In a latter keynote panel discussion at XPONENTIAL 2022, four cybersecurity professionals discussed the topic of cybersecurity with important lessons learned from the energy sector.  The panel featured: Michael Robbins, executive vice president of government and public affairs, AUVSI, along with Shawn Bilak, cyber lead, Federal cybersecurity, Southern Company, Eric Cardwell, director of cyber risk engineering with Axio, and Tobias Whitney, vice president of strategy and policy at Fortress.
 

Building Trust

The discussion began with focus on the topic of "trust" and how it melds into the conversation around cybersecurity.  The energy sector is one that has had major cybersecurity breaches and events recently and therefore is able to shed some light on the topic of trust - that may be of benefit and interest to the autonomous sector. 

While the advancement in the autonomous vehicle sector has been notable, and its progress is on a steady upward trajectory, any breach in trust, stands to set back such progress if we are not alert about it and to it.  In fact, without much care for, and dedication to trust, the autonomous industry risks being halted in its tracks. 

The Colonial pipeline cyber breach is fresh in the mind of many.  Ransomware was launched into the network that operates Colonial's pipeline and the company had to pay ransom to extinguish the risk and move one.  
 

Get Ahead of Regulators

Soon after the breach, the Department of Homeland Security instituted very specific guidelines that they and others were forced to now comply with. This became problematic and difficult.  The imposition of the guidelines many months after, and the requirements suggested that regulation placed without comment, feedback, or participation by industry presented problems.  Eric Cardwell of Axio emphasized the importance of acting after a breach.  Get ahead of the anticipated measures and subsequent issues post-cyberbreach to avoid any undue requirements being shoved at the industry nearly two years later.

This substantiates the need for ongoing collaboration and spotlights the value of working with industry trade groups to act collectively and regularly in cybersecurity to avoid a government agency from reacting as they did to the Colonial pipeline incident. 

Tobias Whitney referred to the North American Electric Reliability Corporation (NERC) which is a non-profit and was designed to bring stakeholders together and establish industry best practices.  The collaboration proved valuable when there was later a blackout that occurred in various states.  When regulators later arrived to impose requirements to further avoid such an electrical blackout again, they found that the best practices that had been established by the working group were an excellent basis for them to leverage.  And so, they did.  It was an example of how industry collaboration, ahead of any regulatory body showing up after any event, is a smart way to get a good grip on cybersecurity and establish the trust that is so crucial to the AUVSI community. 
 

Supply Chain Risk Management

Because supply chain is at the forefront of so many discussions nowadays, the panel discussed how its fragility and cybersecurity is so important.  Tobias Whitney said that it is important to examine the supply chain and look at the cybersecurity components of it relative to the autonomous vehicle community.  Looking for appropriate frameworks that may be adopted from the energy sector as may other measures of cyber hygiene. 

Such practices are crucial as cybersecurity is always concerning.  Following the lead of other sectors such as the energy sector is a smart move.  Altogether, building best practices gleaned from the industry instills trust and helps advance the forward progress of AUVSI, its members, and the great work and technology they are engaged in.