Energy industry’s cybersecurity awareness rises, defence lags – EURACTIV.com
Representatives of the frequently targeted energy industry are more concerned about the risk of cyberattacks than before the Russian invasion of Ukraine, according to a new global risk report. It also increased the appetite for investments and insufficient activities of their organizations.
Due to the massive impact of the war, the global energy sector has recently become the center of attention and concern, including in the field of cybersecurity.
Energy infrastructure is especially popular as a target for cyberattacks, as the consequences can be far-reaching and can be used as a lever for blackmail or as a starting point for a military operation.
Awareness of these cybersecurity risks among energy professionals is growing. However, according to the DNV report, a risk consultancy is still lagging behind., published on Thursday (April 19th).
“Energy companies have been dealing with computer security for several decades. However, securing operational technology (OT) – the computer and communications systems that manage, supervise and control industrial operations – is a more recent and increasingly urgent challenge for the industry, ”said Trond Solberg, General Manager. DNV Cybersecurity
DNV’s global research surveyed 948 energy professionals and interviewed a number of industry leaders and security experts about their perceptions of cyber risks and preparedness.
DNV is an international guarantee and risk management provider based in Norway.
“Our research reveals that the energy industry is waking up to the OT security threat, but faster action needs to be taken to combat it,” Solberg said in a press release.
Sven Herpig, The head of international cybersecurity policy at think tank Stiftung Neue Verantwortung told EURACTIV that the energy sector is frequently attacked in cyberspace, “not only cybercriminals, who seek to make money from these attacks, but also to access and prepare the field. of battle., as has been the case in Ukraine for years ”.
In this sector, physical infrastructure is closely connected with cyber infrastructure. The potentially high offline repercussions of cyberattacks could be used as leverage in war, for example.
How harmful these cyberattacks can be was seen in the US Colonial Pipeline ransomware cyber attack, where a leaked password caused a state of emergency in 17 US states and caused a massive fuel shortage.
In Germany, for example, the remote maintenance of wind turbines was compromised after the KA-SAT network operated by the American company Viasat was attacked by Russia. The attack, which took place just an hour before the invasion, was officially blamed on Russia by the EU earlier this month.
“While a high number of attacks is not a major vulnerability, security standards need to be set to prevent worse attacks,” Herpig said.
Harmful, possibly fatal, attacks are expected in two years’ time
Amid numerous reports of cyber incidents, it seems logical that energy professionals are becoming increasingly concerned.
According to the report, they We believe that cyberattacks on the industry can cause damage to life, property and the environment in the next two years. More than 80% expect physical damage to assets and 57% anticipate loss of life.
However, less than half of respondents believe that the security of their operating technologies is as robust as their computer security. And less than a third can confidently say they know exactly what to do if faced with potential cyber risk.
In Europe, 29% of respondents believe that investments in defense are only made after a cyber incident, which means that these organizations would only react rather than prepare.
Since the aggression in Ukraine, energy professionals have been more concerned about nation-states as a source of cyberattacks, but concern has grown in all categories.
“This suggests that respondents expect other opportunists, whether motivated by political causes or criminal benefits, to take advantage of the confusion that follows a crisis by launching their own attacks,” the report says.
Actions are needed
However, growing concerns do not necessarily lead to concrete measures to improve defense. Instead of taking a “hope for the best” approach to cybersecurity, as some energy companies seem to be doing, emerging cyber threats need to be actively addressed, DNV Solberg stressed.
In response to the responses collected, the DNV report recommends allocating more budget, identifying specific vulnerabilities, and focusing on better training rather than just updating computer systems and software.
[Edited by Zoran Radosavljevic]