Cybersecurity predictions for 2019
As we have reached 2019, the energy sector – from electric utilities to oil and gas companies to their suppliers – continues to face a growing number of industrial cyberattacks.
I wrote in my 2018 predictions that energy and critical infrastructure organizations would need to take a serious and practical look at industrial security. This year, through efforts like the Charter of Trust, meaningful progress has been made to build the trusted ecosystems and engage in collective action. We are at a critical junction, compelled by the imperative to address digital security and take advantage of digitalization and the Industrial Internet of Things (IIoT) as our physical and digital worlds converge.
So, when it comes to 2019,
let us start with the bad news: More mega
attacks against critical infrastructure in the energy sector are inevitable,
threatening to affect operations, create financial losses, and even put lives
at risk. This reality should further the acceptance
that the operational technology (OT) cyber threat has become greater than that
presented by information technology (IT).
Now, the good news: The threat level will not result in fear, or even
worse, paralysis that deters companies from pursuing digitalization. It will
instead illuminate an opportunity. The hard reality is that if we want to
secure critical infrastructure, organizations should not hide from connectivity
and the IIoT. Rather, they should embrace it, fully.
For 2019, I present eight cybersecurity predictions – and I hope the big takeaway is clear: A growing number of organizations will discover that the tools of digitalization – from edge processing to artificial intelligence – will not only create new business value; they’ll define a new use case and ultimately add resiliency, leading to a higher level of security for all of us.
1.
Connectivity will become a necessity. Visibility will drive action.
Overwhelming evidence has
shown that, in fact, OT cyberattacks are more likely to originate from insider
threat – the inadvertent actions taken by an organization’s own employees, not
by hostile outside actors. A growing understanding of the negligent insider
will lead many to abandon their industrial connectivity fears, in favor of
establishing a transparent operating environment that strengthens resiliency.
These leaders will agree that visibility is key: you cannot protect what you
cannot see. Those who tackle security and IoT at the same time, build security
incrementally, and gain the necessary situational awareness from the edge to
the sensor will stay ahead of attackers
2.
Trust will be the new oil.
Each new mega cyberattack in the OT environment, with ominous sounding
names like WannaCry, Non-Petra, and Triton, has led to an erosion of trust in
our digital future. Against this backdrop, leaders will not try to go it alone.
Organizations will join trusted ecosystems where a common vision, rules of
engagement, and a common language will unlock unprecedented value. Companies
will have the means to communicate, transact, and innovate in a safe, reliable
community.
3.
Artificial intelligence (AI) will become practical for OT.
More and more companies
will come to realize the enormous promise of AI. The number of upstarts will
thin out but the solutions offered by the OT native leaders will become more
targeted. The idea that AI can only be done in the cloud will become obsolete.
In the field, edge detection and forensics will become the norm. The
competitive advantage will not just come from the right deployment model but
also from context that allows operators to go deeper and gain a broader set of
operational insights, from the field to the control room to the enterprise
network.
4.
Cloud adoption, driven by security, will no longer be taboo.
As edge intelligence gains,
cloud will not lose. Cloud, powered by computing power and the highest
standards for security, will reap economies of scale. New insights and patterns
will be uncovered, nefarious relationships identified, and malware contained.
New and nontraditional data will be sent to the cloud, tagged and mixed and
analyzed. This is especially true for industrial security, where traditional
detection and monitoring techniques have failed. By combining asset, control,
and network level data in the cloud, companies will be able to drive new
insights and confidently take action.
5.
OT cyber labor shortages will continue.
As new OT native security
technologies come on to the market, the need for humans who can operate and service
these machines will become more acute. The demand for industrial security
engineer, with deep experience in data science, networks, controls, and
turbines, will reach peak levels. The most adversely impacted will be small and
medium-sized enterprises, for whom running best-in-class industrial cyber
programs will become prohibitively expensive. These organizations will
increasingly turn to managed service providers for leverage.
6.
Built-to-purpose OT security will accelerate.
The belief that we can
protect critical infrastructure by simply lifting and dropping IT solutions
into the OT environment will give way to solutions specifically built by, and
for, the physical world. The OT security market will become more robust and
less dense, with a number of startups fading through acquisition or failure and
IT companies finding the space too difficult to penetrate. A wave of innovation
will bring integrated offerings instead of point technologies. Portfolio depth,
asset and field coverage, with service at the core, will drive customer buying decisions.
7.
Security will drive digital retrofits.
Eventually the legacy installed base must be replaced or retired. For the foreseeable future, our central
challenge will be to find ways to secure heterogeneous, proprietary, serial,
and analog environments. This will be done in parallel with driving
connectivity to the IIoT. Security will no longer be the excuse. Digital
security blueprints will emerge to guide adoption. The focus will be on not
only securing machines but also data, which must travel across national and
physical boundaries. Energy companies will discover that by looking at security
through the IIoT lens, new approaches to security, underpinned by defense in
depth, will become more pronounced. For these leaders, getting security right will mean becoming digital.
8.
Edge intelligence will gain hold in reshaping the attack surface and staying
ahead of attacks.
Energy companies will
increasingly recognize that renewables, distributed energy systems such as
microgrids and unmanned sub-stations not only increase efficiency in production
and operations but also strengthen resiliency and make them less susceptible to
successful attacks. The explosion of IIoT field devices to sense, measure,
calculate, and operate will lead to a new and unrecognizable attack surface. It
will look like a beehive or brain’s neural network. Much like the modern grid,
data will be islanded, clustered, and therefore monitored and secured
differently. Leaders will learn how to collect and harvest this data for
security. Recognition that an open door on unsecured edge device can lead to
the fall of the entire network will compel new monitoring schemes.
A
final note: A
broader transformation of the energy industry in the era of mega attacks is by
no means inevitable. By innovating with purpose and collaborating closely, we
can grow in confidence and better spotlight best practices. This will
demonstrate the leadership and strategy required to protect not just individual
organizations, but really the broader energy industry and global economy.
This article was originally published on Siemens Stories.