By Bill Moore, XONA
In May 2021, an unthinkable cyberattack crippled the Colonial Pipeline’s digital infrastructure, capturing 100 gigabytes of data and preventing the US’s most significant refined fuel pipeline from maintaining normal operations. This critical pipeline, which provides 45 percent of the fuel for the East Coast, was inoperable for six days, initiating panic buying, gas lines, and a cacophony of internet hot takes critiquing the company’s response.
The incident cost the company millions in recovery costs while doing irreparable reputational damage to their brand, which is inextricably associated with this defining cybersecurity failure.
It’s also emblematic of the unique cybersecurity challenges facing the energy sector.
Energy companies are a top target for threat actors. The energy sector accounts for 16 percent of all officially documented cyberattacks, a number that has only increased alongside the recent pandemic. Collectively, the energy sector is the third most targeted industry by cybercriminals. Meanwhile, energy companies are protecting increasingly expanding attack surfaces as companies initiate new connections between informational technology (IT) and operational technology (OT).
Unfortunately, the energy sector shouldn’t expect cybersecurity risks to subside anytime soon. Instead, they should anticipate that cybersecurity failures will become more expensive, consequential, and disruptive moving forward.
#1 Cybersecurity Incidents Will Be More Expensive
This is especially true for ransomware attacks, which are increasing in scope and severity across the energy sector. In 2020, the last year with comprehensive data, the average ransomware payment exceeded $200,000, a four-fold increase in just one year.
According to one report, 77 percent of energy companies are vulnerable to ransomware attacks because their account credentials are readily available online. In addition, poorly secured IT/OT connections introduce new vulnerabilities for the energy sector, making it more likely that threat actors will capture IT networks or compromise customer data.
#2 Cyberattacks Will Be More Consequential
In the past year, cybersecurity incidents brought operations to a standstill, exposed company and customer data, and eroded brand reputation. Moving forward, energy companies should expect that the consequences of a cybersecurity incident will be even more pronounced.
Since the energy sector provides a critical resource to millions of people across the country, even a minor disruption can have catastrophic consequences,
Simply put, the stakes are incredibly high. Just consider the implications of a cyberattack disrupting access to gas distribution systems in the middle of winter or hindering access to energy assets during peak usage periods.
What’s more, threat actors aren’t just looking to disrupt operations. Many are stealing company and customer data while timing their efforts to effectively leverage their exploits to extract as much value as possible. As a result, the energy sector isn’t just grappling with siloed threats. Instead, ransomware attacks can quickly become data loss events, and data breaches can quickly become front-page news.
#3 Threat Actors Will Be More Disruptive
According to a 2020 government alert, threat actors are “capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure.” Nearly two years later, these capabilities have evolved and advanced, and cybercriminals and hostile nation-state actors are more prepared than ever to initiate time-sensitive attacks on critical infrastructure.
A November 2021 FBI memo notes that many threat actors are leveraging “time-sensitive financial events” to maximize their impact. In other words, ransomware gangs are targeting companies with time-sensitive or mission-critical infrastructure to extract ever-growing payments.
While this warning was applied to the financial sector, where time-sensitive economic events put IT networks at risk, it’s clear that threat actors are getting smarter about their attack methodologies, disrupting operations to maximize impact and monetary gain. In the Energy Sector, IT systems and applications have become more interdependent on OT assets, including sensors and other Industrial Internet of Things (IioT).
No Turning Back
The energy sector is the bedrock of critical infrastructure. It’s also a prime target for threat actors looking to capitalize on the industry’s expansive attack surface, shifting workplace arrangements, and hastily implemented IT/OT connections.
That’s why government agencies, energy institutions, and everyday consumers need to take this risk seriously, deploying a zero-trust access control platform that keeps energy infrastructure online in any operational environment. With cybersecurity concerns becoming more expensive, consequential, and disruptive, it’s clear that now is the right time to develop a defensive posture that meets the moment.
About the Author: Bill Moore is the CEO and Founder, XONA, providers of a unique “zero-trust” user access platform especially tailored for remote Operational Technology (OT) sites. Bill is currently working with global power, oil and gas, and manufacturing customers to reduce their remote operations costs and cyber risks. Bill brings more than 20 years’ experience in security and the high-tech industry, including positions in sales, marketing, engineering and operations.
This post appeared first on Power Engineering.