With major cyberattacks now regularly reported around the world, including the recent ransomware attacks on an American oil pipeline and an international beef supplier, the public is coming to understand how much cybersecurity can affect their everyday lives.
In anticipation against this kind of disruption, ExxonMobil has spent years developing cyber resilience plans. The strategy is twofold. First, provide an effective shield against possible threats and security breaches. Second, maintain an effective plan to restore capacities should any disruption occur.
To better understand these issues, Energy Factor recently spoke with ExxonMobil cyber business response executive Martha Miranda. A 28-year veteran of the company, Martha leads the team responsible for enabling the company’s fuels and lubricants business to respond to a major cyberattack, as well as ensuring rapid recovery in the event of a disruption.
Martha sits squarely at the intersection of sophisticated manufacturing and business operations and the emerging realities of a digital world. Here’s her view on how she and her team help keep today’s energy secure.
Energy Factor: Thanks for taking the time to speak with us. Your career at ExxonMobil has spanned decades and taken you all over the world. You’ve worked in New Jersey, Virginia, Singapore and are presently in Houston. What initially sparked your interest in the energy industry?
Martha Miranda: It started back in college. I interned with Mobil Oil and Mobil Chemical and am a chemical engineer by training. I was always interested in the technical aspects of manufacturing process design, and how to use “the industrial pots and pans” to make things. ExxonMobil has always led in the energy business – the cornerstone that makes everything move and turn in society. And, when ExxonMobil hires you, it’s for a career, not just a job. You don’t really anticipate that when you’re young. But here I am, 28 years later, and I’ve enjoyed every second of it.
EF: So, how did your work as a chemical engineer lead to cybersecurity, specifically business response and continuity?
MM: After I got my degree, I started out in industrial sales. I helped sell the lubricants that go into all types of rotating equipment from power drills to gas turbines. ExxonMobil gives us lots of opportunities to expand our knowledge and pursue our career interests. Over the years I got experience in sales management and distributor marketing and I leveraged my language skills and started getting into roles that took me outside of the United States. I kept expanding my knowledge base, working in lubricants supply chain and logistics planning, wholesale and retail fuels, customer service and eventually quality management.
And so, when the cybersecurity business response project began, my expertise on our end to end business processes, from sales to manufacturing, made me a good fit. It’s been awesome learning about how much we do in this space, and it’s been exciting to be a part of something so critical to the value of the organization and the safety of the countries in which we operate.
EF: Now that you’re in the cybersecurity space, how has your experience shaped what you do today?
MM: Every day I’m immersed in all aspects of cyber business response. I’m applying my insights from risk management and brand protection to bridge the gap between IT and ExxonMobil’s business and manufacturing operations to help keep our business running without core systems in the event of a major cyberattack.
EF: So, what’s something that you’ve learned about cybersecurity that you think the public would find surprising? Or interesting?
MM: Cybersecurity means many different things to different people. But most often when people think of cybersecurity they immediately think of things like phishing and firewalls. It’s so much more. Defense is extremely important, but so is how you respond and recover.
I’ve also learned that much of the risk comes from actors targeting our employees with spam, phishing and malware. ExxonMobil has educated its employees in what we can do to make the company more secure – making sure people are aware that they themselves can be targets.
EF: How would you define success?
MM: True success would mean never having to implement any of the cyber business continuity plans that we develop. But achieving that kind of success means that we have to continue investing in more defense, and also on how we’d respond to and recover from a disruption. The technology used by hackers is constantly evolving and getting more sophisticated, and we have to use our resources carefully to stay a step ahead of them, yet still be ready if we were attacked.
EF: From your current vantage point, how do you think the company is keeping pace with the emerging, and evolving, challenges?
MM: We’re doing everything we can to keep pace in terms of our ability to respond, but we also need to be humble. Because the challenges are diverse. In some cases, these are smaller players with access to advanced programs and expertise, but in other cases there could be foreign governments involved. You have to be flexible and ready for anything.
Customers expect this. We’re a critical supplier for the military, airlines, hospitals, and the public at large. They’re expecting us to be ready in the event of a cyberattack.
EF: How would you like to see your role develop over the next few years?
MM: There’s a lot of opportunity for us in this space. We’ve put together these business response plans to keep the molecules moving, doing just enough to make sure we’re meeting the commitment to our customers and society’s needs.
Having said that, we can always fine-tune how we respond and recover as new technology emerges and cyber resiliency evolves. I’m excited to help the company find the best way to honour that commitment.
EF: You’re trained to think like an engineer and it sounds like you use that training every day.
MM: That’s exactly right. I’m not working in chemical processes like I thought I would, more so with business processes, and at the end of the day I’m still a problem solver.
EF: Well, thank you for your time and for speaking with us.
MM: Thanks for the opportunity, it was great.