‘Increased connectivity and dependence on automation raise the exposure to cyber attacks’
Published on : Monday 30-11--0001
Dr Marcio Wagner da Silva, Process Engineer & Project Manager, Crude Oil Refining Industry
The flipside of connectivity is the vulnerabilities that come along. How serious is the threat?
Unfortunately, technological development has a dark side, malware has become increasingly sophisticated, and harder to eliminate and prevent. Cyber attack is a real threat and can’t be despised by the energy industry – some references relate that the energy industry is the second preferred target of cybercriminals in recent years. It is becoming a great concern for the energy industry, mainly for the oil & gas production chain. The companies have included cyber attacks as major risks. But we have good technologies to protect industrial plants against cyber attacks. An example is the continuous development of monitoring systems for tank inventory control, and ERP systems increasingly less vulnerable to cybercriminals. Nowadays, I believe that the cybersecurity market is following the cyber threat, the next step is to anticipate and stay one step ahead.
How can organisations address the issues of cyber attacks and IT Security in the age of connected plants?
The increased connectivity and dependence on automation raise the exposure of the process plants to cyber attacks. Despite the higher exposure, newer technologies allow a continuous monitoring of anomalies and any strange behaviour is considered a threat and the malicious data can be isolated. Furthermore, artificial intelligence can be a powerful tool to help organisations detect threats in real time, avoiding prejudice to economical results and security. Of course, it’s necessary to have adequate investment in a robust system to achieve this goal.
One major threat comes from growing proliferation of IIoT devices and storage (cloud). How can users deal with such threats?
As commented earlier, the connected plant is the future and the reality to the industry and this can’t be changed, but it’s possible to be prepared for the threats. We have available technology to face this challenge, but it’s fundamental to adapt our management system in this sense, we need to develop and improve our sense of urgency for the IT security issues and this is a key step in the real digital transformation. It’s important to understand that digital transformation is not only a technologic phenomenon, but also requires a change of mind-set. Based on this concept it’s possible to build a robust strategy to control the industrial assets based on continuous risk assessment and clear security policies.
A leading cybersecurity player recently demonstrated internal vulnerabilities like USB devices. Are employees adequately trained?
I strongly believe that any training is insufficient, especially in the Industry 4.0 scenario. Increasingly, continuous training and self-development are necessary, any operational system will present vulnerabilities and the continuous learning and training is a fundamental part of the strategy to deal with this threat.
Do companies compromise security by their unwillingness to spend, attributing it to risk appetite?
Unfortunately any good result depends on investments, but it’s important to be capable to decide the best investment once the resources are always limited. Again, an adequate management system need to be implanted to help organisations decide where the resources need to be applied, the modern management system needs to be based on two driving forces, the first dedicated to maintain the reliability and sustainability of the current operations and the second focused to build the desired future creating, innovative ways to destroy the current business through disruptive thinking. Based on this management system organisations can decide what the best investments are and the IT security has a strategic character in the current and future scenarios.
Is there an ideal solution that reaches a fine balance?
An ideal solution is always a difficult way to solve any problem, although is possible in some cases. I believe that the solution in case of IT security is keep the organisation up to date in relation of the technologies through a continuous training and learning system and a robust management system capable of directing the available resources to the best investments in the sense to ensure reliability of the current and future operations aiming to achieve the desired and planned future.
Dr Marcio Wagner da Silva is Process Engineer and Project Manager focusing on Crude Oil Refining Industry based in São José dos Campos, Brazil. Bachelor in Chemical Engineering from University of Maringa (UEM), Brazil and PhD. in Chemical Engineering from University of Campinas (UNICAMP), Brazil. Has extensive experience in research, design and construction to oil and gas industry including developing and coordinating projects to operational improvements and debottlenecking to bottom barrel units, moreover Dr. Marcio Wagner have MBA in Project Management from Federal University of Rio de Janeiro (UFRJ) and is certified in Business from Getulio Vargas Foundation (FGV).