business
‘‘
TALKING
////////////////////////////////////////////////////////////////////
Manufacturers like Schneider Electric,
for example, apply a Secure
Development Life Cycle (SDL) approach
to their product development.
replace old, entire systems evolve to become
more cybersecure.
Within the context of SDL, secure architecture
reviews are performed, threat modelling of
the conceptual security design takes place,
secure coding rules are followed, specialised
tools are utilised to analyse code and security
testing of the product is performed. Step three includes the education of
employees. A cybersecurity-aware culture
needs to be developed within oil and
gas organisations to help employees
understand or appreciate the key risks,
so that operations can be run in a secure
manner (including basic password
management or changeover management).
These actions help to ‘harden’ products,
making them more resilient against
cyberattacks. In this way, as new products Such an environment should audit and
enforce cybersecurity best practices on
a consistent and effective basis, utilising
42
INTELLIGENTCIO
available supervision and detection tools, so
that exposure to risk can be minimised. In
such a cybersecurity-aware process culture,
the priorities of the IT and industrial control
departments need to be aligned. Both
employees and vendors coming in need to
be aware of the security policies or risk being
denied access to sensitive equipment and
operations software.
For more best practices in countering
cybersecurity threats, download Schneider
Electric’s complimentary reference guide,
A Practical Guide to Achieving Oil & Gas
Operational Efficiency through Digitisation. n
www.intelligentcio.com