Professional Documents
Culture Documents
Page 1 of 3
http://www.hydrocarbonprocessing.com/Article/3137769/Cyber-security-in-the-oil-sector....
1/27/2013
Page 2 of 3
Mr. Sorebo readily admitted that there are inherent risks in control systems that create unique security challenges.
Thats why he was advocating for application whitelisting, as it is an avenue to overcome vulnerabilities and
effectively lock down control systems.
When deployed correctly, application whitelisting can operate seamlessly in critical infrastructure with little
administrative overhead or help-desk support required, he said.
Cloud security
During another presentation at the event, two representatives from Orbis Technologies discussed how cloud-based
technologies can improve cyber security. As many petrochemical companies move to massive, shared cloud-based
networks, a new security approach is necessary. Orbis Eric Little suggested three approaches to make a companys
cloud more secure: infrastructure enhanced security, enhanced threat modeling and semantic security.
The ability to use semantics to model actual threats, like people stealing IP addresses, allows you to capture the
type of subject matter expertise that analysts wish to model, he said. You can also build security in by creating a
lexicon of important terms, with data elements categorized into appropriate classes. This advanced logic allows for
reasoning over data sets that can detect new patterns, allowing information to be gained.
Mr. Little also went into detail about the formal ontology of a threat. He said that all threats have three components:
intent, capability and opportunity.
Understanding the structure of threat components can allow for improved computational approaches, he said.
During his presentation, Mr. Little also itemized elements that should be included in core technologies for scalable
cloud-based semantics. These included:
Information extraction
Natural language processing
Entity extraction
Semantic resolution. HP
http://www.hydrocarbonprocessing.com/Article/3137769/Cyber-security-in-the-oil-sector....
1/27/2013
Page 3 of 3
http://www.hydrocarbonprocessing.com/Article/3137769/Cyber-security-in-the-oil-sector....
1/27/2013