Sean McGurk, VP Cyber Advisory Services, DarkMatter talks to Pipeline Magazine’s Julian Walker about the evolving cyber security landscape and how Middle East companies are leading the way
The cyber security landscape facing the oil and gas industry is evolving and DarkMatter is right in the thick of advising companies on how to adapt to the changing times and preparing them for the greater digitalised future.
“What we have seen over the past several years is an evolving cyber security landscape, especially here in the Middle East. It has evolved from the traditional focus that we have seen for decades of extraction of data for commercial purposes or intellectual property to actually focus on the disruption of services.
Last year we saw the Triconex attack that focused on security of safety systems, something that could have a catastrophic impact. This is the fundamental shift we have seen – it is not just information focused but denial of the ability to conduct business,” said McGurk.
DarkMatter is starting to see the cyber security landscape move into active risk management.
“In the past we focused on vulnerabilities. We would look at the inherent vulnerabilities of the system and then companies would put some protective layer in place. Active risk management is an area we see evolving more because it looks at risk that is based on the risk equation. There is more of a move towards an intelligence base that can help identify actual risk and then mediate that risk,” he said.
As digitalisation spreads it advances the cyber security landscape as there are so many more digital devices in use that all provide a window into an organisation. “A part of the digitalisation movement we are seeing the implementation of Virtual Desktop Infrastructure (VDI). This is really important as it puts digital environments behind a protective layer. Bringing in VDI helps increase connectivity in a controlled and methodical, monitored manner,” explained McGurk.
McGurk added that DarkMatter is seeing more of a focus on threat intelligence platforms and machine to machine information sharing.
“In the past it was a very manual process. What we are seeing now is the removal of people processes and bringing in machines. It is all about active perimeter defence. You get triggers that institute machine activity. Sometimes this is an alert, other times, it is quarantine. It really depends on the infrastructure and operational capability of the organisations,” noted McGurk.
McGurk says that the company receives a lot of inquiries and the nature of the work depends on the maturity of the organisation. “In some cases we can implement a hybrid model, where the company has already established a digital infrastructure and it can just be fined tuned. In other cases we need to develop the capability in their operation environment and move that forward.” McGurk emphasised that companies are not going to prevent every cyber-attack.
“What you want to do is minimise the blast radius and you want to decrease the attach surface. Those are the steps you need to take.”
A big focus in 2018 was on how to operate in a compromised environment. “What we are looking at now and what Middle East companies are looking at is how do you operate in a compromised environment. This wasn’t considered until very recently. When you are compromised (not if but when) how do you operate? What do you start isolating to still keep the business running.
Middle East leading the way
The Middle East region is right at the forefront of advance methods of dealing with industrial cyber security. “I would say companies in the Middle East are leading the effort and advancing more than even some Western companies. The Middle East has really embraced the concept of what is a threat landscape, what are the types of attacks and what do I have to do to protect against an attack,” said McGurk. He added: “If you are protecting against everything you are protecting against nothing. I would say that here in the region the likes of Saudi Aramco and others are really leading in that particular area.” DarkMatter’s strategy is focused on people processes through to technology. “We look at the way you operate, the way you educate and train employees. The strategy must be made on a solid foundation of technology. It has to be a combination of people, processes and technology. This is where you need to engage with strategic partners both within the organisation and externally so that you can understand what those capabilities are and do that gap analysis to provide that capability,” said McGurk.
Look ahead to 2019
In 2019 McGurk said the focus will be on how to build a company’s resilience capability to be able to operate in a compromised environment. “In the look ahead to 2019 we will be looking at emerging technology but also emerging process development and emerging markets,” he said.