National Oil Conference 2014 organization by Marsh was a major success with more 500 attendees from energy and utilities sector across Europe, Middle East, Africa and Asia. With high profile keynote speakers such as Dr. Christoph Frei, Secretary General, World Energy Council the event triggered thought leadership in the field of energy sector of risk management, challenges in emerging markets and diversification – with Cyber Security being one of the hottest topics presented by Shah Sheikh of DTS Solution.
Shah Sheikh’s presentation on “Evolving Cyber Security – A Wake Up Call…” was one of the most anticipated sessions during the conference and received excellent reception post conference in the executive briefing. A presentation that covered the dark reality of targeted cyber-attacks on critical energy infrastructure in the Middle East and across the region has raised many alarms bells ringing. What organizations need to do in order to build a security culture and DNA into the organization that ultimately means longevity and sustainability of their core business was also discussed and highlighted.
The presentation addressed audience from technical and non-technical backgrounds and some with little knowledge about cyber security – remember advocating good cyber security practise is the responsibility of all employees within an organization.
The presentation covered the business case and need to develop a Cyber Security Management System and Framework that is driven at the top management through governance and translated on to the ground through policies, standards and procedures. Using these policies, standards and procedures to then implement the technical security preventative, detective or compensating controls to protect your critical infrastructure from cyber security breaches. The presentation also addressed why energy clients should have the upper hand when it comes to working with DCS vendors and enforcing best security practices upon them rather than expect the DCS vendor to provide a secure by design automation infrastructure which typically does not happen. The presented ended with key security solutions and controls that can be implemented to provide a defense-in-depth model. Finally building a Security Operations Center to proactively monitor the cyber security posture of their critical infrastructure around the clock – ensure the organization is comprehensive prepared to detect, thwart, prevent, contain, isolate and investigate security attacks and breaches.