It was to be our first event conference as an exhibitor. We upgraded our suits, we had boxes of pens and other assorted marketing stuff assembled and we’d even discussed the possibility of driving the 550 miles to Aberdeen on the basis that the train fare was a few pence more than the GDP of Belgium.
But all that was in vain. Like the Oktane20 conference we wrote about a few weeks ago, the Digital Energy 2020 Summit went virtual.
Organised by Scottish tech gurus DIGIT, the 7th annual Digital Energy Summit is hosted every year in the Granite City, known as the ‘off-shore oil capital of Europe’ (although presumably they don’t use that slogan on their marketing material).
Exploration started in the 1960s and the first major find occurred in the Forties field in November 1970, 110 miles east of the city in the North Sea. Five years later, the infrastructure was in place and oil flowed, and keeps on flowing.
Aberdeen’s energy industry supports around 50,000 jobs and the conference is primarily for tech-types working in the oil and gas sector. We co-exhibited with our partner Cyber Observer at a crossroads for IT teams in the energy sector who, like many in myriad other industry sectors, are being asked to deliver more bang for less buck.
Every Industry Is at A Crossroads Aren’t They?
Well, sort of. Even if you take coronavirus out of the equation, businesses of all sizes and complexities in all sectors are undergoing seismic change. The challenging economic landscape has forced companies to re-evaluate and in many cases forensically scrutinise their operations, address inefficiencies, adopt more agile methodologies and accelerate digitisation programmes in pursuit of greater productivity combined with asset efficiency, especially but not exclusively where IT is concerned.
In other words, as we put so succinctly last month, ‘How on earth do you go about improving the productivity of the company’s myriad stakeholders and making your systems more secure but reducing operational costs at the same time?
That’s the $64m question.’
Regarding the energy sector, the market is growing increasingly diverse as renewables mature and new entrants emerge.
In late 2019 the UK Oil & Gas Authority set out its vision for how it will help deliver, promote and influence Digital Excellence through digitisation to help support it’s Maximising Economic Recovery (MER) plan. In layman’s terms, they set out how the oil and gas industry can use digital excellence to help reduce operating and research costs and at the same time maximise revenue from the oil and gas fields. More bang (literally and metaphorically) for less buck.
Back in early April, Brent Crude was trading as low as $9/barrel (down from around $70/barrel in late December). This week it’s around $35/barrel and this in itself presents an interesting conundrum for the industry. Whilst pricing remains significantly lower than in recent months and years, the current appetite to invest in digital transformation, even if there are mid to long term savings to be had is likely to be low whilst companies try to prioritise cash and longevity.
Amongst other excellent reasons, this is why we felt Cyber Observer was such a good partner to co-exhibit with – they help businesses squeeze every last ounce of value out of their security stack. In many cases, they’re able to identify duplicate functionality and therefore opportunities for consolidation. Thus, cost savings. We’ll say it one more time…
More bang for less buck.
(Promise, that’s the last time you’ll read that.)
Who Spoke And What Did They Say?
Perhaps unfamiliar to the more general IT bods reading this, nevertheless the list of speakers at the Digital Energy 2020 Summit was seriously impressive and included:
Blaine Tookey, Technology Principal at BP
(The brilliantly titled) Adebayo Aremu, Drilling Operations Superintendent at KCA Deutag
Martin Ogden, Head of IT & Digital at Repsol Sinopec
Niko Dukic, Senior Program Manager for Azure Storage at Microsoft
Rina Ladva, Energy Sector Head at Microsoft UK
Louise Smith, Chief Digital Officer at Lloyds
Lionel Jacobs, Senior Security Architect at Palo Alto Networks
At this point, we’re going to hand over to our very own Stephen Dorling for a comprehensive review of the key takeaways.
Mark Mitchell, Security Engineer at Check Point spoke about Protecting your Everything and how the network has evolved to be an ever-changing perimeter spanning both people (employees and users) and machines. (In the oil & gas sector’s case, it’s often machinery on oil rigs and ships).
In one of his slides, he spoke about five trends they saw towards the end of 2019 they felt would shape cybersecurity in 2020 –
1. DevSecOps – Security automation should enable IT innovation
2. Cloud & IoT – the attack surface is expanding
3. as a Service – Customers prefer security as a Service (XaaS)
4. Consolidation – CISOs want less security vendors
5. Intelligent Bots – Malware propagates faster to any connected resource
Number four is a big topic for us, the attendees and our clients. In general, people are becoming exasperated with the sheer amount of SaaS applications in their day-to-day stack and even more so in security. Many of our clients would prefer to do more with fewer applications/solutions to maintain, tweak, administer and naturally, pay for. The irony is that often, with fewer (but the right) security tools you can easily be more secure.
As we alluded to in a past blog, it’s not necessarily about being as secure as possible, it’s about being as secure as you need to be.
Panel Discussion – Driving Cybersecurity Collaboration in the Oil & Gas Industry One of the major topics was the ongoing issue of phishing attacks. Specifically, the websites of businesses who service multiple oil & gas clients being faked using spoof domains and mimicking the service company’s real website and copy. They’re fairly sophisticated attacks and often are only spotted when someone gets caught out. The panellists spoke about collaboration, whereby they’ve begun to report amongst each other the domains the copycat sites are using so others can act and block.
Mimecast are ahead of the game here. Their acquisition of SegaSec, an Israeli cybersecurity software provider that protects against fake websites, phishing scams, credential harvesting and impersonation attempts on the web early this year allows them to do just that.
They can identify domains that are similar (or who are using copycat design and copy) and who’s activity could suggest malicious or fraudulent intent. Once spotted, they have links to thousands of registrars to take down the sites before they’ve had a chance to ‘go-live’. Typically, the takedown time is just three hours.
Hannah Rudman, Strategic Transformation Director at Wallet.Services spoke about improving cyberbreach reporting with trust and security enabled by Distributed Ledger Technology, or DLT. Her company produces a platform called Siccar that uses DLT.
The platform allows companies to collaborate with various bits of information sharing both securely and when preferred, anonymously. The use case she spoke about was cybersecurity breach reporting. For the most obvious reasons, most companies are reluctant to share specific (or even general) details about cybersecurity breaches, even if the information could help other companies to shore up their own defences. For oil & gas, they could effectively anonymise cybersecurity breach details and upload them to the ledger, sharing specific information that had been validated as correct and/or true by the tamper-proof virtual ledger allowing other companies to take preventative action. It seems like a sensible idea that many businesses could adopt.
All Great Ideas, In Theory…
The last two talking points are for the greater good and as theories, it’s hard to argue against either of them benefitting the many but there are sticking points. As always, they are mainly down to money. Collaboration requires industry buy-in.
Who pays? If it’s down to private companies, would someone like BP or Shell be willing to fund said collaboration and then effectively offer it out as open source technology?
Is it down to a government, industry or advisory body to adopt it and co-fund via interested parties who get access in return for payment? If so, how will they split costs fairly – the amount of money divided by the number of companies involved, as a percentage of profit or revenue? By the number of users, the amount of (admitted) breaches or the expertise put in at the front end?
It’s hard to know but the ideas are out there, they just need either a EuroMillions winner with a healthy interest in the oil and gas industry or the price of Brent Crude to hit $500/barrel.
Contact us today on firstname.lastname@example.org or call 020 7078 0789 and we’ll talk cloud and email security, communications platforms, cutting-edge IT solutions or if you were happy with your position on the Times Rich List this year…