Page 144: of Offshore Engineer Magazine (May/Jun 2015)

143 145

you require a 10ft fence, all an adversary needs to do is bring a 12ft ladder.”

Standards can only take the user so far. How- ever, once an operator understands the cyber risk scenario, they can then develop a plan they can follow and that works across the entire en- terprise. They have to understand: • Managing risk is a shared responsibility.

• Security requires cross functional cooperation.

• Risk management is a continuous process.

• Secure manufacturing and development prac- tices are essential.

Pemex- a strong security culture that reaches every level. • Security must be built into systems.

“The threat is continuously evolving,” said Eric

Plataforma

PHYSICAL SECURITY LINK

Abkatun A Knapp, director of technology and solutions at HPS.

Permanente “Stuxnet was really the beginning and the threat Physical security has always been linked to cyber has been evolving ever since.” security, which also hooks up with safety to en- close-up.

The Stuxnet campaign, as ISSSource reported, sure a smooth running operation on any offshore ended up conducted by the US and Israel to disable platform. All areas keep machines safe against the uranium enrichment plants outside Natanz, man and man safe against machines. It is a given

Iran, by causing the control system to run wildly out you can’t have any one without any of the others. of control causing severe damage to centrifuges. A tightly knit triumvirate.

“Targeted attacks are becoming more complex When talking about security threats as they ap- and sophisticated,” Knapp said. “Awareness needs pear to utilities, it was easy to connect the same to take place not only in technology, but also with thing to offshore platforms.

personnel.” “Physical security and cyber security: It is not “Having data is not everything, there is the people just about cyber anymore,” said David Batz, di- aspect also,” said Alberto Matucci, general manager, rector of Cyber & Infrastructure Security at the

Global Products & Quality at General Electric at the

Edison Electric Institute. Physical security at-

Oracle Industry Connect in Washington. “If we use tacks came to light two years ago when an electric the same approach we used in the 80s, we will not go substation fell under attack where intruders came anywhere. Industry today is working with the same in and shot out 17 giant transformers that funnel mindset of 20 years ago.” power to California’s Silicon Valley.

That means agility and the ability to understand In safety, it is clear manufacturers will invest the environment and what is happening remains in higher safety compliant systems.

paramount. In the end, manufacturers’ main goal is to “The ability to pivot and change on a dime is in- make product and not deal with anything that credibly important,” said Mike Sicilia, senior vice throws them off track. Security remains the ever- president and general manager for Oracle’s Prima- changing, fy in the ointment for engineers on the vera global business unit at the Oracle conference. platform. It evolves and does not sit still and you

Understanding the environment and being able to may never realize how much it really saved your change directions quicker than a seal not wanting organization.

to be dinner for a great white shark remains vital “Security is a process,” Knapp said. “The more for users. But before they can make any decisions, awareness you have, the more gaps you realize they need to know what they don’t know. you have.”

Safety has proven time and time again that it “You have to understand the risk appetite; un- works and it saves time, money and lives. So does derstand the baseline and how (the user) can get security. that to match up with the risk appetite,” said Mike

Spear, global operations manager for industrial Gregory Hale is the editor cyber security lifecycle solutions and services at and founder of Industrial

Honeywell Process Solutions. Safety and Security Source

The frst thing is to start with standards, but that (ISSSource.com) and is the ends up being a good starting point. Talking about contributing automation security standards, Scott Aaronson, senior director editor at Offshore Engineer.

of National Security Policy at the Edison Electric

Institute, said at the Oracle Industry Connect, “If oedigital.com

OE | May 2015REVIEW 146 146_OE0515_REVIEW_Gregs column.indd 146 4/20/15 10:27 PM