The energy and utilities sector is not just the lifeblood of the world’s economy, but fundamental to society’s existence as a whole. Yet, recent events have highlighted just how volatile and unpredictable it can be. Output is influenced by everything from weather patterns to war, and no business, consumer, or household is immune from the resulting impact.
When things go wrong—from blackouts to supply challenges—the potential for negative impact is huge. It’s no surprise, then, that this sector is a prime target for those hungry to create disorder and disruption: cybercriminals.
A Drive to Digitalisation
The energy sector experienced rapid digital transformation during the pandemic as companies sought to maintain operations at a time of social distancing. When you couple this with innovations that were already being adopted to reduce emissions and maximise efficiency, it’s clear that this sector has undergone significant change as it embraced digital.
But with every advancement made, the potential attack surface has expanded—providing more opportunities for cybercriminals to exploit and creating a more complex IT estate, which can be harder for security teams to police. The potential for a situation where digital transformation and bad actor risk outpaces cybersecurity strategies and investment is worryingly common. Indeed, you don’t need to look far for evidence of criminals trying to take advantage of this gap.
A Prime Target for Attacks
The situation in Ukraine has presented new and significant concerns for governments as well as putting the world’s cyber defence authorities on high alert. In April, Western governments jointly warned about the potential threat of increased malicious cyber activity by Russia against critical infrastructure in response to sanctions imposed as punishment for its invasion of Ukraine. And this wouldn’t be the first time. In 2017, what is believed to be a state-sponsored bad actor group hacked into the servers of a Ukrainian accounting software provider and sent corrupted software updates to the company’s customers. The ransomware-like virus, named NotPetya, spread globally and crippled operations across multiple industries, including energy, costing over $10 billion in damages.
Yet, attacks on critical infrastructure are not solely borne from the Russia-Ukraine conflict. In fact, concerns have been building for the last few years around the potential for life, property, and environment-compromising cyberattacks against critical infrastructure. From the 2021 shutdown-inducing attack on the U.S. Colonial Pipeline—deemed a national security threat—to a recent cyberattack on the major European oil refining hubs of Amsterdam-Rotterdam-Antwerp (ARA), it’s clear this sector is an attractive target for criminals. We’ve also seen the significant disruption that can be caused, with attacks in this sector triggering cascading effects that impact business operations and the economy in countries much further afield.
Unique Industry Challenges
The global energy sector must take steps to shore up its cyber defences. Unfortunately, the energy sector is beset with complexities that make this challenging, particularly within operations in industrial environments where equipment and means of production are expected to last several decades, making rapid upgrades or changes difficult. In fact, our recent Cyber Readiness Report found 94% of government agencies and critical infrastructure providers around the world report challenges in implementing endpoint detection and response, extended detection and response, multifactor authentication, and zero-trust architecture technologies. In fact, less than a third (29%) of critical infrastructure companies have zero-trust architecture, and only 37% have fully deployed multifactor authentication.
There are other challenges too. While most utilities have become aware of the risks associated with cybersecurity, inconsistencies still exist in their ability to secure funding to invest in OT and IT cybersecurity controls. Our research for the Cyber Readiness report found a lack of in-house staff resources appears to be one of the greatest barriers to implementing new cybersecurity solutions for this sector, with 55% of respondents identifying it as a critical challenge. This is preventing the industry from proactively getting on the front foot to deal with emerging cyber threats. It draws distinct parallels to the gradual adoption of physical safety practices in the energy industry over the past 50 years, and like its manual and analogue predecessor, urgently needs addressing.
Managing the Evolving Threat Landscape
Leaders within the energy industry need to build cyber resilience into their organisations and partnerships to continue providing reliable, timely services to their customers, no matter what the future holds in terms of cyber threats. However, after years of digital transformation, many are dealing with a patchwork of technology and cybersecurity solutions. This plethora of tools creates yet more challenges for IT security teams. Alerts get missed, too much time is spent pivoting between tools to search for anomalies, and not enough time is left for actively remediating vulnerabilities. In short, teams struggle to manage the rapidly evolving threat landscape when held back with siloed security.
To address these SecOps challenges, organisations should consider implementing a flexible, scalable XDR (extended detection and response) architecture that offers native integration with their current security tools and connects all the dots to eliminate security gaps. When data is fed into a centralised platform and correlated with other data in a native and open environment, alerts become actionable and SecOps team gain single pane-of-glass visibility into every system. This saves time and makes it tougher for criminals to exploit a weakness. Importantly, it also reduces administrative fatigue amongst the SecOps team and helps alleviate the pressure points that can contribute to burn-out.
Improving the Level of Protection in the Sector
Cyberattacks on the energy sector are not going away, so action is urgently needed. This responsibility extends beyond IT teams to the energy sector’s top executives and board members.
These leaders need to mitigate cyber risk in a sector that is undergoing a digital revolution and frequently targeted by cyber criminals, whether for geopolitical purposes or financial gain. It is essential that the sector not only learns from previous attacks, but also continues to proactively improve protection levels and boost resilience in order to navigate the cyber threats ahead.
—Fabien Rech is vice president for the Europe, Middle East, and Africa (EMEA) region with Trellix.