Skip to content

Cybersecurity for Energy and Utilities

Cybersecurity for Energy & Utilities Certification
Cybersecurity for Energy & Utilities

<Cybersecurity for Energy & Utilities>

Cybersecurity has been gaining momentum over the years & its growing global importance in a digital world is only the beginning. With cybercrime damages projected to exceed a staggering $6 trillion by 2021, it’s no wonder banks, tech companies, hospitals, government agencies and just about every other sector are investing in cybersecurity infrastructure to protect their business practices and the millions of customers that trust them with their data. 

According to a research conducted recently, off all the industries targeted by hackers, the utilities and energy market seems to be the most alarming.  Negatively impacting electricity or water on a large scale could create mayhem and panic for cities large and small. 

Cybersecurity is a top five risk for oil and gas supermajors, who take this risk so seriously that they fund a consortium called LOGIIC (Linking the Oil and Gas Industry to Improve Cybersecurity) to share best practices and research new solutions. LOGIIC is managed by the Automation Federation on behalf of the Department of US Homeland Security. A typical oil and gas supermajor will fend off 50,000 cyberattacks every day, so it is no surprise that they invest so heavily in managing this risk.

The utility industry, and energy industry in general, have a massive societal impact. And when impacts to service delivery are incurred, it can have a massive and immediate negative effect on the population of a region. This is not a case of financial and reputation loss, it is a case of societal collapse.

The geo-politically motivated cyber attacks on Ukraine utilities in 2015 and 2016 is still a great example. One begins to understand the societal damage that can occur, and how an extended impact would result in disruption of life and potentially civil unrest. Stakes are high in the energy sector, because cyber security is entangled with public safety as well as environmental concerns.”

One of the most common misunderstandings is that an organization needs to be a target to be affected by a cybersecurity incident. The WannaCry and NotPetya incidents of 2017 should dispel this myth once and for all. Both incidents swept up many organizations that were not specific targets. In the case of WannaCry, this included the U.K.’s National Health Service, Nissan, and Renault, all of whom were forced to stop operations until the issue was resolved. In the case of NotPetya a few months later, it was Maersk and Merck & Co., amongst others. Recovery from the incident cost Maersk an estimated $300 million.

All the organizations affected were ill-prepared for a cyberattack. Most were running old Windows machines without critical patches, and none had incident response plans to cover such an attack.

The sector is at the forefront of the digital revolution. Energy suppliers are responsible for installing smart meters for all their domestic customers by the end of 2020. They need to use technology to improve their competitive efficiency with smart grids, IoT sensors and smart tablets. Technology further increases the attack surface, notably by adding low cost / low security devices. State of the art devices must be integrated with Cloud storage, but also with legacy hardware and software.

The importance of educating people regarding cyber hygiene remains critical. People must be made aware of the risks inherent in using a product like Pokémon Go. O