With ransomware attacks threatening energy disruption, operators must improve cybersecurity urgently

With ransomware attacks threatening energy disruption, operators must improve cybersecurity urgently

Don’t wait for government regulation to improve your cyber resilience

Utility and energy companies around the world have been revisiting their data security protections after widespread disruption from the recent compromise of US energy operator Colonial Pipeline, which was hit with a ransomware attack that disrupted petrol supplies to tens of millions of residents along that country’s east coast.

DarkSide, the ransomware gang whose breach lead to the near-total shutdown of the network that carries 45% of the region’s supply of diesel, petrol and jet fuel, argued in a public statement that it was interested in money and not trying to create widespread disruption – but in the energy sector, any disruption is bound to be widely felt.

With increased automation and data-driven operations, long-used operational technology (OT) networks are becoming a new frontier for cybercriminal attack – promising massive payouts for those who can compromise the systems and shut down, or threaten to shut down, key energy delivery networks or other critical infrastructure.

Those networks are particularly vulnerable due to their complex, extended design and a reliance on systems that were never designed to defend against today’s sophisticated malware attacks.

Efforts to bring these systems online and integrate with existing networks for greater operational efficiency, or remote management and monitoring, have inadvertently exposed them to compromise from something as simple as an employee accidentally opening an email with a malicious attachment.

With the volume of attacks against OT-connected assets increasing more than 20 times between 2018 and 2019 – and 37 billion industrial devices expected to be connected by 2025 – the threat to the energy sector is expanding rapidly.

No longer good enough

Root-cause analyses often reveal that shortcomings in basic cyber hygiene often become conduits for attackers in every sector – but when the stakes are clearly so high, a growing number of energy-industry experts are pushing firms in the sector to urgently review and improve their email, web, application and network security.

“The same tools that help oil and gas infrastructure run efficiently and support remote operation are potential points of exposure for cyber attacks,” Filipe Beato, lead with the World Economic Forum (WEF) Centre for Cybersecurity, warned in a recent advisory.

The energy sector “must prepare for frequent, sophisticated cyberattacks as the new normal,” he said, noting that better security is a group effort: “In the oil and gas sector, supply chains are interconnected and independent – making it important to advance cybersecurity maturity as a community.”

A recent open letter from the White House to critical infrastructure operators has presaged a host of changes, including the standardization of attack reporting and information; a new ‘zero-trust’ industry standard; and development of an industry playbook to normalize companies’ response to ransomware and other attacks.

The Australian government has also been proactive, engaging with industry to review policies around the cybersecurity and operational exposure of critical infrastructure systems.

Yet while government guidance highlights the seriousness of the threat that ransomware now presents, WEF’s Beato warns that “the energy sector cannot wait for governments to regulate on cybersecurity.”

“Oil and gas executives cannot wait on government to forge ahead with the daunting task of reducing cyber-risk across their expansive and complex organizations,” he writes. “Reliable energy supply chains depend on getting cybersecurity right – now, and into the future.”

It is important that energy sector companies ensure they have the appropriate protections in place including a Secure Web Gateway that is designed to function in a cloud-connected and zero-trust environment without a traditional network perimeter.

ContentKeeper helps secure enterprises, educational institutions, and government agencies worldwide. Our Multi-layered Cloud Security Platform delivers a powerful combination of innovative security technologies, enabling organizations to protect their digital assets and users from cyber threats, including ransomware, as they continually shift to new technologies and platforms. At ContentKeeper, our mission is to create the world's best cloud security solutions through constant innovation and providing the building blocks organizations need to move towards a SASE and ZTNA future. The company is headquartered in Canberra, Australia and maintains U.S based operations in Anaheim Hills, California. For more information, visit www.contentkeeper.com.

About the Author: David Braue is an award-winning technology writer with 26 years' experience covering business and consumer technology issues. Current focus areas include information security, analytics, innovation, global tech policy, enterprise digital transformation, and COVID-19 inspired remote working.