By Leo Simonovich
This past year saw the biggest ransomware attack ever when ‘WannaCry’ hit more than 200,000 victims in 150 countries. The UK’s National Health Service (NHS) was severely affected, including 40 hospital trusts where operations and appointments were cancelled and ambulances diverted.
Hackers demanded payment to restore access to vital medical records. Other big names infected by this cyber attack include the Spanish telecom giant Telefonica and FedEx. The power sector did not escape damage, with WannaCry attacking computers at the West Bengal power distribution company in India. Officials from West Bengal State Electricity Distribution Company (WBSEDCL) detected the malicious software (malware) at four of its offices.
Will 2017 be the year the world finally took notice of the increasingly frequent and sophisticated industrial cyber threat? Will global companies – from the energy, manufacturing and other industrial sectors – now take all necessary measures to prevent the next attack? Let’s hope so.
But before we become too optimistic, we need to see clear signs of leadership and commitment by global companies to protect their critical infrastructure, and their businesses. The signs are there, but I hope this is the year we will see more. The following are some predictions and expectations for 2018 and beyond:
1. Organizations will overcome the fear of connectivity to get visibility and take advantage of digitalization.
The current strategy by many energy companies to keep their networks unconnected in the misguided belief this makes them more cyber secure will fall victim to more successful attacks, from inside and outside. Companies will gradually see the value in taking a more sensible approach to connectivity and defense measures. The lesson that greater connectivity equals insight may come at a high price. But once learned we will all become safer.
2. Attacks against the energy sector will get more frequent and severe.
We know three things. One, the probability of some sort of breach in today’s environment is 100 percent. Two, the energy sector is by far the number one target for hackers. Three, operational technology has become a growing target, now comprising 30 percent of all cyber attacks. Recent reports about new types of malware attacking critical infrastructure around the world will become regular occurrences. And as these cyber weapons become more sophisticated, they will become more successful.
3. Industrial cyber risk will reach the Board, resulting in strong directives to tackle the issue.
Global companies were already aware they were not ready to meet the growing and increasingly sophisticated cyber threat. But this summer’s biggest ransomware attack ever, “WannaCry,” which hit more than 200,000 victims in 150 countries, highlighted that cyber readiness gap in even more stark terms. The call for stricter cyber regulations will get louder with each successful attack. Energy executives will respond by becoming more proactive in developing their own security measures rather than wait for these to be imposed on them from the outside.
4. New, cross-disciplinary industrial cyber leader role will be created in many large and medium-size enterprises.
Certain energy companies will demonstrate leadership by dedicating their focus at the highest level and with commensurate financial resources to integrate cyber vigilance throughout the enterprise. They will become role models for the industry by developing an industrial cybersecurity strategy, standing up a cyber-governance model, re-examining their security fundamentals and building smart infrastructure defenses that include extensive cyber training.
5. More dedicated and comprehensive industrial cyber solutions will be brought to the energy sector.
Energy companies that take a holistic approach will be more prepared for the next attack in what is an escalating threat landscape. Those who adopt solutions leveraging the best available technologies from a variety of providers, from bridging the visibility gap to understanding the entirely of their cyber exposure, will be the most successful in staying safe.
6. Process security analytics, powered by machine learning and artificial intelligence (AI), will give energy customers the edge to detect and respond to attacks.
A growing recognition of the OT cyber threat will lead to greater demand for machine learning technology. AI will rise in stature, not only for identifying in-progress threats to environments beyond the corporate network, but also for neutralizing them.
7. Energy customers will make cyber training and basic hygiene mandatory for field personnel, following the path of safety.
The origins of many cyber threats will become more understood. With studies showing that 70 percent of industrial cyber attacks come from inside, inadvertent and/or malicious cyber incidents originated by employees will highlight the need for internal cyber training and awareness initiatives for employees.
8. Energy customers will demand cyber services and integrated solutions, delivered with technology, with clear risk reduction outcomes.
Energy companies will attribute the greatest value to solutions that address their most pressing cyber challenges and reach across the full value chain. The solutions deemed most effective will be those that are comprehensive and integrated, and offer “defense-in-depth” protection encompassing plant, network, and system security. Companies will look for partners who can bridge digitalization and automation, allow secure data processing and automation anywhere on the Web, and meet the environmental, availability, and security requirements of tankers, pipelines, subsea and offshore production platforms, and onshore production rigs.
Leo Simonovich is vice president and global head of industrial cyber and digital security at Siemens Energy.