Should Cybersecurity Drive Business Decisions?

Cybersecurity is often thought of as an IT matter becdause it involves the protection of network infrastructure, programs, and the data stored within them, but would companies benefit from rethinking its role in their operations? A global intelligence advisor at BP recently argued that the consequences of cyberattacks make them general business issues more than IT issues, and the intelligence gathered in developing cybersecurity protocols can act as a business driver. 

At a workshop cohosted by Siemens and the International Society of Automation on the role of artificial intelligence in combatting cyberattacks, Sean Plankey said intelligence is a prevention function and a well-executed intelligence-gathering operation should help inform proper security protocols. Adversaries often deploy a series of capabilities to move across external and internal infrastructure, so detecting an individual event within a network does not always give a company the greatest understanding of the nature of the threats they may face. 

“I think that a good way to look at intelligence is defining what our adversaries are trying to do against us,” Plankey said. “If we took intelligence and thought it was just pulling malware apart, identifying a piece of malware, we’d only be looking at one corner of the attack. We have to look at it holistically.”

Intelligence Gathering With a Purpose
Plankey said that, to develop sufficient security protocol for their networks, companies must understand the nature of the threats they face and the types of intelligence they receive.

Strategic intelligence helps inform the decisions of senior leadership. It is rarely technical, but it usually involves the analysis of several external business and political variables, such as the state of the global oil market, diplomatic developments between nations, and general IT/OT issues that could affect a company. One example Plankey gave was a hypothetical issue in which Chinese actors implanted chips into company motherboards built by a specific vendor to steal information from its clients. Developing a protocol for such a situation would require strategic-level conversations, Plankey said, because that protocol may require management to redefine its procurement process.

Operational intelligence is related to specific attacks, and usually involves specific tactical actions that companies can drive within their operations. Technical intelligence comes from physical indicators like automated sharing programs, indicators of compromise, or even intelligence from government agencies like the US Department of Homeland Security.

Plankey defined a threat as the determination of an actor to inflict harm on something or someone, and the establishment of a baseline threat to a company’s operations will help that company eliminate the uncertainty that comes from intelligence gathering. Companies should use intelligence to inform their business: As the baseline threat changes, so should its security posture.

“Without a baseline, we’re in constant panic mode,” he said. “That goes from the lowest level of the organization to the top. Cyberattacks become ‘act of God’ events without a baseline threat: ‘Let’s just do nothing because we could be hit at any time.’ That’s not a good stance to have.”

Read the full story here.

 

 

HSE Now is a source for news and technical information affecting the health, safety, security, environment, and social responsibility discipline of the upstream oil and gas industry.