cybersecurity Archives - Energy Management Summit | Forum Events Ltd

Energy Management Summit | Forum Events Ltd Energy Management Summit | Forum Events Ltd Energy Management Summit | Forum Events Ltd Energy Management Summit | Forum Events Ltd Energy Management Summit | Forum Events Ltd

Posts Tagged :

cybersecurity

A surge of cyber security for the energy sector

960 640 Stuart O'Brien

By Eleanor Barlow, Content Manager, SecurityHQ

With a rapid transition towards renewable energy, the Energy sector has an increased reliance on technology. This makes it particularly vulnerable with regards to cyber security, as it depend on interconnected systems and digital technologies that make interactions a breeding ground for threats such as ransomware, and phishing attacks. In this article, we explore the current cybersecurity challenges faced by the Energy sector and discuss potential solutions to mitigate these risks…

Understanding Key Vulnerabilities

Although the Energy industry, encompassing the electric-power and gas sectors, faces cybersecurity threats like those encountered by other industries, it also has specific vulnerabilities that require specific attention. A cyber-attack against an Energy Provide can lead to widespread power outages, significant economic losses, damage to physical infrastructure, and compromise the safety of workers and the public. The widespread impact of a security breach is astronomical.

According to Statista, ‘the market will reach over two trillion U.S. dollars by 2030’. Given the expansive footprint of the energy sector, spanning across various domains and geographical locations, it becomes a prime target for cyber threats. This, in turn, opens many potential entry points for threat actors.

In addition, as energy companies continue to embrace digital transformation and leverage emerging technologies to streamline operations, it also exposes the industry to a broader attack surface.

In fact, The World Economic Forum stated that “As one of the world’s most sophisticated and complex industries makes a multifaceted transition – from analogue to digital, from centralized to distributed and from fossil-based to low-carbon – managing cyber risk and preventing cyber threats are quickly becoming critical to company value chains.”

Common Cybersecurity Threats to the Energy Industry

The critical role of the energy industry in powering economies and supporting essential services, which makes it an attractive target for cybercriminals seeking confidential information and financial gain, with 63% – 95% of attacks contributing to the latter.

Some of the common cybersecurity threats that the energy sector faces include Ransomware Attacks. The Colonial Pipeline attack of May 2021 is among one of the most significant cyberattacks against on oil infrastructure in the history of the US, wherein attackers gained access to Colonial Pipeline Co.’s network via an employee’s stolen VPN password to obtain 100 GB of data for a ransom of 75-bitcoin.

Supply chain attacks are another significant cybersecurity threat faced by the energyindustry, whereby attackers exploit vulnerabilities in the supply chain ecosystem to gain unauthorized access to critical systems or compromise the integrity of software and hardware components. One of the most notable attacks in the energy sector was the SolarWinds attack of 2020, which enabled the attackers unauthorized access into the company’s systems by injecting trojan code into their Orion software updates.

Enhancing Cyber Resilience in the Energy Sector

Robust Security Measures

Implementing robust security measures is vital to ensure the protection of critical assets and infrastructure within the energy industry. This includes network segmentation to enhance security, enabling firewalls to control network traffic, and providing comprehensive security awareness training to employees.

Comprehensive Threat Monitoring

One of the most critical aspects of mitigating cyberattacks in the energy sector is conducting comprehensive risk assessments to identify and prioritize potential cyber threats and vulnerabilities specific to the industry. SecurityHQ’s Managed Detection and Response(MDR) solution enables businesses to avoid potential cyber threats by analysing, prioritizing, and responding to incidents in real-time.

Incident Response Planning

Incident Response Planning is a crucial component of cybersecurity in the Energy industry. It involves establishing a well-defined and structured approach to handling and mitigating security incidents.

Next Steps

Considering the vulnerable nature of the Energy sector, it is imperative for the industry to prioritize cybersecurity measures. By recognizing these cybersecurity challenges and implementing appropriate solutions, the industry can mitigate risks, protect critical assets and infrastructure, and ensure the reliable and secure delivery of energy services.

Cybersecurity spending in the energy industry ‘will rise to $10 billion by 2025’

960 640 Stuart O'Brien

The rapid digitalisation of the oil and gas industry has made the industry increasingly vulnerable to cyberattacks, says GlobalData.

The leading data and analytics company notes that companies must now fortify their cybersecurity posture in line with their digitalisation strategy or risk financial and reputational harm.

GlobalData’s latest report, ‘Cybersecurity in Oil and Gas – Thematic Research’ reveals that the Colonial Pipeline attack in May 2021, which hammered home the sector’s vulnerability to cyber threats, spurred an increase in cybersecurity spending. Consequently, GlobalData estimates cybersecurity revenues for the energy industry will reach $10 billion by 2025.

Francesca Gregory, Thematic Analyst at GlobalData, said: “Demand for oil products fell 14% in Q2 2020, causing prices to plummet. To stay competitive in the face of mounting financial pressure, oil and gas companies invested heavily in digital technologies to streamline operations and cut costs, which is evidenced by an analysis of patent trends.”

Oil and gas companies increased total patent publications across artificial intelligence (AI), blockchain, cloud computing, the Internet of Things (IoT), robotics, and virtual and augmented reality by 46% between October 2019 and April 2021, according to GlobalData.

Gregory continued: “Oil and gas companies are realizing the benefits of integrating technologies into workflows, with the pandemic undoubtedly playing an instrumental role in boosting the momentum of the industry’s digitalization. However, the wider industry is largely underprepared to handle its risks. The digitalization wave creates new access points in industrial networks for hackers to exploit. As technology develops, from mobile apps to the cloud to IoT, the level of complexity needed for organizations to maintain a cyber-aware stance will rise.”

Despite the increase in cybersecurity spending, the industry is still not taking cybersecurity seriously enough. GlobalData’s recent report found that only 20% of the largest oil and gas companies by market cap had a chief information security officer (CISO) on the board. This suggests that, while companies have made room for cybersecurity in their budgets, cybersecurity is absent from companies’ central strategy.

Gregory added: “The industry’s current situation is precarious in the midst of the industry’s rapid digitalization, rising cyber risk, and the promise of maximum disruption and extortion from oil and gas companies.”