How are the oil and gas industries preparing for a clean energy future? How are they thinking about their OT infrastructure and associated cybersecurity risks during the transition to clean energy? These were questions I had attending last week’s IIoT World’s Energy Day, a conference dedicated to using emerging technology in the energy sector. All of the sessions discussed the importance of security, and rightly so. Cybersecurity in particular is an industry focus as an array of new devices (e.g. smart sensors), tools (e.g. data mining and real-time observation), and practices (e.g. data sharing) gain momentum.

Cybersecurity in an Era of Renewables, Changing Tech

The energy sector is undergoing rapid changes right now due to a confluence of factors. First, pandemic pressures on the global supply chain continue. Second, global demand for renewable energy grows. Oil and gas operation must account for this rising competition while battery and electric growth surge. Third, as in other industries, the falling costs of technology enables greater possibilities, especially for small operators and energy startups. The potential tradeoff of these trends is increased cybersecurity risks. Nowhere is this more evident than in parts of the industrial supply chain using IoT devices connecting to each other, and to the internet. More parts of these systems are visible and/or accessible to those with malicious intent.  

Cybersecurity is “not a feature, but table stakes” – so said Dominik Obermaier, CTO of HiveMQ on a panel about energy transition. Security considerations are fundamental. In particular, cybersecurity should influence the design of data architecture. This, in turn, influences how rapidly and securely information can be shared and, when necessary, how systems spring to action when a breach is discovered.

OT, IT and Cybersecurity Trends in Pursuit of Clean Energy

An agile approach to IT modernization, and a movement toward greater openness regarding data sharing, are two unstoppable trends.

Full visibility into operations makes spotting economic opportunities possible. Small operators are taking advantage of that with Consumer Off-the-Shelf (COTS) software. “Push back on what ‘end-to-end’ means” advises Danielle Jablanski, Senior Research Analyst at Guidehouse, when evaluating software. Each use case is unique, and all software and sensors sit inside an ecosystem that must be considered holistically. Vendor lock-in is a concern. So are the security practices and credentials of the underlying COTS. Have a use case, measure ROI, and consider what else can be done with software and smart sensors. But is that all? No.

Data must be viewed and treated as an asset. The ability to gather more data comes with the requirement to develop organizational skill in data management. After all, more data can become a distraction – or a security risk — without a plan to manage it. The energy sector is especially attuned to this reality given the scale, reach, and dependence on its output.

Cybersecurity Also Requires Culture Upgrades

However – forward momentum in the energy sector isn’t always about implementing the “latest and greatest” technology to experience cost savings or other efficiencies.

Another panel, on the influence of artificial intelligence in the energy sector, stressed the ongoing evolution of OT and IT working together. Typically, these disciplines are siloed. That is changing rapidly as OT becomes increasingly digitally integrated, from tanker ships to drones.

Combining OT and IT skillsets and knowledge isn’t a “technology upgrade.” It’s a necessary “cultural upgrade” that supports efficiency and security. This isn’t easy, and it is underway now.  

Organizations whose critical infrastructure combines physical and virtual elements aren’t just found in the energy sector, or in industrial technology. These trends are reaching into every sector. All industries need to examine their cybersecurity readiness, and the cultural steps required to implement changes successfully.