INDUSTRY WATCH
organisations can ensure that the necessary transparency throughout the supply chain is achieved , as well as optimising the visibility of potential vulnerabilities .
A level of transparency and accountability should also be applied more broadly to ensure best practice across the board – especially as increasing numbers of organisations in the supply chain adopt IoT and cloud-native devices . A shared responsibility model of security is important here . This involves a layered defence where organisations address each part of the ‘ stack of responsibility ’ individually , yet they all interact together as a complete framework .
FAILING TO ADOPT A SHARED RESPONSIBILITY MODEL WILL ULTIMATELY LEAD TO A HIGHER LEVEL OF RISK AND POORER OVERALL SECURITY .
Throughout the energy supply chain , from service providers to enterprises and individual users , everyone is accountable for security in some way , and with the shared responsibility model , organisations can ensure that everyone does their part .
Failing to adopt a shared responsibility model will ultimately lead to a higher level of risk and poorer overall security . Without a clear understanding of responsibility and a collaborative approach , IT will not have a comprehensive view of systems required to keep track of all data and potential threats . Limited visibility means limited security .
Raj Samani , Chief Scientist and Fellow at McAfee
trickier , especially in cases where uptime is continuously required .
Are there any specific processes or tools that organisations should adopt to reduce the risk of insider threats ?
Asking routine questions when monitoring operations is crucial , such as ‘ does this activity match with usual operations practices ?’ As well as questioning outsider behaviours , this should also apply to insider activity . For example , security teams should look into insider attempts to access unauthorised assets . This will help them to identify any unusual activity or anomalies and flag any potential threats .
How can organisations best detect and respond to breaches ?
It ’ s key that teams have a comprehensive understanding of the overall energy sector , as well as the production environment within it , to ensure optimal governance .
In Operational Technology ( OT ) spaces specifically , it ’ s essential to use consistently reliable technologies to mitigate the risk of an outage . Data diodes , for example , play a vital role in separating different network segments .
How can organisations ensure that the personal data of customers is protected ?
Our recent research showed that 52 % of companies using cloud services have had user data stolen in a breach – highlighting that data security is as crucial as ever .
When it comes to customer data , organisations need to have reasonable measures in place . Self-questioning around whether existing measures meet the necessary standards and regulations is vital . Organisations need to challenge themselves and hold themselves accountable for the protection of data . •
Should teams be testing Industrial Control Systems regularly for vulnerabilities – and are there any potential challenges when testing ?
Definitely . Responsible testing should happen regularly to ensure that teams are on top of any potential threats . Not only should testing happen , but it should also be encouraged and rewarded throughout the sector , such as through bug bounty programmes .
When considering challenges here , testing the interconnectivity between production systems can sometimes be
76 INTELLIGENTCIO www . intelligentcio . com