Part 5 – Trust is the Only Way Forward for Digital Energy
The US digital economy has seen a triple-digit increase in cybersecurity threats with a wartime posture among bad actors that is only accelerating the overall trend toward increasing sophistication, size, and volume of cyberattacks. As energy leaders navigate mounting cybersecurity challenges, key concerns are top of mind including how to ensure business continuity, keep business data safe, and thwart rapidly growing attacks with shrinking IT budgets. W Energy Software’s manager of cybersecurity, Michelle Pellon, brings her voice of authority to our blog where she presents an essential checklist for protecting your software supply chain by working with vendors who understand the risks, have a disaster recovery plan, implement certified security controls, and continuously collaborate with security partners.
Information security in the digital oilfield is a proactive science. There is simply no way to react to cyber-threats because by then it is too late. It’s not just the surge of cyber-threats that put oil & gas businesses and their revenue at risk. Ransomware and other methods of exploiting businesses for cash have become mainstream cybercrime but geopolitical situations that escalate can lead to cyber warfare.
At the beginning of the recent war in Ukraine where were all of your oil & gas software vendors? The sudden threat of spillover from cyberspace into the US energy sector is and still is very serious and very real. What each and every one of your software vendors should have done was provide assurance that vital business data and critical digital infrastructure are safe, i.e., demonstrate that they are innovating and delivering value when it comes to cybersecurity, the topic of today’s blog.
The Importance of Cybersecurity Assurance for Software Users
Here’s an excerpt from the e-mail that was sent out to W Energy Software’s clients on the 1st day of Russia’s war on Ukraine:
- Your data and business-critical applications are safe. W Energy Software relies on a number of Amazon Web Services managed security products that are up-to-date and receiving the latest threat intelligence as Russian cyber actors evolve their tactics.
- Our internal security controls are at full readiness. We continue to collaborate with [NAME REDACTED], our key cybersecurity partner who is prepared to respond 24/7 as part of their rapid response program.
- We have the right people. W Energy Software has built a top-tier cybersecurity team, backed by independently certified AICPA SOC 2 controls and rigorous security certifications for our internal teams to manage ongoing threats just like we are now experiencing.
- We are one step ahead. W Energy Software is actively engaged with our partners in Federal Law Enforcement and Industry Threat Intelligence Sharing Groups to stay current on the evolving situation.
Did you get this level of assurance from your other software vendors or some vague reassurance about your oil & gas information security? W Energy Software was able to instantly respond to this type of crisis with details on our information security posture because we had already done the hard work of putting the right people, processes, and technology in place, something your other software vendors couldn’t do because they were reacting and got caught flat-footed.
Because of the critical nature of data in our industry, oil & gas companies must trust their software vendors who are integrally linked to their digital pipelines, data assets, and ability to operate. Here’s the multi-million dollar question (multi-billion in some cases): do you trust each of your software vendors? What are they doing to add value and innovate around your software supply chain security? If you have any doubt about either answer, it’s vital to your business and bottom line to make the switch to W Energy Software.
Our Trust Center Says It All
Over the course of my blog series, I’ve identified 5 key areas in oil & gas information security where software vendors must build trust. Your software supply chain isn’t just the dozen or so pieces of energy software that accounting, land, field operations, production management, and regulatory teams rely on – software supply chains are comprised of thousands of subcomponents that these “tip of the iceberg” applications are built on. As a result, managing risk in your supply chainmust take into account the vulnerabilities of open source code and third-party components, which is why W Energy Software provides a software bill of materials (SBOM) in the industry-standard SPDX format. Our cloud architecture and unified approach enable us to provide a single SBOM unlike our competitors who simply don’t’ try because they hold a mishmash of disconnected products built on legacy and on-premise technology, making it impossible to provide their clients with clear software supply chain visibility.
The other dimensions for building trust that each of your energy software vendors must have a strategy for include driving IT security best practices with the right cloud host, being able to rapidly recover your business continuity following a successful cyber-attack, and independent certification of information security controls. And if your vendors aren’t innovating and adding value around cybersecurity then they don’t deserve the confidence your oil & gas team is placing in their applications and digital infrastructure..