×

Message

Failed loading XML... Document is empty

iTWire TV 705x108notfunny
Monday, 01 July 2024 13:41

The energy sector is uniquely vulnerable to cyber-attack – here’s how it can defend itself

By Tony Jarvis
Tony Jarvis, VP of Enterprise Security, Asia Pacific and Japan, Darktrace Tony Jarvis, VP of Enterprise Security, Asia Pacific and Japan, Darktrace

GUEST OPINION by Tony Jarvis, VP of Enterprise Security, Asia Pacific and Japan, Darktrace: In 2023, Energy One, one of Australia’s largest energy suppliers, was hit by a cyberattack targeting its corporate systems.

The company responded to the attack by disabling links between its corporate andcustomer-facing systems, which would have been at a huge cost for the organisation.

The dangers faced by the energy sector

Energy One is just one example of energy infrastructure falling victim to hackers, and these attacks will get more severe as threat actors become more sophisticated and embrace the potential of using AI to augment their attacks.

There are a number of reasons why the energy sector may be targeted. Be it hacktivists motivated by a climate change agenda or criminal groups like Darkside, who see the energy sector as rich pickings for ransomware attacks. There is also the risk of nation states targeting critical infrastructure as part of a wider cyber-warfare program.

All these factors demonstrate just how much catching up the energy sector globally needs to do to ensure it remains secure and able to fulfill its vital civic and national security functions.

Key vulnerabilities

It’s in operational technology (OT) that many of the energy sector’s weaknesses lie. The sector relies on a complex blend of legacy and modern systems; often the hardware and software are outdated, and its original vendors may either not offer support, or could no longer be in business.

The lack of security updates and known, but unpatched, vulnerabilities, mean the energy sector can sometimes be an easy target for hackers looking to access internal systems.

OT was traditionally not connected to the internet, and was often air-gapped, making it hard for hackers to compromise. But the rise of the internet of things (IoT), together with its convergence with OT, opens the door for cybercriminals to seize control of infrastructure and compromise an energy company’s functioning.

The ramifications of compromise can be far reaching and have both economic and social impact.

Securing the energy sector

Because of the mix of legacy and modern systems, supply chain and network vulnerabilities and the rise of the internet of things (IoT), securing energy sector infrastructure is no easy task, and several steps must be taken to ensure security.

One key way the energy sector can ramp up its defences is by reducing the attack surface. By isolating OT systems from the general network, security teams can reduce the chances of a hacker gaining access through the corporate network and then going sideways into core technology.

Keeping OT air-gapped remains a sensible approach, but with it being connected to IoT, there must be renewed emphasis on ensuring IoT is patched and up to date.

Industry collaboration remains a must, allowing the experience of one operator to benefit others in the sector. Sharing intelligence about threats and vulnerabilities with other energy companies and government agencies helps to strengthen collective defences.

To combat the cyber threats facing the energy sector and protect all its infrastructure, the energy sector must take a proactive approach to security. Using artificial intelligence, security analysts can be uplifted to being proactive cyber defenders rather than reactive responders to alerts and incidents after the fact.

AI enables this through the automation of labour-intensive tasks that currently sit with analysts, giving deeper visibility and allowing them to anticipate attacks before they occur, as well as enabling automated prevention and response.

AI can also continuously learn and adapt to each organisation’s evolving environment and threats, so as the energy sector infrastructure gets complex and the attacks more sophisticated the AI will adapt and keep it secure ahead of an attack, not simply reacting to it.

These AI capabilities augment human teams, reducing alert fatigue while surfacing substantiated threats faster for proactive risk mitigation. With these AI capabilities in place and empowering security analysts to be more proactive the energy sector can secure its increasingly complex and under-threat environment.

However, all these measures require a skilled and robust cybersecurity team. Staffing shortages and skills gaps are consistent challenges which further exacerbate cyber security issues. The number of cybersecurity workers needed compared to the number available has continued to grow, with the gap increasing by 12.6% year-over-year. If the energy sector is to remain secure, focus on cybersecurity education and training is essential to help shrink the skills gaps.

The energy sector is essential to our way of life, making it a prime target for nation-states, hacktivists, and criminal organisations looking to either disrupt society, or make a quick profit. As the Energy One hack shows, the sector is increasingly vulnerable. It’s only through industry collaboration, reducing the attack surface, and using advanced artificial intelligence technology that it can defend itself.

Read 1367 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




EXL AI IN ACTION VIRTUAL EVENT 20 MARCH 2025

Industry leaders are looking to transform their businesses and achieve measurable outcomes with AI.

As organisations across APAC navigate the complexities of AI adoption, this must-attend event brings together industry leaders, real-world demonstrations, and visionary panel discussions to bridge the gap between proof-of-concepts and enterprise-wide AI implementation.

Learn how to overcome common challenges in deploying AI at scale.​

Unlock cost savings, efficiency, and better customer experiences with AI.

Discover how industry expertise and data intelligence enable practical AI deployment.

Register for the event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Guest Opinion
Tagged under

Related items

More in this category: « Why Training Gen Z in IT Security Requires a New Approach Podcast tools every marketer should have in 2024 »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments