June 28, 2018 | Gary Freburger, President of Process Automation, Schneider Electric |
Schneider Electric is a member of the Business Council for Sustainable Energy.
As governments and global organizations continue to pass measures that address climate strategy and promote more sustainable operations and lower carbon emissions, the oil and gas (O&G) industry is embracing new digital technology to improve the environmental safety and sustainability of their operations.
At the same time, the Industrial Internet of Things (IIoT) has accelerated the convergence of information in the sector. New technologies, including things like augmented reality, big data analytics and other cutting-edge tools, are hastening the industrial transformation. By connecting workflows, bridging informational and operational silos, and enabling smarter decision making, these digital tools are empowering process manufacturers, particularly refineries, to drive improvements to the efficiency, reliability and safety of their assets and operations while simultaneously maximizing return on investment and strengthening their overall competitive edge.
However, with this change comes risk: The higher levels of connectivity needed to access valuable operating data widens the attack surface for would-be cyber criminals and malicious actors, and it’s putting our industrial control and safety systems at risk. The process industry has historically been conservative and risk averse when it comes to change, but we need a new model when we’re talking about cybersecurity. While industrial control systems vendors and their customers can (and should) take immediate measures to improve our collective cybersecurity culture, including implementing and always following best practices, complying with industry standards, and creating a mechanism for collaboration between industry stakeholders (suppliers, end users, third-party providers, integrators, etc.), the government should also participate to provoke the positive change that ensures the safety and security of our most critical, volatile infrastructure.
At this week’s World Gas Conference, I discussed measures Schneider Electric believes the industry and government must take to secure a sustainable O&G future as part of a panel, “The new operational landscape: managing cyber and physical disruption,” on Thursday, June 29 at 10:20 – 11:40 am. Those actions include:
- Industry Cooperation: Members of the industry – both suppliers of technology, such as Schneider Electric, and the users, owners and operators of the technology – should be involved in conversations about cybersecurity regulation. This ensures government officials are hearing regularly from O&G organizations to understand their challenges first-hand and then work together to overcome them.
- Cybersecurity Standards: With new National Institute of Standards and Technology (NIST) cybersecurity standards, government agencies should be careful not to publish or create standards/requirements that overlap with measures that are already in place as part of the existing NIST framework.
- Financial Incentives: We support the notion of the government providing financial incentives, such as tax breaks, to owners and operators of critical facilities who are committed to continually patching and upgrading their control and safety systems, as well as to educating, training and arming their workforce as the first line of defense against cyber-attack. We believe these types of incentives will influence ICS providers and end users to work together to drive a necessary culture shift. It is a key component of a holistic, cross-industry collaborative effort to protect our most critical industries and the communities they serve.
Together, all stakeholders across the O&G industry, including the government, must combine efforts to strengthen technology and standards, educate and train the workforce, and drive new levels of collaboration and transparency to secure our infrastructure while innovating for a sustainable future.