Digitalization has brought huge benefits to energy sector businesses.
Internet of Things (IoT) devices, advanced sensors, data analytics, and artificial intelligence have all been part of the transition to modern, smart energy systems. These technologies provide greater management capabilities for assets and more efficient, innovative services for customers.
But this digitalization has been a double-edged sword for the industry. While it opens up new opportunities for energy suppliers, it also opens up their networks to a greater risk of cybercrime. And today, concerns are being raised about the security of both energy supply and customer data.
Take the May 2021 ransomware attack on the Colonial Pipeline in the US, for example. America’s largest publicly-disclosed cyber attack on critical infrastructure, it’s a clear example of how disruptive an attack can be; critical oil supplies were shut down to stop the infection from spreading.
This and other energy cyber threat events have led to an overwhelming demand for tighter cybersecurity practices. 86% of EU citizens agree that member countries should cooperate more on cybersecurity to ensure that energy supplies are secure.
In this blog, we’ll look at key trends in the energy cybersecurity landscape and how organizations can work to strengthen their cybersecurity over the coming years.
Energy cybersecurity trends in 2022
There’s a need for greater consideration of energy cyber threats
First of all, the energy sector appears to be falling behind when it comes to proactive cybersecurity practices.
According to a survey by assurance and risk management firm DNV, just 44% of C-level energy professionals expect to make urgent improvements to prevent a serious attack in the next few years. And 35% said that it would take a serious attack before their company would invest in cybersecurity.
Security efforts lack supply chain coordination
When energy companies are aware of the need for critical infrastructure cybersecurity, then most are investing in vulnerability discovery (that is, identifying and prioritizing security issues in real-time).
What these companies aren’t doing, however, is extending their analysis along the supply chain to procurement and partner organizations. This ultimately leaves openings for attackers to exploit security weaknesses.
Companies need to invest in employee training
Cybersecurity training is important for a number of reasons. For one, it ensures that employees can identify cyber threats to their company’s systems — and that they can also work to avoid the practices that make them, and the business, vulnerable.
Less than a third of respondents to DNV’s survey were confident that they would know how to act on concerns about a potential cyber threat and only 57% found their company’s cybersecurity training to be effective.
NIS2 regulations are on the horizon
The EU has responded to the gaps in cybersecurity for critical energy infrastructure by introducing a new version of the Network and Information Security (NIS) Directive. NIS2 is expected to be approved by the end of 2022 and all EU member states will be expected to comply by 2024.
NIS2 aims to protect the EU’s critical infrastructure from cyber threats and ensure a high level of security across member states. The new directive introduces stricter requirements in three main areas:
- Increased cyber resilience through measures implemented across all public and private entities that provide essential services.
- Security and incident reporting obligations as well as the capabilities of member states’ authorities providing national supervision and enforcement to reduce inconsistencies.
- Improved information sharing and trust between authorities as well as common procedures for large-scale incident response.
How to strengthen cybersecurity for critical infrastructure and energy
There are several ways in which the energy sector can work on strengthening its defences against cyber threats over the coming years. These include:
- Ensuring all employees practice good cyber hygiene through education and training
- Maintaining awareness of physical and virtual security threats
- Gaining insights into company-specific cyber threats to stay ahead of attacks
- Increasing detection with security tools and government collaboration
- Implementing robust risk management to identify and address vulnerabilities
- Eliminating communication gaps, particularly between geographic locations and business units
- Engaging in industry-wide collaboration to identify vulnerabilities and leading-edge technologies
- Collaborating with supply chain partners to ensure the entire life cycle is secured
By identifying opportunities and gaps, implementing robust threat intelligence, conducting regular detailed reviews, and ensuring employees follow best practices, energy companies can develop effective cyber threat intelligence programs that allow them to take advantage of digitalization safely.
Logpoint’s cybersecurity solutions monitor events across an energy company’s total security landscape. We do away with siloes and — thanks to this holistic approach — speed up response times when it matters most.
Energy sector leaders choose Logpoint’s security solutions to increase the visibility of potential threats across their supply chain and improve their organization’s internal security posture as well.
Find out what energy professionals have to say about Logpoint’s suite of software solutions or contact us today.