Be it competitors in China or cybercriminals looking to exploit faulty systems, cybersecurity is an issue of national security, according to Southern Company’s James Goosby.
As Southern Company’s director of business technology planning, Goosby stressed the importance of prioritizing system security in the O&G industry to avoid catastrophic consequences.
Technological challenges within O&G operations could include integrating operational technologies while focusing on IT security, implementing technology without impacting operations, challenges facing training and retaining a knowledgeable workforce, and more, explained Goosby.
Improving system security is the main goal for any IT professional. With such an important task, Goosby stated that one of the key principles he sticks to in his work is collaboration.
"In order for us to do a better job of making sure the systems are secure, at the same time performing the way they’re supposed to perform, it takes a lot of collaboration. So that’s where my mission is — what it’s about today," Goosby said.
The concept of collaboration lays the foundation for eliminating security risks, explained Goosby. To take the first steps in overcoming system challenges, everyone has to be on board and thoroughly educated about the task at hand.
The concept of collaboration lays the foundation for eliminating security risks.
"Education is paramount. As far as fixing vulnerabilities, there are 10,000 new ones each year. You can’t just say ‘go patch everything’," explained Dwayne Edwards, senior security engineer with cybersecurity company, Tenable. "You have to help IT and OT (operational technology), and understand that it’s more about mitigation than remediation."
Goosby agreed with Edward’s assertion about the practice of solving problems by patching things together; systems should be properly functioning as a whole — rather than held together with tape and string.
"With that, we need to give leadership a better understanding of what we do," Goosby highlighted during the 2023 Connected Plant Conference in New Orleans. With knowledgeable leadership, Goosby asserted that so many issues can be resolved or prevented with proper intervention from said leaders who know what to expect and how to handle problems that arise.
Building on education and training initiatives, Jonathan Tubb, director of industrial cybersecurity with Siemens Energy, revealed that the company has an associate program to train cybersecurity workers in important industry skills.
"There are plenty of skills needed to integrate solutions for IT and OT aside from education," added Tubb. "Critical risk-making skills and decision making are both incredibly important."
Adding to Tubb’s remarks about integrating needed skills into worker education, Goosby said, "We need to expand educational, college programs for instrumentation and controls. We already have programs with local community colleges and have had much success in hiring these trained kids," explaining that workers can add so much more value to their labor, and therefore their employers, by having an even wider range of skillsets in the cybersecurity field.
Edwards offered the thought that cybersecurity education isn’t just for IT and OT or leadership — it’s for everyone. A "learn by doing" approach is essential for every worker in the digital age when cyber-attacks and record and data mishandling can cause so much damage to a company.
The challenges of implementing and maintaining system security in a business are extensive, especially in the O&G field. Still, education and awareness across the board are essential for operational security.