Magazine Button
Skybox calls on oil and gas companies to unify IT and OT cybersecurity at APIPEC

Skybox calls on oil and gas companies to unify IT and OT cybersecurity at APIPEC

EnergyTop Stories
Skybox Security has issued a warning at ADIPEC about securing IT and operational technology

Skybox Security has called on industry leaders to take a unified approach to securing IT and operational technology (OT) networks so that they align with the needs of each environment.

Last year, newly published vulnerabilities affecting OT saw a 120% increase over the previous year, according to Skybox Security’s 2018 Vulnerability and Threat Trends Report.

For sectors like energy, manufacturing and utilities that rely on connected industrial control systems, this is a stark reminder of the growing and prevalent risk not just to operations and the bottom line, but also the safety of their employees and communities they serve.

The warning was issued as the 2018 Abu Dhabi International Petroleum Exhibition and Conference (ADIPEC) got underway, bringing together 110,000 industry experts from across the globe.

Sean Keef, Director, Skybox Security, said: “Many oil and gas providers contend with large and complex IT-OT networks with a huge exposure to vulnerabilities, and although security teams are addressing threats as soon as they are identified, often the path from vulnerability detection to remediation is too long and creates unacceptable levels of corporate risk. Actively scanning critical services can also disrupt networks and even is prohibited in many OT environments.

“There is a clear need to passively identify risks on an ongoing basis and accurately prioritise their remediation and mitigation. Total visibility of the attack surface is key for the energy industry to not only understand the exposure of critical or vulnerable assets, but also what security controls can be put in place to mitigate that risk.

“Being able to identify network-based changes that would create layers of security and isolate vulnerabilities is incredibly important to protect OT assets that can’t be patched due to operational needs, are no longer supported by their vendors or could void warranties if they are patched.

“By unifying and aligning IT and OT security, organisations can ensure that cyber-risks are known controlled throughout the organisation; that IT teams can properly inform OT engineers of that risk; and the best risk reduction measures can be implemented without compromising uptime on the factory floor, at the oil well or at the power plant.”

 

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive