We are on a journey of highlighting industry specific security risks, tips and best practices for a stronger security environment. From healthcare, manufacturing and education to financial services, public sector and small-and medium-sized business – we’ll take a closer look at the risks and how to mitigate them in this Friday series. Today we’re looking at weak areas and cybersecurity tips for the energy sector.
The energy sector is increasingly becoming the victim of cyber attacks. With a surge in recent years many cases have come to light and have been hitting the headlines. Most recently we have heard about the Colonial Pipeline ransomware attack, disrupting operations for almost a week. This led the company to paying a $5 million ransom.
The European Network of Transmission System Operators for Electricity (ENTSO-E) found evidence of a cyber intrusion into its network in 2020.
Saudi Aramco, a public petroleum and natural gas company, one of the largest enterprises in the world by revenue, has been the target of frequent cyber-attacks. Saudi Aramco’s CISO stated “The pattern of the (cyber) attacks is cyclical, and we are seeing that the magnitude is increasing, I would suspect that this will continue to be a trend.”
One of the most notorious incidents in recent history was the attack on Western Ukraine in 2015, by Russian hackers known as ‘Sandworm’. The cyberwar attack resulted in a blackout for a quarter million Ukrainians. Sandworm have continued their attacks, costing Ukraine $10 billion in damage.
So, what makes the energy sector such a prime target?
In the examples above we highlighted the devastation and cost that cyber attacks on the energy sector can cause. But why are we seeing an increase in this kind of attack? And why the energy sector? The reasons may not be as obvious as you’d think:
The energy sector’s infrastructure was designed several decades ago with the belief it would remain functional far into the future. This is now interconnected with modern digital equipment. The legacy industrial control systems are still in place and in some cases may not have been updated in several years. Despite the digital element significantly improving the effectiveness and reactiveness of energy systems, the possibility and risk of cyber attacks is inherently higher now.
The motive for many attacks on this industry is to disrupt the economy. Large-scale attacks can affect whole communities and even countries. Successful assaults on powerplants or pipelines can affect transportation and heating, even causing widespread blackouts which can have dramatic ramifications on the economy.
Due to the liquidity within energy companies, a successful attack can reap lucrative rewards for cybercriminals. In the case of a ransomware attack, businesses – and government agencies – are forced into handing over huge sums of money before they are able to get their operations back on track.
The need for greener energy and the push towards sustainability is globally recognised. As we see changes towards this movement across many sectors including the energy industry, traditional fossil fuel usage remains strong. Hacktivists who oppose energy companies’ plans and agendas will attack the company to disrupt their activities and display their resistance to their projects.
As previously mentioned, many energy companies are still working from legacy infrastructure and systems. In the past decade they have been forced to revamp their methods to keep up with the digital age. Therefore, cybersecurity and cyber threats have only recently become a cause for concern. Their geographic and organizational complexity, including the decentralized nature of many organizations’ cybersecurity leadership, creates an expansive attack surface.
5 Ways Energy Companies Can Become More Secure
Invest in cybersecurity tools and employ professionals to increase your security infrastructure. There will only be more threats to look forward to in the future, especially as Smart grid components are increasingly attached to networks.
2. Protect the Supply Chain
Supply chain threats are real and an effective defence plan is your best option. The plan must include ongoing risk assessments and appropriate mitigations to address vendor and product supply chain risks that are continually evolving. Require your software vendors to sign their software products using digital certificates acquired from a reputable Certificate Authority (CA) that understands the high risks facing the energy industry and is dedicated to the energy industry, such as those CA vendors that are accredited through NAESB’s ACA program. There are many CA vendors that will issue a digital certificate without proper vetting and these certificates should never be trusted when it comes to installing software in the BES.
3. Educate Employees
Educate your workforce on the most common ways in which malware is distributed – through phishing and spear-phishing type emails. Company leaders should:
- Train end users to always view the sender’s domain by hovering over the “from address,” carefully checking all links and attachments before clicking and leveraging IT teams to inspect anything that looks remotely suspicious.
- Run fully patched virus and malware detection scans.
- Encourage partners and external users to digitally sign their emails using a trusted S/MIME certificate.
Cybercriminals rely on companies not having the latest patches installed. Ensure you download and install the latest security patches when they are released. Make this part of your cyber hygiene routine.
In the case a cyber attack does take place, would you know how to respond? Creating an incidence response plan is integral to mitigating the damage. Setting out regular drills and exercises enables your business to be ready in the worst-case scenario, but also to allow your business to return to normal as efficiently as possible.
For the foreseeable it is safe to presume that the energy sector will continue to experience increasing attacks. They are in a race to secure their companies before cyber criminals advance their methods of assault.