Digital Energy 2018 Day 2

Mark Stephen
BBC Scotland
@bbcscotland
#de18

DI Eamonn Keane, Police Scotland
Mandy Haeburn-Little, SBRC
@policescotland
@MandyHL_SBRC
#de18

OFFICIAL: NONE
OFFICIAL: NONE
OFFICIAL: NONE
OFFICIAL: NONE
Digit
Oil and Gas
Cyber Activity Presentation
Mandy Haeburn-Little
Eamonn Keane
May 2018

OFFICIAL: NONE
OFFICIAL: NONE
• Strategy - A more resilient Scotland/UK !
• What are the threats?
• Where does SBRC sit in the landscape?
• Who you gonna call?
• Incident planning & response!.
• Challenges!
• Under-reporting & signposting.
Agenda.

OFFICIAL: NONE
OFFICIAL: NONE
OFFICIAL: NONE
OFFICIAL: NONE
Scotland as a cyber
world leader
really?

OFFICIAL: NONE
OFFICIAL: NONE
The Ambition
Safe, secure and prosperous: Scotland’s cyber resilience strategy
Scotland can be a world leader in cyber resilience and
be a nation that can claim, by 2020, to have achieved
the following outcomes:
i. Our people are informed and
prepared to make the most of
digital technologies safely.
ii. Our business organisations
recognise the risks in the digital
world and are well prepared to
manage them.
iii. We have confidence in, and
trust, our digital public services.
iv. We have a growing and
renowned cyber resilience
research community
v. We have a global reputation for
being a secure place to live and
learn, and to set up and invest
in business.
vi. We have an innovative cyber
security, goods and services
industry that can help meet
global demand.

OFFICIAL: NONE
OFFICIAL: NONE
LEADERS BOARD
COMMS
DFM
PUBLIC SECTOR
Private Sector
Leadership
SKILLS RESEARCH
BUSINESS
ENABLEMENT
Cyber Expert Group for Scotland
Business membership groups –
SCDI/CBI/IOD/COC/SLTA/STUC/LS (FSB National)
Trusted Partners – Cyber Essentials Accreditors

OFFICIAL: NONE
OFFICIAL: NONE
National Cyber Resilience Leaders Board
Development of action plans
1. Learning and skills
2. Public sector cyber resilience
3. Private sector cyber resilience
4. Third sector cyber resilience
5. Systems of advice, support and response
6. Economic opportunity
7. Communications and awareness raising
Aligned
approach

OFFICIAL: NONE
OFFICIAL: NONE
Building blocks of SG Private Sector Plan
• Cyber Catalysts Scheme
• Grading of risk and standards – cyber aware up to NIS supply chain
• Public sector framework
• Leadership and awareness raising
• CISP/SCINET
• unregulated sectors and third sector
• Innovation and Growth - + Advice Support and resources
• Supporting the SME community co-operating nationally and
internationally

OFFICIAL: NONE
OFFICIAL: NONE
Why we do what we do?
The Scottish & UK government is committed to making
the UK a secure and resilient digital nation.
A key aspect of this strategy is through robust
engagement and an active partnership between
government, industry and law enforcement to
significantly enhance the levels of cyber security across
UK networks.

OFFICIAL: NONE
OFFICIAL: NONE
So how has the threat changed in the last 5
years?

OFFICIAL: NONE
OFFICIAL: NONE
Scenario 2 – Malware
Malware
Phishing
Ransom-
ware
Social
Engineering
Hacker
The Usual Suspects!

OFFICIAL: NONE
OFFICIAL: NONE
Is this cybercrime?

OFFICIAL: NONE
OFFICIAL: NONE
Saudi Aramco’s Khurais plant. A cyberattack
wiped out data on three-quarters of
Aramco’s PCs

OFFICIAL: NONE
OFFICIAL: NONE
In August 2017, a petrochemical company
with a plant in Saudi Arabia was hit by a
new kind of cyber attack. The attack was
not designed to simply destroy data or
shut down the plant, investigators believe.
It was meant to sabotage the firm’s
operations and trigger an explosion.

OFFICIAL: NONE
OFFICIAL: NONE
Never in Scotland!

OFFICIAL: NONE
OFFICIAL: NONE
Key questions that all CEOs & CISO’s should be
asking this week?
• "Are we vulnerable to a cyber intrusion, SQL injection, ransomware or DDoS
based attacks?“
• "What assurance activity have we done to confirm that we are not
vulnerable?“
• "If we were compromised, would an attacker be able to gain access to
unencrypted sensitive data?“
• “Are we satisfied have we engaged sufficient 3rd party security provider?"
• “What is our company posture on security?”
• “What and how vibrant is your overarching cyber security policy?”

OFFICIAL: NONE
OFFICIAL: NONE
ORGANISED CRIME

OFFICIAL: NONE
OFFICIAL: NONE
THE WHAT?

OFFICIAL: NONE
OFFICIAL: NONE
Scottish Government
Police Scotland
Scottish Fire & Rescue
SBRC
CYBER
RETAIL
AND
TOURISM
SUPPLY
CHAIN
Curious FrankSAFER
COMMUNITIES
BBN
RESILIENCE Menu of
Services
Menu of
Services

OFFICIAL: NONE
OFFICIAL: NONE
PROTECTING
BUSINESS
Public Good Delivery . . .
Police, Fire, Government
Advice guidance
information sharing
State of the Art
Commercial Services

OFFICIAL: NONE
OFFICIAL: NONE
IT’S ALL ABOUT THE
BASE

OFFICIAL: NONE
OFFICIAL: NONE
Cyber-security Information Sharing Partnership (CiSP)
CiSP is a joint industry and government initiative set up to exchange
cyber threat information in real time, in a secure, confidential and
dynamic environment, increasing situational awareness and reducing
the impact on UK business.

OFFICIAL: NONE
OFFICIAL: NONE
CiSP Business Benefits
• Engagement with Industry and Government counterparts in a secure environment
• Early warning of cyber threats
• Ability to learn from experiences, mistakes and successes and seek advice
• An improved ability to protect your organisation’s network
• Access to subject or sector specific content including latest incidents
• Improved cyber situational awareness at NO COST to your organisation

OFFICIAL: NONE
OFFICIAL: NONE
Under this scheme, which is backed by Government and supported by industry,
organisations can apply for a badge which recognises the achievement of
government-endorsed standards of cyber hygiene.

OFFICIAL: NONE
OFFICIAL: NONE
Trusted Partners
• Launched by SBRC and Police Scotland on 9th February 2017
• Nationally accredited Cyber Essentials Certifying Bodies based or operating across Scotland
• Initially 12 independent Certifying Bodies in Scotland, now increased to 20
• Cyber Essentials Approved Practitioners list launched on 31st May 2017
• Nationally accredited to provide Cyber Essentials consultancy and advice but don’t certify
• Trusted Partners & Approved Practitioners integral to Scottish Government’s Cyber Resilience
Strategy and contributed during the development and consultation phase of Action Plans.

OFFICIAL: NONE
OFFICIAL: NONE
Cyber Essentials -Trusted Partners
7 Elements Ltd, Linlithgow - www.7elements.co.uk
Aggress Ltd, Prestwick - www.aggress.co.uk
BC Technologies, Dunoon - www.bc-technologies.co.uk
Barrier Networks, Glasgow - www.barriernetworks.co.uk
Clark IT, Aberdeen – www.clark-it.com
Commissum Associates, Edinburgh - www.commissum.com
ECSC Group, Edinburgh – www.ecsc.co.uk
Grant McGregor Ltd, Edinburgh – www.grantmcgregor.co.uk
ID Cyber Solutions, Glasgow - www.idcybersolutions.com
MTI Technology, Livingston - www.mti.com
MJD Systems, Moray - www.mjdsystems.co.uk
NCC Group, Glasgow & Edinburgh - www.nccgroup.trust
Net Defence, Stirling – www.net-defence.com
Nethost Legislation, Aberdeen www.nethostlegislation.co.uk
Pulsant, Edinburgh – www.pulsant.co.uk
Quorum Cyber Security, Edinburgh – www.quorumcyber.com
Sapphire, Glasgow – www.sapphire.net
Secarma Ltd, Glasgow & Edinburgh – www.secarma.co.uk
Seric Systems Ltd, Paisley - www.seric.co.uk
Truststream, Edinburgh - www.truststream.co.uk

OFFICIAL: NONE
OFFICIAL: NONE
PERTH
Current Position
SCOTLAND’S KNOWLEDGE
RESOURCE
ST ANDREWS
EDINBURGH
DUNDEE
SCOTLAND’S CYBER
CRIME CENTRE
SCOTLAND’S CYBER QUARTER
LONDON
NATIONAL CYBER SECURITY
CENTRE
GLASGOW
FINTECH HUB
KILMARNOCK
HALO- FUTURE DIGITAL
SKILLS CENTRE
GARTCOSH
LINLITHGOW
ORACLE CYBER SCOTLAND
BASE
PS ABERDEEN CYBER HUB

OFFICIAL: NONE
OFFICIAL: NONE
So what are the challenges/threats?
• Global, international, industrial & automated
• Jurisdictional reach & anonymous
• Increased criminal opportunities - Anyone can be (or hire) a cyber criminal!
• Lack of clear & concise statistical data.
• Under reporting
• Technological advances provide opportunities but equally increases the threat
of cybercrime - The ‘Internet of Things’
• Social media as an attack vector
• Disaster Recovery & Business Continuity

OFFICIAL: NONE
OFFICIAL: NONE
Cyber Resilience is thorough Preparation
Overarching Cyber Security Strategy!
Pre-planned Exercise.
Incident Management & Response Plan.
Communications Strategy.
Investigative Strategy.
Incident Manager & Team
Gold, Silver, Bronze.
Mitigation & Recovery Strategy.
Logistics - Contingency

OFFICIAL: NONE
OFFICIAL: NONE
WHO YOU GONNA
CALL

OFFICIAL: NONE
OFFICIAL: NONE
Reporting of Cyber Incidents
• Incident evaluation and early reporting.
• Police Scotland 101 – Incident No. & Action Fraud.
• Business continuity and impact prime consideration.
• ICT response and mitigation. Scene preservation?
• Where possible preserve original copies of emails, attachments, device images and logs.
• Is there a mandatory obligation to report?
• Report to NCSC, Cert UK / GovCert UK .
• Report to Scottish Government if appropriate.
• Identify point of contact for law enforcement to facilitate enquiries and evidence gathering.
• Submit attack details to CISP platform if appropriate share.cisp.org.uk (can assist with
mitigation and fix)

OFFICIAL: NONE
OFFICIAL: NONE
Why Curious Frank?
We’re Curious.
Not just about you but about Cyber Security in general. We’re curious to see what the latest threats are and how they
work, we’re curious to find out how to defend against them, we’re curious to learn the latest techniques and put them
in to practice to help secure businesses networks. Most of all we’re curious to find out how we can help you.
We’re Frank.
We’ll tell you in plain and simple terms what we think needs to be done to help protect your business. We’ll tell you in
an open and honest manner what we found during our testing and what you can do to rectify any issues.
We’re Curious, we’re Frank

OFFICIAL: NONE
OFFICIAL: NONE
SBRC Intentions – building blocks
• Keeping skills in Scotland (business)
• Developing pipeline for hub and police
• CE standards launch and SCiNET (dfm)
• SOC concept
• Cyber catalyst companies
• GDPR trigger
• Triaging
• Trusted partners
• Police scope industry
• Commonality of language - 5th utility

OFFICIAL: NONE
OFFICIAL: NONE
This Photo by Unknown Author is licensed under CC BY-NC-ND
SUPPLY CHAIN

OFFICIAL: NONE
OFFICIAL: NONE
Opportunities & Challenges
• End to end order and delivery process
• Online vulnerabilities
• Supply chain and contractual management
• Procurement policies
• Premises Assessments
• Transport
• Post-Brexit

OFFICIAL: NONE
OFFICIAL: NONE
This Photo by Unknown Author is licensed under CC BY-NC
RETAIL

OFFICIAL: NONE
OFFICIAL: NONE
• On and off-line management of instore process
• Warehouse deliveries and management
• Information sharing and protocols
• Supply Chains
• Staff vulnerabilities online trading
• International competition
• Mainstream Mega 4 competition

OFFICIAL: NONE
OFFICIAL: NONE
Caution - Your digital footprint!

OFFICIAL: NONE
OFFICIAL: NONE
Good practical advice!!

OFFICIAL: NONE
OFFICIAL: NONE
Thank you for listening
Any Questions?

Bill Malik
Trend Micro
@WilliamMalikTM
#de18

Securing Generations of IoT
William J. Malik, CISA
VP, Infrastructure Strategies

What is IoT?
• Networked sensors, analytical engines, actuators
• Connected non-traditional computing platforms
• Industrial Control Systems ICS
– Distributed Control Systems DCS
– Supervisory Control And Data Acquisition SCADA
– Programmable Logic Controllers PLC
– Remote Terminal Units RTU
– Intelligent Electronic Devices IED
– https://blog.trendmicro.com/securing-three-families-iot/

Copyright 2018 Trend Micro Inc.59
Typical DCS ConfigurationProcess Historical Archives Engineering and Operator Workstations
Ethernet TCP/IP
Micro FCU
LAN/WAN Hub
SCADA Data ServerField Control
Unit
PLC I/O
Field
Devices
Field
Devices
PLC I/O
Field Control
Unit
LAN/WAN HubLAN/WAN Hub
LAN/WAN Hub Field
Devices
Micro FCU
Field
Devices
Operator
Workstation
Micro FCU
SCADA Data Server
PLC I/O
Field
Devices
PLCs, RTUs, Other 3rd Party
PLCs, RTUs, Other 3rd Party
---- Protocol: TCP/IP, Modbus, OPC, DDE, or Proprietary ----
---- Connection: VSAT, LAN, WAN, Radio, Microwave -----

What is Information Security?
• Information shall not be Lost, Altered, or
Inadvertently Disclosed
– I.e., Availability, Integrity, Confidentiality
• ISO 7498-2, Security across the ISO/OSI
Reference Model
– Identification, Authentication, Data Confidentiality, Data
Integrity, Non-repudiation

Integrating Information Security
• Information Security Integrated with SDLC
(DevSecOps)
• Security Management Integrated with IT/OT
Management (Operations)
• Actuators (ICS) are out of scope for information
security
– Industrial processes are not “information”

IoT 0.9 and 1.0 Limitations
• Hard-coded credentials (no identification or authentication)
• Plain-text communication (no data integrity or confidentiality)
• Flat system architecture (no secure kernel)
• Simple or no software/firmware update
• Minimal logging or alerting
• Proprietary networking
• Very low power
• Sometimes physically inaccessible
• Lightweight systems management infrastructure (if any)
– XMPP, MQTT, CoAP, 6LowPAN

Securing IoT 1.0
• Restrict to segmented network
– Reduce attack surface
• Monitor network traffic
– Detect unwanted signals
• Monitor processor utilization
– Detect unwanted processes
• Deploy out-of-band sensors
– Logging, analysis, reporting
• Freeze servers and infrastructure
– No updates, no upgrades, no installs

IoT 2.0 Additional Security Capabilities
• Secure kernel
• Certificate-based communication
• Trusted over-the-air updates
• Monitoring interface
• Management APIs
• Vendor liability
• Field-replaceable units
• Forensically durable logging

ARM Platform Security Architecture

Largest IoT 2.0 Challenges
• ICS key operational constraints
– Real-time responsiveness
– Reliability
– Non-disruptive failure modes
– Safety
• DevSecOps integration with IoT methodologies
• IT operations integration with ICS operations

Case Study: Medical Instruments
• Initially little technology in operating rooms
• Technological improvements – patient
monitors, blood-gas analysis, EKG, EEG, but
independent
• Introduce networked OR suite, link to
hospital IT network …
• Wannacry ransomware

Wannacry – Taiwan (happened)

Medical Implants (could happen)
“… adversaries could change the
settings of the neurostimulator
to increase the voltage of the
signals that are continuously
delivered to the patient’s brain.
This could prevent the patient
from speaking or moving, cause
irreversible damage to his brain,
or even worse, be life-
threatening.”

Case Study: Power Generation
• Initially hard-wired on site
• Technological improvements – sensors, safety
systems, but still local
• Introduce networked remotely managed
operation and oversight
• Link to utility corporate network …
• Aurora attack: open breaker, close breaker

SCADA Vulnerabilities from ZDI
Over 250 SCADA submissions to Zero-Day Initiative, 2015/2016
• Lack of authentication/authorization and insecure defaults
23.36%
• Memory corruption 20.44%
• Credential management 18.98%
• Code injection 8.76%
• Others 28.46%

How Trend Micro Can Help
• Monitor network traffic (work and home)
• Observe processor utilization
• Report software/firmware level
• Analyze logs
• Integrate with SEIM
• Consolidate reporting, management
– One pane of glass

Conclusions and Future Work
• “History doesn’t repeat itself, but it rhymes.”
– We’ve been here before: PC security 1988, LAN security 1992,
Internet security 1995, Wi-Fi security 1999, Cloud security
• Inventory IoT landscape
– Asset management, discovery, categorization
• Upgrade weak IoT devices, networks
• Support secure IoT architecture
• Plan for regulatory mandates

References
Typical DCS Architecture from “Protecting Industrial Control Systems from Electronic
Threats,” Joseph Weiss, Momentum Press, 2010
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-
exploits/the-state-of-scada-hmi-vulnerabilities
Taiwan ransomware attack http://www.cbc.ca/news/technology/ransomware-
cybersecurity-hack-conditions-1.4114349
Securing Wireless Neurostimulators. Proceedings of Eighth ACM Conf on Data and
Application Security and Privacy, Tempe, AZ, Mar 19, 2018 (CODASPY ’18), 12 pp.
https://doi.org/10.1145/3176258.3176310
ARM Platform Security Architecture
https://developer.arm.com/products/architecture/platform-security-architecture
Sayano Shushenskaya Dam Accident
https://www.youtube.com/watch?v=yfZoq68x7lY

Thank you!
william_malik@trendmicro.com
@WilliamMalikTM

Tim Harwood
HS & TC
@HSandTC
#de18

© Siker 2018
Cyber Security Awareness and
Business Alignment
Tim Harwood
CEO Siker
© Siker 2018

© Siker 2018
Introducing Cyber
The key goal should be to grow your company into a cyber resilient organisation.
Implementing a ‘best in class’ cyber security capability to:
• facilitate a risk based approach to protect the information and systems;
• drive an intelligence-led, agile and proactive approach to current and emerging threats;
• drive rapid and adaptable response to cyber incidents and;
• embed the necessary cyber security behaviours within the company’s culture.
Cyber Security Risk to you
Cyber Security risk is (or should be) one of your company’s highest priority Group Risks, comprised of three
key elements:
• inappropriate access to or misuse of information or systems,
• disruption of business activity and
• compromise of process automation systems.
These risks come from both outside and inside the corporation.
Cyber threats are growing rapidly and will continue to evolve. Managing cyber security risk is essential for the
long term success.
The Goal

© Siker 2018
Constantly Changing Environment
Attacks are more sophisticated and harder to detect
Cyber Warfare is a credible threat
State sponsored cyber espionage
Organised cyber crime is a booming industry
The rise of Hacktivism
GROWING
THREAT
LEVEL…
CHANGING
TECHNOLOGY
LANDSCAPE...
CHALLENGING
BUSINESS
ENVIRONMENT...
The consumerisation of IT and mobile devices
Cloud computing and software as a service
Eroding corporate perimeter
Social Media and generation Y joining the workforce
A complex, global technology landscape
National Partnerships and Joint Ventures
Entry into new geographies
More focus on HSSE and building trust in organisations
Increased outsourcing
Growing regulations for critical infrastructure and privacy

© Siker 2018
Nation states are establishing and improving
their cyber capability
There is a growing “dark economy” based on
cyber crime
In this changing environment risk of external
attacks can’t be eliminated. A highly
resourced and motivated attacker can
compromise most defences
Hence it is key to be prepared to sense and
react to an attack
An intelligence-led and agile cyber security
approach is essential to respond to current
and emerging threats
There is a constant arms race in the external
cyber environment
New attack methods are developed on a daily
basis
External Threats – the Cyber Arms Race

© Siker 2018
Employees and trusted third parties have
higher levels of access
Hence internal threats can pose a significant
risk: both in terms of malicious and accidental
incidents
External threats may also materialise through
internal means (e.g. coercion, extortion).
Often the best external attackers will attempt
to impersonate or compromise an internal
user
Malicious insider risk can’t be eliminated. The
risk of a person with legitimate access stealing
information or causing damage can only be
managed through increased supervision,
screening, and access control
Therefore, additional lines of defence for the
most critical assets are key to protection
Minimising the risk of human error through
automatic controls and education is a key
foundation element
Internal Threats – Key Sources of Risk

© Siker 2018
Indicators of Weak Cyber Foundations
84

© Siker 2018
Why is this Happening?
85
There must be
serious
management of
third-party risk
Breaches will
get more
complicated
and harder to
beat
Organisations
will have to
automate to
keep pace
Companies
need to get firm
on BYOD
policies
Organisations
will need to
focus on data
integrity
The IoT and IIoT
will have
repercussions
across industry
There will be
more security
available in the
Cloud
Organisations
must get
serious about
monitoring
Collaboration
will be the
solution for
most aspects of
the Supply
Chain Cyber Security
skills shortage is
really taking
hold

© Siker 2018
According to the ISA/IEC 62443 glossary, an ICS (or
IACS) can be defined as:
‘A collection of personnel, hardware, software and policies
involved in the operation of the industrial process and that
can affect or influence its safe, secure and reliable
operation’
What is an ICS?
86

© Siker 2018
Many Names For the Same Thing
87

© Siker 2018
PAS 555 states…
Individuals and Organisations
struggle to identify appropriate
certifications and skills that
demonstrate their ability to effectively
mitigate ICS security-related risk
A lot of Certifications are targeted
at demonstrating and documenting
compliance.
What is the People part of the Problem?

© Siker 2018
A Workforce capable of identifying
anomalous behaviour that may
indicate when their ICS environment
is under attack
Teams who are able to respond to
an identified incident in a timely and
efficient way in order to best protect
the business
What Does the Business Want?

© Siker 2018
Culture and The Importance of Behavioural Change
Cyber culture embraces and supports
innovation and flexibility
Historically resists standardisation across
its diverse businesses
The company is in a journey of change to
drive more systematic risk management
Additionally, incorrect behaviours can
undermine the cyber security defences.
There is a need to drive cultural and
behaviour change.
Incorrect behaviours can pose a risk,
while correct behaviours act as a
mitigation

© Siker 2018
Presence of the
Abnormal
Absence of the
Normal
Look for the ‘Out of Place’
91

© Siker 2018
A Governance Framework
• It is vital that a formal governance framework is established to ensure
cyber security risks are identified and dealt with in a consistent and
appropriate way.
• These risks must be set against the business requirements to align the
requirement for an appropriate level of security.
• This framework will set out
– Clear roles and responsibilities (RACI chart built into job descriptions)
– An up to date strategy for managing the cyber security risk
– Provides assurance that policies and standards are being followed
92

© Siker 2018
A Multi-layered Response to Cyber Threats
INTELLIGENCE REPEL SENSE REACTHACKTIVISTS,ESPIONAGE,
CRIMINALS&WARFARE
EFFICIENTELECTRONICBUSINESS
STILLNEEDSTOFLOW
INFORMATION INTERCEPTION
ABUSE OF PRIVILEGES
UNAUTHORISED ACCESS
LOSS/THEFT OF DEVICES
PHYSICAL INTRUSION
SYSTEM EXPOLITATION
TARGETED MALWARE
UNTARGETED MALWARE
NETWORK ATTACK
SOCIAL ENGINEERING BEHAVIOURS
NATION STATES
MALICIOUS INSIDERS
BUSINESS PARTNERS
ORGANISED CRIME
RECKLESS INSIDERS
HACKTIVISTS
TERRORISTS
3RD PARTY PROVIDERS
CORPORATE RIVALS

© Siker 2018
Strategic Objectives to Grow into a Cyber Resilient Organisation
INTELLIGENCE REPEL SENSE REACTHACKTIVISTS,ESPIONAGE,
CRIMINALS&WARFARE
EFFICIENTELECTRONICBUSINESS
STILLNEEDSTOFLOW
INFORMATION LEAKAGE
INFORMATION INTERCEPTION
ABUSE OF PRIVILEGES
UNAUTHORISED ACCESS
LOSS/THEFT OF DEVICES
PHYSICAL INTRUSION
SYSTEM EXPOLITATION
TARGETED MALWARE
UNTARGETED MALWARE
NETWORK ATTACK
SOCIAL ENGINEERING BEHAVIOURS
NATION STATES
MALICIOUS INSIDERS
BUSINESS PARTNERS
ORGANISED CRIME
RECKLESS INSIDERS
HACKTIVISTS
TERRORISTS
3RD PARTY PROVIDERS
CORPORATE RIVALS
Maintain agile,
intelligence
led security
defences
Implement integrated,
useable and secure
baseline controls
Specially protect
critical assets
Make cyber
security part of
everyone’s job
Develop best in class people
and capability
Regularly test & assure
the defences and response
Establish
rapid and adaptable
response

© Siker 2018
3 Year Roadmap – Indicative
2017 2018 2019
Information Security profession development
Develop cyber component of Group Security competency framework
Enhance Digital Security organisation and
strengthen segment CISO role
Increase line-embedded capability
Advanced training for
top 3 communities
Group policy implementation, educate and support Group Leaders
Advanced training for top communities in each segment
Advanced vetting process
Advanced Monitoring
Strengthen government and industry ties,
Deliver actionable threat intelligence
Correlation with access and
application data
Correlation with
physical data
IAM foundation IAM advanced
Independent review Operational asset assurance
Behaviour assurance and practical exercises
Architecture for secret
(focus on Board and Critical users)
PCN foundation controls
Extended secret data protection
PCN advanced controls
Conformance with Continuity
policy
Strengthen contingencies and recovery provisions for key
cyber scenarios
Reduce human error data-loss
and malware risk Reduce data leakage / theft risk
Develop best in class
People and capability
Make cyber
security part of
everyone’s job
Maintain agile,
intelligence
led security defences
useable and standard
baseline controls
Regularly test &
assure the defences
and response
Specially protect
critical assets
Establish
rapid and adaptable
response
IT&S cyber scenario testing &
training
Group-wide cyber scenario testing and training
Revised based on threat landscape Revised based on threat landscape

© Siker 2018
Cyber Strategy alignment with Business Strategy
Relentless focus on
safety
Playing to our
strengths
Stronger and more
focused
Simpler and more
standardised
More visibility and
transparency to value
Specially protect
critical assets
Mapping between Business Strategy and Cyber Security Strategy
Regularly test &
assure the defences
baseline controls
baseline controls
Specially protect
critical assets
Establish best in
class capability
Regularly test &
assure the defences
Establish best in
class capability
Maintain agile,
intelligence led
security defences
Make cyber
security part of
everyone’s job
Regularly test &
assure the defences
Make cyber
security part of
everyone’s job
Specially protect
critical assets
Establish
rapid and adaptable
response
Maintain agile,
intelligence led
security defences
Maintain agile,
intelligence led
security defences

© Siker 2018
Strategic Decision Support Framework
How preferences inform implementation and investment decisions
Area
Passive VerifyASSURANCE
APPROACH
Regularly test the defences and assure that controls
are effective.
General TargetedAWARENESS &
EDUCATION
Broad and thin for all users. Narrow and deep for at risk
communities. Training needs to be relevant and answer
the question ‘What’s in it for me?'
Manual Automatic
CONTROL
TYPE
Automate controls that matter most to reduce room for
human error
Best of Breed IntegratedSECURITY
SOLUTIONS
Choose simple, integrated, standard solutions. Only select
best of breed for critical assets and protection against
advanced threats
Organisational Position
Preferred Emphasis
Baseline Controls Critical AssetsSECURITY
FOCUS
Implement a solid baseline (industry standard) and raise
security for critical assets as additional lines of defence
(best security)
Cost Focus Usability FocusSECURITY COST
vs USABILITY
Solutions need to be more usable for users to leverage
them instead of working around them
Rigid Agile
DEFENCE
BARRIERS
Proactively implement flexible controls to respond to the
fast changing threats. Never be as agile as the threats,
but there is a need to strive for high agility

© Siker 2018
NIS Directive - Why is it Important?
• Because most of you are either an OES or supply products/services to
one!
• Non-compliance may lead to a fine up to £17million
• Contains 14 high-level security principles
• Objective A Managing Security Risk
• Objective B Defending Systems against cyber attack
• Objective C Detecting cyber security events
• Objective D Minimising the impact of cyber security incidents
Includes Objective B6 – Staff
Awareness and Training

© Siker 2018
How can we help?
• Siker is a GCHQ Accredited Training Organisation (ATO) and currently
has a suite of ICS-related training courses and more are in development.
• We do Cyber Essentials consulting for your Supply Chain assurance.
• We design skills and competency frameworks for your teams so you get
the right people with the right skills in the right places.

© Siker 2018
Example Framework

© Siker 2018
Where do you go from here?
Understand your current skillset and gaps
Keep an eye on what’s coming your way
Push your requirements into the Supply chain
The aim is not to make staff Security Professionals
but to make them professionally secure
“In times of change, Performers inherit the earth…
while the learned find themselves beautifully
equipped to work in a world that no longer exists.”
Eric Hofer, 1932

Please check rear of
badge for breakouts
#de18

Refreshments &
Networking
#de18

CONFIDENTIAL FOR INTERNAL USE ONLY
The IT Resilience Platform
Releasing data mobility in the multi-cloud, multi-site world
Nick Williams

++
Mergers & Acquisitions
Move to Cloud
Datacenter Consolidation
Maintenance & Upgrades
PLANNEDUNPLANNED
User Errors
Infrastructure Failures
Security & Ransomware
Natural Disasters
IT Resilience

Deliver an always-on
customer experience
Move with ease
and without risk
Leverage cloud to
accelerate business
Workload
Mobility
Multi-Cloud
Agility
Continuous
Availability
Zerto IT Resilience Platform

One Platform For IT Resilience
Multi-Cloud Workload Mobility Non-Disruptive
Orchestration & Automation
Continuous Data Replication
Continuous Data Protection
Application Consistency Grouping
Journal-based Recovery
Long-term Retention
Analytics & Control

IT Resilience Platform
Powerful & Resilient
Scale-out, compression, throttling
Production
Site
BC/DR
Site
No Impact Protection and Testing
Block-level, no snapshots, no agents
Continuous Data Protection
Checkpoints in seconds, Recover any to any
vCenter
VM-Level Replication
vCenter
Simple Deployment
No downtime install in minutes

Solve for Multi-Cloud
Zerto Virtual Replication 6.0
Single platform for continuous availability,
data protection and workload mobility
to, from, and between multiple clouds.

Any2Any
Mobility
Remote
Upgrades
JFLR
for Linux
Network
Analysis
Continued
Scalability
Multi-Cloud, Hybrid Cloud
Enhanced
APIs

Any2Any Mobility
Azure to Azure
Failback from AWS
Public Cloud to Public Cloud

Any2Any: Microsoft Azure
Intra-Cloud – Region to Region
New Azure regions support-Azure
Government, Germany, China
Replication & Automation
On-Premises
One-to-Many
Bi-directional
New Intra-Cloud
Azure Azure

Any2Any: AWS
Failback from AWS
On-Premises
S3
• No performance impact
• No agents
• One experience, One platform

Any2Any: Multi-Cloud
Inter-Cloud – Public Cloud to Public Cloud
* Azure to AWS One-to-Many supported
On-Premises
Bi-directional
New Inter-Cloud
S3
Azure

Any2Any:Multi-Cloud, Hybrid Cloud
One-to-Many
On-Premises On-Premises
On-Premises
Azure Zerto CSPIBM Cloud
Azure
S3
IBM Cloud Zerto CSP

One User Experience Across Clouds

Simplicity Through Automation
4-Click
Recovery
Process
Click Failover1
Select Apps2
Verify3
Start Failover4
FOR INTERNAL USE ONLY || 119 ||

Zerto Analytics
Multi-Site, Multi-Cloud Visibility
New Network Performance Analysis
New 30 Day Network History
API Driven

Visibility Across Multi-Site, Multi-Cloud
Zerto Analytics

New Live Network Reports
Zerto Analytics

Zerto Analytics
Network Summary

Zerto Analytics
Network Performance
History
• Throughput-max/avg
• WAN Traffic-max/avg
• Zoom in to troubleshoot

Zerto Analytics
IOPs History
• IOPs-max/avg
• Zoom in to troubleshoot

Continued Scalability
Support 10,000 VMs within each
ZVM / VMware vCenter pair

Solve for Multi-Cloud

Not just insurance
Production Site
VM-Level Replication
AWS
• Hybrid Cloud • Multi-Cloud• One-to-Many

Security & Resilience for next generation infrastructures
and the IoT: activities and lessons learned
5th Digital Energy Conference 2018
Aberdeen, 1-2 May, 2018
Dr. Angelos K. Marnerides
Lecturer (Assistant Professor) in Computer Networks
InfoLab21
School of Computing & Communications
Lancaster University
angelos.marnerides@lancaster.ac.uk

Outline
• Resilience in Systems
• Part I : Activities on SmartGrid E2E cybersecurity & resilience
– EU EASY-Res
– Upside KTP
– Showcase: Anomaly detection/power profiling on AMIs
• Part II: SCC ICS testbed – cybersecurity & resilience assessment
– ICS testbed Architecture
– Showcase: Attack detection in ICS
• Part III: On large-scale IoT-based attacks
– MATI: Macroscopic Analysis of ioT-based Intrusions
– Showcase: Botnet scan traffic characterisation

Resilience in systems
• System resilience is defined as the ability of a system to maintain acceptable levels of
operation in the face of challenges, including:
– Malicious attacks, operational overload, misconfigurations equipment failures
– Resilience management encompasses the traditional FCAPS (fault, configuration, accounting,
performance, and security) functionalities
• The Networking group as well as the Security Lancaster Institute in SCC at Lancaster
University (since the early 2000s) addresses system resilience in a range of topics such as
the backbone Internet, cloud computing, sensor networks, the SmartGrid, ICS and the
IoT (national/international research projects, 50+ PhD/MSc/BSc theses).

Part I:
Enable Ancillary Services bY Renewable Energy Sources
(EASY-RES) - EU H2020, 2018-2021
• Aims:
– Develop novel control algorithms for all converter-interfaced Distributed Renewable Energy
Sources (DRESs) and enable them to operate similarly to conventional Synchronous Generators
(SGs)
– Providing damping of transients, reactive power, fault ride through and fault-clearing capabilities
• Lancaster contribution
– Definition of a novel high-level substrate architecture for interactions in the EASY-RES ecosystem
– Development of novel mechanisms for secure and resilient data communication
– Provision of data processing, analysis, and visualization to support the Transmission System
Operator (TSO) and Distribution System Operator (DSO) operations such as accounting,
optimization and control support.

Part I:
EASY-RES (cont..)
identification of roles
stakeholders inside
EASY-RES ecosystem
their correspond
connection with diffe
software components. T
subtask is closely rel
to WP5, but within T
the focus lies on softw
component side;
Analysis of avail
communica
infrastructure
selection of feas
communication chan
for use within the pro
(considering
requirements analy
This also includes
Legend
TSO = Transmission System Operator
DSO = Distribution System Operator
ICA = Individual Control Area
μG = micro grid
BESS = Battery Energy Storage System
DRES = Distributed Renewable Energy
Source
SDDC = Software Defined Data Centre
PKI = Public Key Infrastructure
AS = Ancillary Service

Part I:
Upside LTD – Knowledge Transfer Partnership
• Funding body : Innovate UK, duration: 2 years (2018-2020)
• Upside LTD runs a virtual energy store:
– Shifting electricity usage from peak to off-peak times
– Relieve stress on the grid
– Reduce costs and environmental impact
• Technology
– Use available battery capacity (e.g. UPS capacity)
– Interconnect batteries to form a distributed system
– A power plant with properties of an IoT application

Part I:
Upside LTD – Knowledge Transfer Partnership (cont..)
• Goal:
– Design & implement a novel, unified security framework that expands the OpenADR
protocol, complies with ISO27001 standard and GDPR.
• Core technical objectives:
– Secure the end-to-end (E2E) interaction of their customers with their cloud-based services
and further empower service reliability.
→ E2E Privacy-aware Public Key Infrastructure (PKI)
– Detect in advance any malicious intent throughout the complete E2E communication
between the Upside Fleet Devices and the Upside Cloud services.
→ Anomaly detection under privacy-aware Big Data analytics.

Part I:
Showcase: Power consumption profiling
& anomaly detection on smart meter data
• Consumption from an Advanced Metering Infrastructure “pilot” deployment in the US
(440 households in the state of Massachusets in 2016).
• Novel mathematical methods on feature composition and data clustering using time-
frequency and information theory metrics (i.e., information entropy).
0
5
10
15
20
0
500
1000
1500
2000
0
1
2
3
4
5
6
x 10
4
Renyi Entropy (bits)Mean Frequency Marginals (Hz)
MeanTimeMarginals(sec)
HC
LC
EC
MC
LMC
Load altering attack
Appliance-level failures
Attacks & Failures (320 houses microgrid)
v Marnerides, A., K., Smith, P., Schaeffer-Filho, A., Mauthe, A. Power Consumption Profiling
using Energy Time-Frequency Distributions in Smart Grids, in IEEE Communication Letters,
Processing cost < 1.2 sec
Common “bad” clustering Our method

Part II:
U. Lancaster Industrial Control Systems Lab
• Primarily funded by the GCHQ.
• Supported by Fujitsu, Raytheon and Airbus.
• 5 active academics, 10 PhD students, 8 MSc students

Part II:
Showcase: Attack detection in ICS
• Scenario : Load altering through two types of Man-in-the-Middle (MITM) attack.

Part II:
Showcase: Attack detection in ICS (cont..)

Part III:
Large-scale IoT-based attacks (background)
• Large-scale network intrusions/attacks (e.g. DDoS)….
→ recently seen as coordinated large-scale IoT-based attacks (e.g. Mirai botnet)
→ IoT devices : compromised “bots” for a given botmaster
• How such devices are initially located?
– Customized network scans (shown shortly in the showcase...)
– Recently: Hacker-friendly Search Engines (HfSEs)
• How attackers hide such scans and themselves?
– IP Spoofing over legit IPv4/IPv6 addresses
– Darkspace’s unused IPv4/IPv6 address range (a.k.a Internet background radiation)

Part III:
Large-scale IoT-based attacks
(activities: SCC threat intelligence lab)
• Fujitsu have provided:
– Equipment and licencing
– Technical resource to build the
system
• Provides a fully isolated experimental
environment
– Typical honeypot
– Experimental networks for malware
analysis
– Malware teardown and reverse
engineering
– Automated testing and realistic traffic
– IoT testbed integration

Part III:
Activities: MATI - Macroscopic Analysis of ioT-based Intrusions
• Supported by the GCHQ, Fujitsu, Raytheon
• Technical Aims:
➢ IPv4/IPv6 Darkspace & HfSEs
measurement & monitoring
➢ Network Traffic Big Data-based
Characterization
➢ Service resilience impact prediction
➢ Cloud-based Diagnostic Tool Development
(MATIaaS)

Part III:
Showcase: Botnet scanning characterisation
• Network scans → botnet propagation
• Scanning is also a useful NOC tool and may
be considered as a legitimate process.
• Can we distinguish botnet-related scanning
activity from other types?
• Approach: Comparison of botnet scans vs.
NMAP scans of various types using real
network traffic from backbone Internet links
(2014-2016).
• Method: Multivariate timeseries analysis of
flow features under conditional entropy
Conclusion: Botnet-related scans
are carefully crafted and they look
alike in terms of their entropy!

Future Directions
• Next generation infrastructures systems have large
overlap with
– the …”not so smart” yet Grid
– Internet of Things (IoT) applications
– Industrial Control Systems (ICS)
– The Internet backbone
• Energy and ICS systems have unique security
challenges
– Security & resilience impacts on the physical world
– Energy systems cannot be shut down
– Energy systems are highly distributed
– System changes/improvements are challenging
Work in this space requires
collaboration between
industry and academia!

VICKY GLYNN
PRODUCT MANAGER, BRIGHTSOLID
2ND MAY 2018
WHY HYBRID CLOUD
MARKS A SEA CHANGE
FOR OIL & GAS

149
TECHNOLOGY TRENDS MADE
POSSIBLE BY CLOUD COMPUTING
THAT ARE TRULY REVOLUTIONARY
HYBRID CLOUD MANAGEMENT ALLOWS ORGANISATIONS TO
ACTUALLY DELIVER BUSINESS CHANGE
SKILLS & EXPERIENCE WITHIN OIL & GAS WILL ENSURE BARRIERS TO
CLOUD CAN BE OVERCOME

150
INTELLIGENT
DIGITAL
MESH
2018 TECHNOLOGY TRENDS

151
SPECIALISED
AND PUBLIC CLOUD SERVICES
WITH
A MANAGEMENT OR
ORCHESTRATION LAYER
WHAT IS HYBRID CLOUD?

152
CLOUD REPATRIATION
SINGLE VENDOR REGRET
MARKET VOLATILITY
CLOUD EVOLUTION… OR GROWING PAINS?

153
ESTABLISHING A STRATEGY
IDENTIFYING PARTNERS
WORKLOAD MIGRATION &
MANAGEMENT
PROCESS & VISION
TOP CHALLENGES ADOPTING CLOUD*

154
THE SECOND WAVE OF CLOUD ADOPTION BY
MORE CONSERVATIVE AND REGULATED
INDUSTRIES*
* GARTNER

155
HYBRID CLOUD IS A JOURNEY
NOT A DESTINATION
* GARTNER

156 * GARTNER
“TECHNOLOGY GROUNDED IN THE
BASICS OF THE OIL & GAS INDUSTRY”

Steven Ritchie
Baker Hughes GE
@BHGECO
#de18

Cash Flow
Statement
Balance Sheet
Income
Statement

Order
Taker
Necessary
Linkages
Mutual
Dependency
Synchronised
Teams
True Partner

Angela Mathis
Think Tank Maths
#de18

Copyright ThinkTank Maths Ltd 2017
Embracing the possible: applying cross-transferable
innovation from other industries
Angela Mathis
Chief Executive
Digital Energy 2018
5th Annual Conference
2nd May 2018

New MER Landscape
OGA
- technology plans, behaviour and R&D spend measurement
- Operator evaluation; leader, fast follower, informed buyer
- NDR (National Data Repository)
https://www.ogauthority.co.uk/media/4807/documentsscottish-oil-
club-presentation.pdf
‘ONE’
- vision and leadership
OGTC
- shared risk investment (50% and in-kind)
- JIP opportunities
- partner with new capability providers

Accelerating innovation through applied learning from other sectors
….aerospace, defence, transport, health

Data Science, the
new ‘god we trust’ or
just jargon?

What do all our customers have in common?
• Need support in decision-making to drive better outcomes
• Huge, unstructured, fast-growing complex datasets
…want to find and operationalise the value in their Data
• Data analysis …various technics (maths & stats)
• Need new tools that are integrated into existing processes – must fit within
the system and context of how organisations currently do business
…’trusted’, userfriendly, legacy-compatible software

Director, Public Health and Intelligence
“In God we trust;
all others must bring data.”
W . Edwards Deming
Public Health Improvement
“Data driven action”
Example: Health

Population Health Challenge
Life expectancy compared with other European countries.
Scotland

Benchmarking the energy sector against the digital
innovation curve of other industries

Why Digitalisation Now?
May 3,
Slide
181
Global data generation has
increased by 90% in the
past two years
Processing power costs have
decreased by 50 times
since 2007
3D printing will increase by
2,000% between
2015 and 2030
The use of digital
sensors will grow by
700,000% by 2030

Examples of cross-transferable capability
intelligence and application

- Asset Integrity; through-life monitoring and risk assessment (CBM),
anomaly detection, root cause analysis, prediction of failure (integrity kick)
for timely maintenance
- Manage Drilling Operations; dynamic wellbore positioning accuracy,
wellbore planning, relief well planning, wellbore stability prediction –
preventing troubles while drilling (e.g. avoiding stuck pipe ...)
- P&A; identify viable cost savings, predict leakage to surface (HSE compliance)
Cross-over capability from Military and Aerospace
to the Oil and Gas industry.

TTM’s Trusted Reasoning Architecture (TRA) is a novel mathematical architecture for
semi-autonomous (man-in-the-loop) ‘command and control’ decision aids, intelligent cockpit,
urban search, drones... (UK Ministry of Defence)
TRA-based systems :
- non rule-based
- learn (capture the world real-time and update their situational awareness),
- flag up subtle anomalies in static and real-time sensor data
Why ‘trusted’?
- they explain their reasoning to the human operator
Example : ‘Trusted’ Decision Support Systems
with Dynamic Situation Awareness

SiteCom WITSML Server
“Real-time”
Visualisation Archive
CSV
Internal Archive
Bespoke format
“Static data” ServerNominal Field Values
BGGM + IFR + IIFR
BGS TRA Server ( + Client )
Sensor Data from BHA
MWD + LWD
Drilling Company
TRA Clients
Browser
“Drill Simulator”
Historical Surveys
CSV, LAS
Trusted
Reasoning
Architecture
(TRA)
Example 1: Dynamic System for Wellbore Positioning Quality Control
Trusted Reasoning Architecture (TRA) Workflow

Dynamic System for Wellbore Positioning Quality Control
Decision support: Output Visualisation Screen and Dashboard

Quality Control from LWD data provides information about the magnetic environment at higher
resolution than sparse MWD surveys.
• Additional information about geological environment
• Provides information to refine magnetic processing methods
Dynamic System for Wellbore Positioning Quality Control
High Resolution LWD-based Quality Control – Using Different Data

Example 2:
Prediction of Well Integrity and Leakage to Surface
Intelligent Diagnostic and Decision Support System
Optimised Plug and Abandonment

Plug and Abandonment
Output Dashboard – Single Well Current Conditions
Intervention 2 - 06/11/09
Depth : 15032.1 – 16604.2
Sensors: CBL, Gamma, Acoustic
Depth : 6342.3 – 6520.4
Sensors: Gamma, Ultrasonic
Depth : 8023.2 – 8198.3
Sensors: CBL, Ultrasonic
Depth : 18023.2 – 18198.3
Sensors: CBL, Ultrasonic
Geology Integrity
TTM
Diagnostic
Sensor Inputs

P&A
Output Dashboard – Single Well Future Conditions
Static
Integrity
Integrity
Evolution

Well
Current
Integrity
Predicted
Condition
Rigless
Procedure
Q-14
Q-20
Q-17
Q-23
Q-21
Q-16
Q-13
Q-15
Q-10
P&A
Output Dashboard – Multi-Well Assessment

The shift from strategy to action implementation

Leadership
Domain Experts
i.e. operations,
engineering, I.T.
Maths/Stats capability
DATA
The Essentials

- Leadership engagement; resource and budget commitment
- create an empowered, multi-skilled expert team with a shared vision
- partner to fill skills gap (Maths/Stats)
- identify and prioritise business issues of strategic importance
- agree a project ‘challenge statement’
- define target outcomes; savings, efficiency goals
- gather existing data and check what you can do with it
Getting started

Fundamental change: avoid siloed teams, siloed data
and isolated programmes

Example : New Space or Space 4.0
from Air Traffic Control to Smart Airports and Cities
- utilising existing core engineering and I.T. competencies
- breaking the traditional organisational and domain expert siloes
- creating new (versatile) capability, not (static) products
- capturing value and opportunity of ‘data’
- create new working partnerships with innovative small companies
(e.g. A.I., data analysis, machine learning, etc)

Removing the blinkers and improving visibility and collaboration

Consortium (JIP) Aspirational Projects are great as a sector call to action,
….it’s the deliverables in the road-map that count
Companies can explore ‘the art of the possible’ as a sector
– shared ideas, costs & risks
Aerospace example: ‘The Conscious Aircraft’ or Digital Twin
- CBM, failure detection, root cause analysis, predictive maintenance
- pilot decision support (towards single pilot) augmented intelligence
- efficient power usage

“It takes courage to take on and recognise new ways of working. There is a need for a breed
of sector leaders who are brave, courageous and committed.”
Colette Cohen, CEO, UK Oil & Gas Technology Centre
November 2016
“Digitalisation requires bold, forward-looking leadership.”
Grethe Moen, CEO, Petoro AS - July 2017

Thank you
Contact: Angela Mathis, CEO
a.mathis@thinktankmaths.com
ThinkTank Maths Limited
www.thinktankmaths.com

Stephen Ashley
OGTC
@digitalcloud
#de18

•
•
•
•
•
Using digital technology to drive operating performance

•
•
•
•
World Economic Forum -

MER UK Strategy – Central Obligation
Relevant persons must take the steps necessary to
secure that the maximum value of economically
recoverable petroleum is recovered from the strata
beneath UK waters.”
Oil and gas production over the period 2016–2050 is
now projected to total 11.7 billion barrels of oil
equivalent (boe) – An extra 2.8 Billion barrels
We need to use our data more effectively …….

OGTC Digital transformation
themes
Digitally enabled
supply chain
Smart
facilities
Optimised
production
Digital
and data
architecture
Digitally
enabled worker
Artificially intelligent
sub-surface teams
Deliver more barrels Become more efficient

•
•
•
•
•
•
•
•
•
•
•

Finance IT Business
Accounts
Service
Master
BU
Services
Apps
Infrastructure
Projects
Teams
Production
Stakeholders
R&D
Projects Operations
Exploration

Silicon Valley Data Science
Ingest
Descriptive
Analytics
Predictive
Analytics
Prescriptive
Analytics
Intelligent
Actions

Data
stores
Data
stores
Data
stores
Dev Ops
Cloud
Data Science
Platforms & API
Agile workbench
Foundation – Making
data infrastructure
available
Platform – Making
data available by
building a solid base
Data Scientist
Data
Engineer
Domain
Expertise
Data Science –
explore scenarios and
answer questions

We inspire, accelerate and fund technology and innovation
Driving digital trsnaformation
We are all about technology innovation…
Inspire Stimulate Accelerate Deliver
… working in partnership with industry.

Current project activity
7 projects
already underway
14 Proposals under
evaluation
Direct Approach or
Open Call
First call for ideas complete:
73 Ideas submitted
4 Projects identified
£1.2 million of OGTC
funding
£1.4 million industry
matching

Digital Technology Themes
Digitally Enabled
Supply Chain
Digital Sub Themes Industry Sponsors
Artificially
Intelligent
Subsurface teams
Digitally Enabled
Worker
Smart Facilities
Production
Optimisation
Digital and Data
Architecture
Industry Owner Value focus
Efficiency Task Force
Supply Chain Forum
• Track & Trace
• Integrated Planning
• Data Exchange - Standardisation &
Collaboration
• Vessel Logistics
• Applying Data Science
• Machine & Cognitive Learning
• Alexa for Subsurface
• NDR 3.0
• Open application platforms
• Wearable Technology
• AR/VR workplace support
• Digital Assistants
• Back Office automation and bots
• Upskilling
• Digital Twins and 3D model
convergence
• Remote Operations
• IOT and operational data platforms
• Condition Based Monitoring
• Shell
• BP
•
•
Inventory reduction
Reduced Duplicate orders
Increased Asset Uptime
• Smart Optimisers
• Well integrity
• Production monitoring
• Sensor Development
• Communication technologies
• Cyber security
• Data Architecture
• NDR 4.0 – Open Data platforms
Exploration Task Force
Asset Stewardship Task
Force

= Area of Interest
Northern North Sea Area of Interest:
• Use Machine learning techniques to
identify remaining ‘overlooked pay’
• Use available well data within the AOI
• Excludes seismic data for this phase
• ~1,200 exploration wells
• Up to 7,000 including A&D wells
• Mainly log data plus available
associated data, e.g. core, reports, etc.
Deliverable =
• Ranked list of ‘overlooked pay’
opportunities in order of confidence

Approved projects
Asset Healthcare and
Diligence
Assessment using
Advanced Analytics
Value OGTC / Industry
Using predictive
technology and
behavioural diagnostics to
identify human risk
SEER - Alarm RCA
Application
Well Intelligence
Application
LoRaWAN for
offshore
Marine Logistics
Vessel Optimisation
UK Hub - Shared
supplier information
repository for the UK
Oil and Gas Industry
Seismic in the
Cloud
Goal Value driver scoreTRL
£86,200 46.42% / 48.46% Fix Today 4 - 6 69%
£164,910
£598,000
19% / 81 %
36.46% / 22.92%
38.93% / 57.73%
41.09% / 47.27%
28.73% / 69.75%
37.62% / 60.7%
41.2% / 51.43%
£2,170,900
£982,950
£89,900
£27,500
£264,500
Fix Today
Fix Today
Fix Today
Fix Today
Fix Today
Fix Today
MER UK
71.5%4 - 6
5 - 9
4 - 8
7 – 8
3 - 4
6 - 8
6 - 7
71.5%
72%
68.5%
64%
75%
TBC
Cults Telecom
Services Ltd

We need your help!
Come and talk to us

Closing Panel Session
Steven Ritchie, Baker Hughes GE
Stephen Ashley, OGTC
Angela Mathis, Think Tank Maths
Jackie Doyle, Opportunity North East
Emma Perfect, Lux Assure
#de18

Digital Energy 2019
30 Apr – 1 May
AECC Aberdeen
#de18

248
TECHNOLOGY TRENDS MADE
POSSIBLE BY CLOUD COMPUTING
THAT ARE TRULY REVOLUTIONARY
HYBRID CLOUD MANAGEMENT ALLOWS ORGANISATIONS TO
ACTUALLY DELIVER BUSINESS CHANGE
SKILLS & EXPERIENCE WITHIN OIL & GAS WILL ENSURE BARRIERS TO
CLOUD CAN BE OVERCOME

249
INTELLIGENT
DIGITAL
MESH
2018 TECHNOLOGY TRENDS

250
SPECIALISED
AND PUBLIC CLOUD SERVICES
WITH
A MANAGEMENT OR
ORCHESTRATION LAYER
WHAT IS HYBRID CLOUD?

251
CLOUD REPATRIATION
SINGLE VENDOR REGRET
MARKET VOLATILITY
CLOUD EVOLUTION… OR GROWING PAINS?

252
ESTABLISHING A STRATEGY
IDENTIFYING PARTNERS
WORKLOAD MIGRATION &
MANAGEMENT
PROCESS & VISION
TOP CHALLENGES ADOPTING CLOUD*

253
THE SECOND WAVE OF CLOUD ADOPTION BY
MORE CONSERVATIVE AND REGULATED
INDUSTRIES*
* GARTNER

254
HYBRID CLOUD IS A JOURNEY
NOT A DESTINATION
* GARTNER

255 * GARTNER
“TECHNOLOGY GROUNDED IN THE
BASICS OF THE OIL & GAS INDUSTRY”

BYTES
SECURITY
PARTNERSHIPS
WELCOME
TO

WHAT WE OFFER
Agility, insight and a personal approach
Specialis
m
Security
our Sole
Focus for
16 Years
Stability
Part of multi-
billion Bytes
Altron Group
Expertise
Fully
accredited
engineers &
account
managers
In-house
Consultanc
y Full
Technical
Services
Portfolio
Top Tier
Vendor
Status
Commercial
Value &
Technical
Delivery
Unrivalled
Support
No First line
- Escalation
Engineers
on Every
Call

OUR EXPERTISE
Network Security Application SecurityContent Security Data Security
Access &
Authentication Mobile SecuritySecurity Intelligence
Breach & Vulnerability
Management

OUR EXPERTISE
Network Security Application SecurityContent Security Data Security
Access &
Authentication Mobile SecuritySecurity Intelligence
Breach & Vulnerability
Management
Next Generation Firewall;
Endpoint Security;
Intrusion Prevention;
Network Access Control;
Malware/APT Protection
Web Security; Email
Security; Anti Spam;
Content Control; Antivirus
Data Loss Prevention;
Data Theft Protection;
Data Encryption; Data
Classification
Load Balancing; Denial of
Service; Web Application
Firewall; Datacentre
Security; Cloud
Application Delivery
Multifactor Authentication;
Privileged Accounts;
Access Policy
Management; VPN;
Removables
Network Visibility;
Anomaly Detection; SIEM;
Log Management; Rogue
Devices; Internal Threats
Attack Detection; Patch
Management;
Vulnerability
Management; Penetration
Testing
Mobile Threat Prevention;
Secure Remote Access;
Mobile Device
Management; BYOD
Security

INDUSTRY
LEADING
COMPANY
FOCUS ON
YOUR
BUSINESS
CHALLENGES
EXPERIENCED
, QUALITY
CONSULTANC
Y
DIRECT TO
ENGINEER –
NO FIRST LINE
Top Tier Partnerships with World Leading Technology Providers = Value + Insight
• Speak to an accredited
support expert straight away
• Fix in shortest possible time -
avoid downtime
• Translate business challenges
into technical projects
• Experience and market insight
of security specialist
• Proven Track record -
16 years of consistent growth
• Specialists in field –
100% security focused
• All engineers 5 years+
consulting & support experience
• Full engineer engagement in
pre-sales & account reviews

SECURITY
STRATEGY
DEVELOPMENT
AND
TECHNOLOGY
MAPPING
ACCREDITED
CONSULTANT
TECHNOLOGY
DELIVERY,
INSTALLATION &
MAINTENANCE
IN-HOUSE
DIRECT TO
ESCALATION
ENGINEER
SUPPORT
10X5 OR 24/7
END TO END
INHOUSE
PROJECT
SCOPING,
PLANNING AND
DELIVERY
MARKET &
TECHNOLOGY
ANALYSIS,
PRODUCT
UPDATES AND
SECURITY
ESTATE REVIEWS
TRAINING AND
KNOWLEDGE
TRANSFER
SERVICES AND
SOLUTIONS
WHAT WE
OFFER

OUR VALUE
PROPOSITION
Our Account Services help
customers future proof their
security estates
Regular Account Reviews
Licensing Reviews & Rationalisation
Regular Product Roadmap updates
& events
Learning and Knowledge Share
Threat Advisory Webinars
Consistent Proactive Account
Management
Security Strategy Days
Topical security conferences &
seminars
Features
The result – high customer
satisfaction

Digital Energy 2018 Day 2

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Digital Energy 2018 Day 2

Ähnlich wie Digital Energy 2018 Day 2 (20)

Mehr von Ray Bugg

Mehr von Ray Bugg (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Digital Energy 2018 Day 2