The energy sector enables reliability of every critical sector—and cyberattacks against energy targets are growing in frequency. News of large incidents, like 2021’s Colonial Pipeline cyberattack, seems infrequent but is underreported because of security concerns. In fact, cyberattacks are a top ten global risk and the energy sector is number one among attacked industries.
Cyberattacks on electric and gas power companies can be devastating. The energy sector is vulnerable to cyberattacks in three key ways:
Energy’s attack surface—area of cyberattack risk—is larger than just a power plant location. Every point on the power continuum is a potential vulnerability: energy transmission, distribution networks, supply chain partners, and network data theft and ransom. Profit-driven cybercriminals are more sophisticated, and the risk is growing.
Political cyberattacks may be made by domestic ‘hacktivists’ or nation-states using energy cyberattacks as part of a wider campaign to retaliate against geopolitical action. Ransomware attacks doubled in the first half of 2021, with 54.9% of victims in US. Risk of reprisal is low, since it is difficult to identify the source accurately.
Energy is a traditional industry being transformed by digital advancement. Digitization can be a benefit and a risk, as operating systems designed for peak access (not security) intersect with IT systems with different rules. Add customer control in the form of 'smart' technology and places where a vulnerability may appear multiply.
In many industries, cybersecurity is a balance between convenience, access, and protection. However, energy cybersecurity attacks can damage human health and safety, as well as economies and national security. The energy sector must favor protection of the common good. Fighting cybercrime will require strong supply chain security, advance recovery plans, and an adept energy cybersecurity partner.
Damage from cyberattacks can rapidly spread to local, regional, and global partners in the energy supply chain system. Each trusted vendor, hardware, software, system and individual in a supply chain is a potential target of threat actors–all must be trained to engage in prevention and to enact their roles in the rapid recovery plan.
Part of cybersecurity prevention is a plan for quick recovery. Proactive planning for operational recovery was pivotal to minimizing losses during the 2015 Ukraine attack, as well as the Colonial Pipeline breach in 2021. Energy companies across the sector, as well as government agencies, all have a role in ensuring energy reliability today.
Energy plant operators have relied on storing sensitive data in devices unconnected to the internet, creating an ‘’air gap” between data and possible threats. Hackers have routinely launched successful cyberattacks on off-grid hardware. Air gaps are no longer an effective strategy. Plant operators should adopt a more proactive mindset.
The energy sector is inherently complex. Within a plant, OT and IT must interact seamlessly, even as people and processes guard against cybercrime. External energy supply chain networks add layers of potential cyberattack risk. Energy companies should consider engaging an energy cybersecurity expert to assess, test and recommend best practices.
Contact us