Strong Protocols Required for CybersecurityWed, 02/24/2016 - 15:32
Energy powers the world, and anyone that contributes to this eminent sector must be cognizant that any impact on the end product will have widespread implications across society. No one is more aware of this than Ricardo Panez, Regional Director of Latin America Sales at Check Point Software Technologies. Cybersecurity has become a priority for energy companies, since one or two failures in a new structure will wreak havoc in an energy system. Ultimately, protecting critical infrastructure is crucial, not only for prestigious energy companies like CFE and PEMEX, but also for all other players. IT security is no longer viewed at the peripheries of a company, and for Panez it is not enough to have a firewall; security must be ingrained at the core. “Here, we delve into governance risk and regulatory frameworks that support security protocols. In the IT world, assets are defined as information, and Check Point looks at ways of protecting the companies’ precious data.” The biggest factor missing in the equation is a strong regulatory framework aimed at protecting infrastructure.
According to Panez, this slack regulatory framework surrounding critical infrastructure has an impact on the development of some energy technologies across not only Mexico, but Latin America as well. “Few regulations have been established in relation to nuclear power throughout Latin America, and some prototypes are decades away from materializing precisely because of this lack of protocols.” Panez is adamant that, without strict security policies embedded in the energy sector, there cannot be serious technological developments. He compares the processes to those in the US, where existing nuclear reactors must comply with stringent regulatory requirements that all companies must meet. He relates the disappointing reaction in Mexico when trying to work with CFE in Laguna Verde in his attempts to reinforce its security protocols. “It is unconscionable that the main electricity utility in the country has not renewed its protocols and has made little advancement.”
The slow development of technologies is not the only challenge that lies ahead, and after the Reform there will be new agencies and entities adopting new strategies and procedures. “It is interesting to note that there is not a standard security protocol adopted and agreed on by all agencies. Rather, each entity has its own approach to security,” he points out. “Legislation is the only way to solve this discrepancy. It is important for the government to be as transparent as possible.” As a result, cybersecurity companies must take on advisory roles in order to show the government which path to take in relation to protecting critical infrastructure. “In essence, all security companies must play a contributory role, providing expertise in the decision the authorities make regarding its security,” he concludes.