best practices stuffing, you know, listen to what's being said. We're also very, very active in the collaboration, including in the world economic foreign around standardization because we believe standardization those drives The crew in the waste in this area. So in addition to sharing information, you know around best practices also standard states who could help Drive this forward, of course. Then there also deeply engaged with many of the largest industrial companies in the world, which means by definition, are the most attacked If you will, like Saudi Aramco A great big partner of us so we, but we're also partners with experts and other industries like Interpol, will you're a pool and all the other leading technology secret technology companies in the Berlin One thing you also really in addition to looking at the security in a bigger way, like you never talk about, you know resilience.
We also see that a lot of the technologies that are being deployed now another software for optimizing have you run equipment so that the whole T I T Uh, you know, efficiencies. If you will. We can also deploy to detect attacks. You know whether deliberate that text or other times, for instance to the equipment, so there's a lot off Interviews as well. Bet again of the seven beginning. We believe
in collaboration in standardization. We also have initiatives together in real economic forum and the will of gas in the initiative on then not just for the operators or technology companies like tonight, but also for the supply value change. Never. She started with us really critical. That's it has been mentioned by a number of People on the call is we need to think about the whole. You know the whole value Shane and make sure that we follow the same best practices and standards. And developer and non share, you know, quickly together.
Thank you, John. So I'll We were almost getting close to the end of this, um, panel conversation, but I will be touching on the last topic ready to policy. Governments play an important role in establishing command. Baseline level of service Acquitted through regulations directives. Another mechanism. Such a certifications. And now you are will be asking you, maybe to share your thoughts on how wonderful off the private sector to ensure that policies and certificate mechanisms Fit for purpose to address current and emerging systemic risks.
Yes, I think that that the government I have to play a very big girl, damn of religious altar and come off agency. I think that I just took the toe toe toe very few points. But I think that the one aspect is that will stand the scope of Asian And also toe ability to guarantee the collaboration. Also, I'd international level sometimes not so true now and also toe to favor the publishing between public and private. Work more closely together, also to give the possibility to make a availability as possible as far as possible Excuses and protective measures response capacity and also so sees off intelligence that is very important and moth toe. Event. Every error. Let me say every risk. I think that that
plaster there is also a part that we have these canceling, are already discussing with the government to Between Let me say the private and the public relationship based out to certify different entities. I means that out to be sure that the skills processes technology can be comma, more tested and safe. Disease. I think that she's won after because
coming back Oh what my previous thinks a consideration should also what have had that the other passive participant. The other speakers is that if they sense or if the data if all the information are coming from outta Matic sensor, that means that the wind we're going to become more safe in Me saying tested in about it. It's kind off device that are million billion of device that we have in our house. In our we say, plant and song that is not possible taking consideration like not a point off failure. This is I think that is a very big roll off government that they can a sell Aerator in term off Missy go together, all the entities intend to collaborate. Private and public that is very, very, very important also to support the culture because I think that we discuss it that the culture that poster in term off cyber Aries is the first asked He's a very ain't aspect of because the human being have toe. Let me say
ever very strong culture. Just one feels, uh, my Let me say in in Indiana last week we started with Let me say the cyber A day to day and the child Cyberculture. That means that we go to the Let me say to the Children that sustained the school started to discussing with them intento understanding from them. What is that Pashto when they used the technology, intento become toe. Toe, introduce some aspect of that at the beginning, because in the very few years this child the Children become. Let me say the new address so that they have to play in this very recently and you say work.
Thank you that you were getting close to the end of the session. So I will be asking all Panelists now for closing statement that you would like the audience to live with and and remember, will be asking you to go first. You know, one quick. Statement, please. I will close with something that we have witnessed in our quite or a sector. What we have established our threat intelligence sharing, and we have witnessed added value. Also,
in the original level, we have also sharing intelligence forum. We are stronger together. I have we have witnessed the added value off us sharing the SEC intelligence as one entity as a sector was the same threats is being faced. So let's collaborate. I have heard collaboration between all own world respected speakers here.
We have the same objective collaboration to make us all secure and with one being together, they're always will become more stronger. And this my message stronger would always make together will be always more stronger. Caring for this great closing message. Dario Yes, I think that just to finish affinity 2020 of introduce a lot of let me say challenge. I want to call just challenge because speed up, of course, the energy transition And also to manage the new trees You know, talking about for them or they're smart, working what we are doing in this time, and I think that this is, uh have to pay a lot of attention in terms of how to use the new Then you say technology. And once again, I think he's a matter off cultures better look actually met upto. Introduce it. Toe
investor in Let me say in training investing. Gonna understanding Really, which is the opportunity to empty user is the right way. This new technology Thank you to you to be alone. Well, I I would like to be alone with Dr Dream. Yes, mentioned collaboration and better together, so for May connecting and connectivity is not exclusively about Technology and assets. It's very much about people as well. To connect different belief system different people with different skill sets, and I think that's instrumental for future success together.
And you told me on then, John, I'll leave you with a final word. Thank you. But no, it's a fact. Of course, that did not digital transformation of oil or gas is critical for creating the new, sustainable energy ecosystem.
And it's also a fact that this digital transformation was excusing Digital and on the physical reality. And these are very different in a value chains, different dependencies and different a new trend in the landscape. And we, you know, this has been already said. You know, as an industry we
really need to collaborate. You know, both in terms of off spreading competence. Just need to create the culture off sharing information on building standards that help us move forward to make the industry both You know more sustained the book but also more resilient. Thank you, John. I would like to extend a big thank you to the Panelists to General Clark for very stimulating and insightful conversation.
Thank you as well. So all participants ready. How many? I'm handing this back to you. Thank you very much. George. Thank you so much. Really getting to a great start this morning. I want to know what you're one of the key takeaways was from that panel. From your perspective. You know, you spend a lot of time thinking about this
issue.
2021-01-24 21:16
