It’s been a rough time for energy grids. Weather patterns, energy costs and demand are just some of the challenges that they have had to face. Making that mix even more challenging is the rising concern over cybersecurity. According to Security Info Watch, data shows that 77% of assets are vulnerable to an attack. Therefore, empowering energy sector operators to take control of their cybersecurity stance is more important than ever. In this post, we dive further into the environment those in the industry face and the solutions they can implement.
Cybersecurity Risk in the Energy Sector
In addition to the issues provided above, there are other internal and external forces that are driving cybersecurity risk in the energy sector. On the internal side, you have facilities struggling with the ability to securely handle the convergence of information technology (IT) systems and operational technology (OT) systems, as we’ve covered before. Externally, you have growing threats such as those associated with bad actors, including cybercriminals and nation state actors, among others. Their goals can range anywhere from money to impacting national security. There is also the ongoing war between Russia and Ukraine that continues to fuel concerns over Russian cyberattacks.
Initiatives to Enhance Critical Infrastructure Cybersecurity
As cybersecurity risk has heightened, efforts to address it have expanded, especially in critical infrastructure. The energy sector is included under the country’s critical infrastructure, therefore many of these initiatives have been created with its needs in mind. Most recently, the Cybersecurity and Infrastructure Security Agency (CISA) “released long-awaited cross-sector cybersecurity performance goals,” as reported by CyberScoop. These goals are meant to serve as a baseline of priorities for critical infrastructure owners and operators to follow and have been met with general positivity, particularly with organizations that have smaller budgets. The CISA also reportedly plans to put out even more specific guidelines for individual industries, including a focus on the OT and IT issues mentioned. As Bridgette Bourge, senior director of cybersecurity at American Public Power Association, told CyberScoop, the energy sector is more likely to use these upcoming tailored instructions.
There have been previous efforts as well to shore up energy cybersecurity. For instance, the U.S. Department of Energy allocated over $45 million to protect the grid. However, as Security Info Watch points out, most energy facilities in the country are privately owned. Therefore, a large portion of cybersecurity action will come down to the individual decisions of owners and operators. Luckily, there are several solutions that they can implement to protect their facilities.
One suggestion is to think like the attackers you are trying to defend against. Identify how they may be able to gain access through threat simulations and then install measures that block those entryways such as firewalls. Segmenting networks can also help stop an attack from spreading throughout your organization. It also helps to adopt a strategy that relies on both technical and human expertise. In addition to seeking out the proper tools, make sure to have team members and/or partners with infrastructure cybersecurity expertise. On top of that, it is essential to understand the supply chain that your facility relies upon. Reviewing this aspect will allow you to uncover vulnerabilities that not only lie within your operations but in the larger network.
- “3 ways utility companies can protect national grids from cyberattacks” – Luke Secrist, Security Info Watch
- “Cybersecurity Matters for Utilities: These Resources Can Help” – Bridgette Bourge, American Public Power Association
- “CISA’s critical infrastructure performance goals win praise, but questions remain about effectiveness” – Christian Vasquez, CyberScoop
Learn about the ultimate solution to protect infrastructure networks, Net-Optix.