February 28, 2017
Our world is more connected than ever, with more devices and machines sharing data through the cloud. Companies and consumers have benefited from this increased access to information, and the efficient communication and action it enables. But it also presents challenges, as the cyber threat landscape expands.
The oil and gas industry provides a critical real-world example of that paradox. Its intricate network of facilities and operations helps drive the global economy – and at the same time, is facing a growing threat of cyber attacks. Bloomberg Live’s The Future of Cyber Security: Spotlight on Oil and Gas, held recently in Houston, Texas, brought together an influential group of leaders and stakeholders to explore how the industry can protect itself.
The Future of Cyber Security: Spotlight on Oil and Gas convened industry leaders and security experts in Houston, Texas on February 16, 2017. Photo: Steve Lee for Blooomberg
The group included industry leaders such as Archana Deskus, VP and CIO of Baker Hughes; Ken Braud, SVP and CIO of Halliburton; Mark Maddox, VP and CIO of Apache Corp.; and Tyler Williams, Global Technology Lead for Shell, as well as academics and public sector experts including Rice University’s Executive Director, Energy and Environment Initiative Charles D. McConnell; National Institute of Standards & Technology’s Lead Privacy and Security Engineer, MITRE Julie Snyder; and FBI Houston Division Special Agent and InfraGard Coordinator Angela Haun. Bloomberg’s Houston Bureau Chief Richard Stubbe moderated.
The Future of Cyber Security: Spotlight on Oil and Gas program continued a series of future-focused gatherings supported by Siemens, a global leader in automation and digitization. Each convened key policy makers, investors and experts for insightful discussion.
Highlights from the event offer a unique view of the challenges and solutions facing the industry – and offers important insights for the broader business community:
Siemens USA CEO Judy Marks gives opening remarks. Photo: Steve Lee for Bloomberg
Judy Marks, CEO of Siemens USA welcomed the group, noting that “customers tell me they have more real-time insight than ever into operations, but they lack that same clear lens into cyber security,” and that cyber threats have been on the rise – in operational technology as much as information technology.
— SiemensUSA (@SiemensUSA) February 16, 2017
Bloomberg Houston Bureau Chief Richard Stubbe discusses the current cyber landscape with Maj. Gen Brett T. Williams (Ret). Photo: Steve Lee for Bloomberg
“Boards and CEOs need to take this on as a strategic business issue… you have to have an awareness and understanding of how to manage the risk,” said Maj. Gen. Brett T. Williams (Ret), President of Operations and Training, IronNet Cybersecurity, and former Director of Operations, U.S. Cyber Command. That applies to all industries that are increasingly benefiting from the opportunities and efficiencies of connected technology – not just oil and gas.
“Hackers who get past the perimeter use normal processes in a normal way,” he added, making it important to identify anomalies across the network. “All we know is that the technology is going to continue to evolve. That’s why a culture of leadership is so important.”
The CIOs of Halliburton, Baker Hughes Inc., and Apache share insights into how risk is driving industry decision-making and how companies are responding with Bloomberg energy reporter David Wethe. Photo: Steve Lee for Bloomberg
“A lot of the thinking in our industry is ‘just get it done,‘” said Archana Deskus, VP and CIO, Baker Hughes International. “so part of it is raising that awareness of why it’s important.” In industries where functionality concerns are paramount, striking the right balance between efficiency and building secure processes can be challenging. But when businesses do so, added panelist Ken Braud, SVP and CIO, Halliburton, “good security strategy can be a differentiator, rather than an obstacle.”
Panelists at The Future of Cyber Security: Spotlight on Oil and Gas discuss how the public and private sectors can coordinate to protect networks and infrastructure. Photo: Steve Lee for Bloomberg
Information sharing between the private sector and public sector can help address security threats. That can be complex to do – as anyone who’s worked for a large organization can appreciate. Even language is important: ways of talking about risks that are familiar to some can quickly become noise to others. “It’s not language that’s common to engineers,” for example, pointed out Tyler Williams, Global Technology Leader, Shell. “And at the end of the day, they’re the ones that have to implement the control, maintain it, prioritize it and communicate it.”
Charles D. McConnell, Executive Director, Energy and Environment Initiative, Rice University speaks on a panel that explored developing solutions and best practices. Photo: Steve Lee for Bloomberg
“This morning we talked about is this a people problem, a process problem, or a technology problem – and I think we’d all agree it’s all of the above,” said Patrick Gouhin, Executive Director and CEO of the International Society of Automation, an industry group dedicated to developing international standards to mitigate risk. The good news: those standards draw on hundreds of experts to do just that – and are continuing to evolve along with technology.
– Jen Robinson | February 28, 2017