‘Middle East Cybersecurity Forum’ invites KSU Professor for a Keynote Speech
Prof. Muhammad Khurram Khan from the Center of Excellence in Information Assurance (CoEIA) at KSU was invited to deliver a keynote on “Advanced Persistent Threats through Industrial IoT on Oil and Gas Sector” at the ‘Middle East Cybersecurity Forum’. The overwhelming event took place on 15-16 March 2021 and was attended online by a wide audience from around the world, including CISOs, CIOs, cybersecurity managers, engineers, practitioners, academics, and professionals. The objective of this forum was to share cybersecurity experiences and lessons learned during the pandemic and to discuss opportunities and challenges faced by the critical infrastructure sector.
At the outset of the keynote, Prof. Khurram highlighted the importance of oil and gas sector and said, “Oil and gas sector plays an instrumental role in the global economy being one of the world’s crucial fuel sources and considered as the life-blood of many countries as it greatly contributes to their national GDP”. To highlight the importance of technology in this sector, he further explained, “Technology, including Operational Technology (OT) and Information Technology (IT), has been an enabler in the oil and gas sector and has become a crucial element of critical national infrastructure. The confluence of technologies is driving the convergence of the internet of things (IoT) in the oil and gas industry and rapidly dissipating divisions between the two separated worlds of IT and OT. It also helps to increase productivity, enables better decision-making, optimizes business processes and project timelines.”
To underscore the importance of critical infrastructure cybersecurity, Prof. Khurram explained, “The problem with this sector is that it is too fragile as far as its cybersecurity is concerned, and any sabotage on critical infrastructure could have severe effects on a nation’s economy, and may impact its GDP and growth. Moreover, due to the recent deployments of IIoT and hyperconnectivity in the oil and gas sector, the lucrative targets of cyber criminals are industrial control systems and safety instrumentation systems, which are the backbone of critical infrastructure and underpin the importance of fourth industrial revolution (4IR)”.
To discuss the most prominent cyber threats on the oil and gas sector, he explained, “Advanced Persistent Threats (APTs) are among the most dangerous cyber risks any organization could face, as they are hard to detect and allow an intruder to hide within a network for months or sometimes years. The consequences of an APT attack are significant in terms of IP and data theft, industrial espionage, infrastructure sabotage, service outage, and perhaps resources takeover. APTs are conducted by highly organized and well-resourced attackers, sometimes state-sponsored or global cyber criminal groups. These attackers use malwares, Trojans, rootkits, spear phishing, malicious email attachments, or drive-by downloads techniques to perform APTs”.
At the end of his keynote, Prof. Khurram shared some solutions and recommendations and said, “To combat the emerging cyber threats, the first thing we need to understand is that cybersecurity is our shared responsibility. We need to build an ecosystem that should prioritize and promote cybersecurity awareness and cyber hygiene practices to protect from cyber criminals and online risks. The diverse, inclusive and skilled human capital along with state-of-the-art technologies and processes in cybersecurity is crucial to build a secure ecosystem. Partnership, engagement and collaboration of public and private sector, civil society, and academic institutions should never be underestimated. In addition, use of best practices including security and privacy by design, zero-trust model, multi-layer cyber protection, risk management and compliance, and adoption of cybersecurity capability maturity model could help to mitigate risks in the cyberspace”.
The event also hosted several other speakers from leading organizations including STC, Mimecast, Saudi Aramco Total Refining and Petrochemical, Schneider Electric, Dubai Electronic Security Center, Standard Chartered Bank, Tasnee, and Artificial Intelligence (AI) Society Bahrain.