Gomeet Pant, lead – IT Security and Compliance of Cairn Energy has a varied range of skills and a rich experience in the industry. A certified information systems auditor, Pant has a broad information security and technology portfolio with an array of certifications.
In a conversation with CSOonline.in, Pant gives us an overview of what it is like to lead a security team at a core company, the changing face of cybersecurity, and what new age threats affect the oil and gas vertical globally.
What are the new age threats to the oil and gas vertical globally? How do these trends differ in India?
With the convergence of networks, an ever-increasing demand of management for real-time production data and Internet of Things (IoT) usage, efficiencies may have improved, but so has the attack surface on critical networks. This has increased the threats emanating from non-conventional systems like IoT devices which conventional IT security personnel have difficulties in decoding.
“We expect to be ahead of the curve in terms of digitalization by expedient adoption. Alongside adoption, Cairn will be focusing on the development of security framework for ensuring that high pace digital revolution does not leave us vulnerable.”
Not so long ago, critical infrastructure was running in disconnected silos. Today, these have invariably latched onto IT networks through some controls like firewalls or ACLs making them available for attacks through direct or indirect channels. Though there are several emerging and established standards set by the likes of NIST and ISO/IEC for OT systems and IoT, there is a reasonable knowledge void on implementation across the globe and India is no different.
How do you see the role of CISO at Cairn India change over the years? Any significant additions or enhancements to your role?
In the last few years, there has been a strong management focus on cybersecurity elements of plant systems as they are not only controlling national assets, which have a potential impact on the economy but can also cause safety risk in case of malicious manipulation of plant systems.
In several organizations, IT does not own security of plant control systems but are now being expected to provide SME services in enhancing the cybersecurity posture of the systems supporting Oil and Gas operations. Now cybersecurity chiefs are partnering with plant managers in security enhancement on plant control systems.
What according to you will be the three big security trends to emerge in 2018? And how are you prepared for the same?
2018 should bring about several critical changes and I am happy to say that Cairn is already moving in that direction. All large organizations hacked in the last 3 years were ISO27001 certified. While a compliance certification alone would not help you, they are still mandatory for a variety of reasons. We would also notice a trend of automation of compliance reporting to a large level so that security leaders can focus on business risks rather than maintaining checklist-based approach.
The security team’s engagement would increase with digital and plant technology leaders for supporting all digitalization initiatives. This would essentially call for structured learning requirements for securing digital non-conventional IT assets. Additionally, we will witness a focus shift to a user and network behavior analysis through powerful artificial intelligence (AI) and machine learning (ML) tools as stealthy attacks from within networks can go undetected for a very long time.
According to you, how successful has the CIO-CISO/CSO collaboration been in the recent past? Is there more synergy with business stakeholders of Cairn too?
At Cairn, it has always been collaborative and we would continue to be like that as IT is incomplete without cybersecurity and vice versa. All the CIOs I know in the industry have cybersecurity among their top three priorities year on year. I don’t see it changing for bad in coming times either. Cairn has sizeable business stakeholder interest and involvement in cybersecurity decisions, which is encouraging and positively challenging at the same time.