GPSG at the Tulsa Cyber Summit

5 Best Cyber Practices for the Oil and Gas Industry from the Tulsa Cyber Summit

April 2, 2019

GPSG’s cyber team had a lot of fun supporting the Tulsa Cyber Summit! Our team caught up with existing partners and made new friends.

The line-up of high-profile private sector and federal keynote speakers shared their insights on cyber resiliency and fostering corporate security culture. The technology and leadership tracks addressed privacy, data encryption, cyber threats, and more.

The event was sponsored by the George Kaiser Family Foundation, Cox Business and the University of Tulsa Tandy School of Computer Science. The University of Tulsa is driving the Tulsa Cyber District. This include cyber initiatives to make Tulsa a focal point in the nation for cyber excellence.

John Lister Speaking on Encryption at the Tulsa Cyber Summit
John speaking on encryption for leadership at the Tulsa Cyber Summit

A Meeting of Cyber Minds in Oklahoma

The Summit offered a meeting of cyber minds from the federal and private sector communities from the west AND east coasts. Former CIA Director John Brennan kicked off the two-day event with insights on leadership in the digital age.

Facebook Director of Security, Aanchal Gupta, shared her perspectives on developing a corporate culture of security and managing technical minds. Sectoral panels explored cybersecurity innovation and challenges in finance, oil and gas, electricity, transportation, and IoT governance.

Crystal Lister speaking on insider risk at the Tulsa Cyber Summit
Crystal speaking on insider threat risk management at the Tulsa Cyber Summit

5 Cybersecurity Recommendations for the Oil and Gas Industry

The oil and gas industry panel included CISOs, SCADA, cyber, and information security leaders. They noted that despite vendors consistently providing enhanced technologies and mitigation tools, they still see organizations continue to fall victim to cyber attacks.

Most of the panel members agreed that it is key for an organization to build a strong cybersecurity foundation and focus on fundamental cybersecurity principles. We agree that a company’s ability to successfully reduce risk begins with identifying and prioritizing critical assets and then building your security program around them.

Here are five recommendations for improving cybersecurity in the oil and gas industry:

  1. Ensure a patch management policy: For example, patch management could have prevented the Equifax breach if the company had employed one. The panel seemed to agree that organizations oftentimes underemphasize the critical role of basic security measures. This can happen due to time and budget issues.
  2. Engage with federal and local resources: Active engagement in community and peer interest groups (e.g., ONG-ISAC) can help an organization identify potential threats and mitigations faster. Although competitors by nature, the panel shared their best practice of regularly meeting to touch base on cyber concerns and potential emerging technology solutions.
  3. Seek to leverage resources across IT (Information Technology) and OT (Operational Technology) systems: The panel addressed the impending merger of IT and OT systems. One issue with this is that the differing technologies must be combined to support operations most efficiently. In addition, IT and OT skillsets and capabilities are different and can make managing the overall enterprise security culture more challenging. Increased focus on technologies and corporate culture that support both IT and OT can help drive security initiatives. For example, when merging an IT and OT team, we recommend that both teams agree on a ticketing and communication system. This helps foster a team environment and collaboration, which may solve security issues faster.
  4. Increase understanding and awareness of inventory and supply chain security: The panel emphasized the importance of understanding everything that is connected to an OT network to most successfully manage risk. Some operators are dependent on suppliers for business operations, exposing the operator to risks beyond their control. One risk mitigation solution we recommend for this is to employ a rogue network device detection capability.
  5. Conduct a cybersecurity assessment focusing on data protection: The panel briefly touched on the importance of data protection. From our perspective, we recommend a data protection-focused assessment to strengthen your organization’s ability to safeguard your most sensitive information from corruption, compromise, or loss. Similarly, it helps you work towards local, federal, and international legal compliance.

The Gathering Place, Tulsa’s Riverfront Park

After attending the Tulsa Cyber Summit, our team also visited The Gathering Place on a sunny afternoon!

The Listers at The Gathering Place-Tulsa
The Gathering Place, Tulsa’s Riverfront Park

Connect with us today at cyberteam@gpsg.co for a free consultation on cybersecurity risk management.

Disclaimer: This blog provides ever changing content, conversations, and insights on cyber threats and trending solutions that is accurate to the best of our knowledge. Although we are cybersecurity experts, we provide information which we hope is helpful, and do not endorse any specific products, tools, or solutions referenced herein. Consult with your cybersecurity team before taking any action.