8 key insights for managing OT threats in the energy sector
A recent surge in cyber attacks against critical infrastructure has highlighted the vulnerabilities inherent in the energy sector and the far-reaching impact these attacks can have on organizations and the economies and societies they support. Between the conflicts in Ukraine and Gaza, persistent threats from Russia, China, and North Korea, and hacktivism driven by environmental motives, the energy sector is managing more risk than ever from both nation-states and organized criminal gangs.
Simultaneously, the push toward digital transformation is rapidly expanding the attack surface to include operational technology (OT), as newly connected systems expose previously sequestered and highly vulnerable infrastructure.
Our latest Energy Sector Threat Intelligence analysis underscores the growing need for hypervigilance when securing OT. Here, we’ll cover some key actions and provide tips for how energy and utility companies can bolster OT security in the face of these advancing threats.
OT is in the crosshairs.
While ransomware has long been a threat across industrial sectors, new strains are specifically targeting PLC and SCADA networks to take down operations. Once the tactic of state-level actors, it’s now become the domain of organized crime.
Mainstream criminals view these as lucrative targets because an attack that halts production hurts the organization’s ability to generate revenues, increasing the likelihood of ransom payment. That motive only deepens when it affects critical infrastructure for delivering power and heat to millions.
Digitisation amplifies risk.
Bringing energy operations online through the Industrial Internet of Things (IIoT), connected sensors, and remote technology has tremendous business benefits. Still, it can also inadvertently throw the doors wide open.
In the IT world, weekly patching is the norm. But in OT, most offline systems have sat in live environments untouched for 20 years, growing increasingly outdated. When they’re suddenly brought online, this immediately exposes legacy systems to internet-based threats they were never designed to defend.
Supply chain risks are lurking.
Just as energy companies strive for operational efficiency, cybercriminals are, too. Threat actors are investing more time and resources into attacking critical suppliers because it’s a better bang for the buck; why attack companies individually when you can breach one and use that access to disrupt thousands?
The Solar Winds/Sunburst attack is just one example highlighting the exponential impact of supply chain risk. A single exploited supplier vulnerability could bring down an entire energy grid or even result in serious harm or loss of life in the event of equipment malfunction. While regulations like the EU Cyber Resilience Act are aimed at addressing this risk, energy companies must take independent action.
Detailed asset inventory is essential.
You can’t secure or defend what you don’t know exists. Before connected systems are brought online, it’s crucial to identify vulnerabilities and include mitigation plans as part of your digitization strategy. Create a tiered threat scheme to prioritize potential threats and build defense tactics as you roll out, including the supply chain.
Monitor for cyber threats in the environment.
Implement continuous monitoring of OT assets in security operations centres. Deploy monitoring across all layers of the architecture to ensure indicators of compromise are alerted on as quickly as possible to allow detection, management, and mitigation of cyber threats in the new environment.
A defense-in-depth strategy is critical.
Devise a layered security model that puts the riskiest assets in the most protected zone, allowing access only to permitted traffic or protocols. This network segmentation sequesters critical assets and will enable you to lock down access incrementally in the event of a threat to minimize damage and impact on operations.
Suitable endpoint monitoring technology is also a must to detect suspicious activity, and while online access is the most common attack vector, don’t neglect physical security. Outdated devices in remote, unmanned facilities could be extremely easy targets.
Bring IT and OT together to address risks.
Disconnect within the organization is one of the biggest obstacles to OT security. OT is often the domain of engineers and operations staff, who do not view their equipment through an IT lens. Bridging the gap between OT and IT by bringing these teams together around the same table is vital to improving OT security posture.
Practice incident response.
Given current trends and the broadening vulnerability landscape, it’s not a matter of “if” but rather “when” energy companies will be attacked. That’s why continuously revisiting and drilling incident response (IR) processes, procedures, and roles/responsibilities, including legal and communications strategies, is essential.
The better rehearsed you are, the better you’ll fare in an incident in terms of both network and business impact and reputation damage.
Dig into the full data from our latest energy sector threat intelligence report: Get the report
Cyber Security updates
Sign-up to get the latest updates and opportunities from our Cyber Security programme.