This and other energy cyber threat events have led to an overwhelming demand for tighter cybersecurity practices. 86% of EU citizens agree that member countries should cooperate more on cybersecurity to ensure that energy supplies are secure.
Energy cybersecurity trends in 2022
There’s a need for greater consideration of energy cyber threats
First of all, the energy sector appears to be falling behind when it comes to proactive cybersecurity practices.
According to a survey by assurance and risk management firm DNV, just 44% of C-level energy professionals expect to make urgent improvements to prevent a serious attack in the next few years. And 35% said that it would take a serious attack before their company would invest in cybersecurity.
Security efforts lack supply chain coordination
When energy companies are aware of the need for critical infrastructure cybersecurity, then most are investing in vulnerability discovery (that is, identifying and prioritizing security issues in real-time).
What these companies aren’t doing, however, is extending their analysis along the supply chain to procurement and partner organizations. This ultimately leaves openings for attackers to exploit security weaknesses.
Companies need to invest in employee training
Cybersecurity training is important for a number of reasons. For one, it ensures that employees can identify cyber threats to their company’s systems — and that they can also work to avoid the practices that make them, and the business, vulnerable.
Less than a third of respondents to DNV’s survey were confident that they would know how to act on concerns about a potential cyber threat and only 57% found their company’s cybersecurity training to be effective.
NIS2 regulations are on the horizon
The EU has responded to the gaps in cybersecurity for critical energy infrastructure by introducing a new version of the Network and Information Security (NIS) Directive. NIS2 is expected to be approved by the end of 2022 and all EU member states will be expected to comply by 2024.
NIS2 aims to protect the EU’s critical infrastructure from cyber threats and ensure a high level of security across member states. The new directive introduces stricter requirements in three main areas:
- Increased cyber resilience through measures implemented across all public and private entities that provide essential services.
- Security and incident reporting obligations as well as the capabilities of member states’ authorities providing national supervision and enforcement to reduce inconsistencies.
- Improved information sharing and trust between authorities as well as common procedures for large-scale incident response.
How to strengthen cybersecurity for critical infrastructure and energy
There are several ways in which the energy sector can work on strengthening its defenses against cyber threats over the coming years. These include:
- Ensuring all employees practice good cyber hygiene through education and training
- Maintaining awareness of physical and virtual security threats
- Gaining insights into company-specific cyber threats to stay ahead of attacks
- Increasing detection with security tools and government collaboration
- Implementing robust risk management to identify and address vulnerabilities
- Eliminating communication gaps, particularly between geographic locations and business units
- Engaging in industry-wide collaboration to identify vulnerabilities and leading-edge technologies
- Collaborating with supply chain partners to ensure the entire life cycle is secured
By identifying opportunities and gaps, implementing robust threat intelligence, conducting regular detailed reviews, and ensuring employees follow best practices, energy companies can develop effective cyber threat intelligence programs that allow them to take advantage of digitalization safely.
Logpoint’s cybersecurity solutions monitor events across an energy company’s total security landscape. We do away with siloes and — thanks to this holistic approach — speed up response times when it matters most.
Energy sector leaders choose Logpoint’s security solutions to increase the visibility of potential threats across their supply chain and improve their organization’s internal security posture as well.
Find out what energy professionals have to say about Logpoint’s suite of software solutions or contact us today.