Cybersecurity and the Energy Sector
The Energy Sector has rapidly evolved into the top target of Cyber-attacks and malicious nation-state actors. We are here to inform and provide solutions to meet new challenges.
2020: Department of Homeland Security declares the U.S Energy Sector the #1 Sector under Cyber-Attack.*
Oil & Gas 2018: $1.6 Billion in Revenue loss through Cyber-Attacks*
60% go out of business following a Cyber-Attack.*
40% of all Cyber-Attacks target the Energy Sector.*
The Colonial Pipeline Hack has proven the fragility of critical U.S infrastructure, and has exposed the huge hole in Cybersecurity readiness within the Energy Sector. The incident has sparked gasoline shortages across the East Coast, and heightened calls for tighter cybersecurity controls within America's critical infrastructure supply chain. However, the federal push for enhanced cyber-readiness in the Energy Sector has been several years in the making.
In 2018, the DHS designated Oil and Gas industry as part of the U.S critical infrastructure for cybersecurity purposes, as the industry supplies critical raw materials to public utilities and the oil supply chain. Recently, the attacks of foreign nation states targeting critical U.S infrastructure, including the Energy Sector, are rapidly increasing. The Trump Administration, in collaboration with the Department of Energy (DOE), established the Office of Cybersecurity, Energy Security, and Emergency Response (CESER) in 2018, to elevate the Department’s energy security responsibilities, help grow cybersecurity awareness in the Energy Sector, safeguard against growing and evolving cyber, and physical threats to U.S. critical energy infrastructure. CESER’s main goal is to “build capacity in the energy sector to understand risks, assess priorities, and identify cost effective security and IT-infrastructure resilience improvements”*.
As a response to numerous federal and critical infrastructure attacks, the Biden Administration in collaboration with the Energy Department, have issued an Executive Order on America’s Supply Chains and the 100 Day plan, tasking the electricity supply chain, power grid providers, and utilities, to implement cyber detection, mitigation, and forensic capabilities*. Further, the increased deployment of technologies to improve defense mechanisms against attackers is strongly encouraged*. The order possibly affects any oil and gas organizations involved in the supply chain of electricity suppliers. The department of Energy has announced plans to potentially extend the order to any Oil and Gas industry in the supply chain of public utilities or directly supplying public utilities.
The Energy Department’s impending guidance builds upon the Biden Administrations May Executive Order on Cybersecurity, which strongly encourages all organizations in oil and gas companies supplying public utilities, government entities, and critical infrastructure operators to implement monitoring, mitigation, and response mechanisms as per the 100-day plan. The security mechanisms suggested are aiming to defend critical infrastructure against outsider threats or nation-state actors.
We are prepared to help oil and gas organizations to respond to the current and forthcoming cybersecurity guidelines, with Security Management programs tailored to the specific needs of the oil and gas sector. We recognize the hurdles the oil and gas sector faces, and our goal is to help the sector get ahead of rules and regulations. Our solutions can provide an economic path to achieving improved defense mechanisms and protecting America’s critical infrastructure.
1. Department of Energy, "DOE Announces Cybersecurity Programs for Enhancing Safety and Resilience of U.S. Energy Sector". DOE, March 2018. Retrieved from: DOE Announces Cybersecurity Programs for Enhancing Safety and Resilience of U.S. Energy Sector | Department of Energy
2. Executive Order on America's Supply Chains. February 2021.
4. Motorola Solutions. "Protecting Operations in the Energy Sector from Cyber-Attacks."
3. NPC. "Dynamic Delivery". 2019. Dynamic Delivery - Downloads (npc.org)
5. Hiscox. "2019 Cyber-Readiness Report".
6. Leidos. "Definitive Guide to Cybersecurity for the Oil and Gas Industry".