The actress Sharon Stone famously noted that the world’s greatest dancer was not, as commonly considered, Fred Astaire. Rather, it was Fred’s dancing partner Ginger Rogers, who matched every step that he did, but backwards and in high heels. A somewhat similar thought arises concerning Sir Isaac Newton, who not only wrote a book, “The Principia,” which largely originated the modern fields of energy, gravitation, celestial motion and calculus, but he also wrote it in Latin.
Latin was, of course, the lingua franca, or universal operational language, of the educated West for more than 1,000 years. In 2015, perhaps we can say that our own lingua franca is Internet Protocol (IP). Throughout the world, it is now common to have a modern enterprise that — often unknown to management — is entirely based on IP linking from computers to desktops, video systems, telephones, radios, mobile devices and even safety alarms.
The Energy Industry Bucks the Trend
Until very recently, one exception to this IP monoculture could be found in the energy industry, each aspect of which (e.g., oil, gas, electricity, bulk transport, geothermal, solar, etc.) has its own complex technological and operational underpinnings and business ecosystems. In those industries, there was often a bifurcation between information technology (IT) and operational technology (OT).
Generally, the IT systems comprised traditional administrative, financial and technical computers, all using IP to communicate. The OT systems had a wide variety of little-known, arcane and obscure communications interfaces and protocols. The most publicly known subset of OT was found in supervisory control and data acquisition (SCADA) systems, which directly managed pipes, processes, relays, motors, circuit breakers and other complex and potentially dangerous devices.
Due to a variety of business, environmental, technical and operational drivers, there began to be a convergence of IT and OT in the early 21st century. The consumer-driven capabilities of IT became increasingly powerful while the OT systems needed to become rapidly digitized for such things as oil exploration, optimum refinery controls, pipeline operation, rapid and dynamic energy routing and consumer distribution.
Security in the Energy Industry
Unfortunately, as with other industries, certain security problems immediately became all too clear for the energy industry. Some general themes were:
- Unlike most well-secured and closely monitored IT, any OT deficiencies could have immediate and enormous real-world consequences, such as sewage valves opening, generators exploding, etc. There were no second acts for OT security failings.
- Many utilities were not fully aware whether their systems — both OT and IT — could be hacked, had already been hacked or were being analyzed to be hacked in the near future.
- The air gap that formerly existed between OT and IT was no longer operable. The Hollywood picture of a skilled energy expert wearing immense protective gloves and pulling a giant switch did not always occur. In fact, there were often numerous virtual connection points throughout a utility’s system, which was not needed for human operation.
- As with many other industries, there had been deperimeterization even outside the enterprise. Utilities’ co-petition had replaced competition — everyone is everyone else’s customer/competitor/carrier/partner/vendor/supplier.
- Revenue threats from other energy sources impeded rapid upgrade of systems.
Fortunately, via cognitive energy, new countermeasures and compensating controls — educational, operational, managerial and technical — can help bring such risks to an acceptable level.
Some of these ideas hark back to Newton and “The Principia.“ In the 17th century, Newton proved that energy can be transformed, but not destroyed. Newton’s 20th-century heir, Albert Einstein, took this a step further and proved that energy could be equivalent to matter, which has led to relativity theory, atomic energy and many other advances. And in the 21st century, Stephen Hawking proposed that even information cannot be completely destroyed, it must be conserved or transformed.
Making Cognitive Energy Practical
In a practical manner, we can now, via cognitive energy principles, apply to IP-enabled OT those rigorous techniques formerly only amenable to IT. We can also apply to IT the many safety, availability, reliability and sustainability processes that were formerly the sole domain of OT. In other words, equivalent protection can be applied to the waveform of a tablet’s USB connection (say, 1 gigahertz and 5 volts) as well as to a high-voltage transmission line (60 hertz and 745 kilovolts).
There are many products that can be customized for both OT and IT as well as industry-specific consulting skills. Organizations in the energy industry should also search for solutions that can be deployed in a judicious and balanced manner based on intelligence information shared among hundreds of other enterprises from other highly regulated, mission-critical industries.
In the 17th century, Francis Bacon said, “Et ipsa scientia potestas est,” which is roughly translated as: “Knowledge itself is power.” In our century, the equivalent may be “Data is the new natural resource.” It’s not only the power of information, but also the knowledge of and about power — and the protection of data throughout its life cycle — that is essential to every phase of energy exploration, storage, generation, transmission and billing. Thus, secure, efficient and sustainable energy intermediation is crucial, be it the flow of bits, bytes, bucks, barrels of oil or information.
Global Leader, Transformational Business Assurance, Global Banking and Financial Markets Center of Competency; IBM Master Inventor