Increased focus on cyberJune 8, 2020
Shah H. Sheikh, co-founder and cyber security adviser at DTS Solution, talks to The Energy Year about the lessons emerging from the Covid-19 crisis, the pandemic’s impact on digitalisation and cyber security, and the benefits of e-procurement. DTS Solution provides cyber security advisory services, security engineering and managed security services.
What lessons are emerging from this crisis?
It is important that we be leaders and learn from this. History tells us that these kinds of pandemics happen every 50 to 100 years, and for the next cycle we need to be better prepared. From an organisational point of view, those who were already digitally transformed, or were at the beginning of the transformation journey, have been the ones least impacted.
Those who have been late to digitally transform are suffering now or will be obsolete very soon. They have not introduced agility or digitisation. Companies really need to look at digital transformation strategies and take it onboard that a crisis like this can take non-digital businesses down in a matter of months.
Our focus has always been cyber security, helping customers mitigate cyber risks and any potential impact of a breach. Whether they are going through a transformation or not and whatever landscape they are operating in, cyber attacks are going to increase, and Covid-19 has brought about a significant increase in the number of such attacks. We are here to support companies in reducing digital risks and improving overall security. It is also important for companies to come up with a strategy to digitise.
What impact has the Covid-19 pandemic had on digitalisation and cyber security?
Cyber security has largely been immune to the impact of Covid-19 compared to other industries. In fact, during this pandemic our SOC [security operations centre]/Cyber Defence Centre saw an exponential curve in the exploitation of the current Covid-19 landscape by cyber criminals.
Over 300,000 phishing domains were registered in the last three months on the internet with the name “Covid-19.” We saw a significant increase in hacking activities since cyber criminals were locked up in their homes having more time. We saw APT [advanced persistent threat]/hacking groups heavily targeting pharma/medical research firms trying to obtain Covid-19 vaccine work that is currently going on. In short, it is important to remember that cyber criminals always play with human psychology precisely in these testing times in which we all can be vulnerable to deception.
Regarding the energy sector, it has gone through similar challenges, obviously not to this extent before, but the industry is resilient. A good example of digitisation and cyber security relates to the OT [operational technology] environment. OT has typically always been an isolated environment; this critical infrastructure has never been part of the IT network. But now, you can see that the convergence of connectivity is already happening, whether it be IT and OT connectivity, remote diagnostic services or industrial IoT.
In fact, one of the things we are seeing is most organisations in the energy sector now adopting a strategy to have remote access to the OT environment, which was always considered a taboo subject a few years ago.
How seriously is cyber security being taken by industry players?
In the region, cyber security is taken relatively seriously. One of the reasons is the geopolitical situation and the attractiveness of the target. At the end of 2017, a petrochemical plant in the GCC was completely shut down because of a cyber attack.
Due to the various different threat actors the Middle East is required to be one step ahead, and that is why you see relatively high spending on cyber security. GCC governments have all now set up a national cyber security strategy and taskforce. This ensures that the public sector and critical infrastructure are protected from cyber attacks, and that the best cyber security practices are implemented.
They also provide assurance to the general public, citizens and communities. In addition, they provide monitoring services at the national level, as cyber security is now a key part of the national agenda. If there is any sort of major cyber incident, such as a targeted attack, relevant entities, organisations and enforcement agencies are informed by a strong ecosystem. Energy sector leaders across the region have been tasked with ensuring the adoption of national cyber security standards across all operators.
Do we need increased cyber security with the consolidation happening among NOCs in the GCC?
In the last two to three years, we have seen oil companies going through IPOs and M&A. During this stage, it is important that cyber due diligence is performed. Every organisation involved in such activities needs to be aware of relevant cyber risks that the entities pose.
We also see a greater uptake of cloud services among customers as they are going through a digital transformation and migrating their workload from a typical data centre to the cloud. A good example is the midstream companies. The typical fleet of vessels or ships is now being managed by cloud-based ship performance management systems.
So, the transformation is happening, and cyber security requirements will always remain, as that is a constant that will not change. We also see robotics and process automation being introduced to automate repetitive tasks.
Do you see a correlation between technology and the energy industry tapping into a data marketplace?
We call them shared cloud portals, where you have a marketplace. Marketplace transformation is definitely happening. For example, government entities are already able to tap into the smart data economy. Open data is shared between different organisations to make better informed decisions, and this practice is likely to fuel the oil and gas industry to allow a smart economy. Opening your data for consumption by developers and tech companies allows you to build more agile services. We already see this transition with FinTech, EdTech and MedTech, and now we are seeing it with EnergyTech.