15 Apr 2024
by Sean Arrowsmith

8 key insights for managing OT threats in the energy sector

Guest blog by Sean Arrowsmith, Director of Industrials at NCC Group #techUKOTSecurity

A recent surge in cyber attacks against critical infrastructure has highlighted the vulnerabilities inherent in the energy sector and the far-reaching impact these attacks can have on organizations and the economies and societies they support. Between the conflicts in Ukraine and Gaza, persistent threats from Russia, China, and North Korea, and hacktivism driven by environmental motives, the energy sector is managing more risk than ever from both nation-states and organized criminal gangs.

Simultaneously, the push toward digital transformation is rapidly expanding the attack surface to include operational technology (OT), as newly connected systems expose previously sequestered and highly vulnerable infrastructure.

Our latest Energy Sector Threat Intelligence analysis underscores the growing need for hypervigilance when securing OT. Here, we’ll cover some key actions and provide tips for how energy and utility companies can bolster OT security in the face of these advancing threats.

OT is in the crosshairs.

While ransomware has long been a threat across industrial sectors, new strains are specifically targeting PLC and SCADA networks to take down operations. Once the tactic of state-level actors, it’s now become the domain of organized crime.

Mainstream criminals view these as lucrative targets because an attack that halts production hurts the organization’s ability to generate revenues, increasing the likelihood of ransom payment. That motive only deepens when it affects critical infrastructure for delivering power and heat to millions.

Digitisation amplifies risk.

Bringing energy operations online through the Industrial Internet of Things (IIoT), connected sensors, and remote technology has tremendous business benefits. Still, it can also inadvertently throw the doors wide open.

In the IT world, weekly patching is the norm. But in OT, most offline systems have sat in live environments untouched for 20 years, growing increasingly outdated. When they’re suddenly brought online, this immediately exposes legacy systems to internet-based threats they were never designed to defend.

Supply chain risks are lurking.

Just as energy companies strive for operational efficiency, cybercriminals are, too. Threat actors are investing more time and resources into attacking critical suppliers because it’s a better bang for the buck; why attack companies individually when you can breach one and use that access to disrupt thousands?

The Solar Winds/Sunburst attack is just one example highlighting the exponential impact of supply chain risk. A single exploited supplier vulnerability could bring down an entire energy grid or even result in serious harm or loss of life in the event of equipment malfunction. While regulations like the EU Cyber Resilience Act are aimed at addressing this risk, energy companies must take independent action.

Detailed asset inventory is essential.

You can’t secure or defend what you don’t know exists. Before connected systems are brought online, it’s crucial to identify vulnerabilities and include mitigation plans as part of your digitization strategy. Create a tiered threat scheme to prioritize potential threats and build defense tactics as you roll out, including the supply chain.

Monitor for cyber threats in the environment.

Implement continuous monitoring of OT assets in security operations centres. Deploy monitoring across all layers of the architecture to ensure indicators of compromise are alerted on as quickly as possible to allow detection, management, and mitigation of cyber threats in the new environment.

A defense-in-depth strategy is critical.

Devise a layered security model that puts the riskiest assets in the most protected zone, allowing access only to permitted traffic or protocols. This network segmentation sequesters critical assets and will enable you to lock down access incrementally in the event of a threat to minimize damage and impact on operations.

Suitable endpoint monitoring technology is also a must to detect suspicious activity, and while online access is the most common attack vector, don’t neglect physical security. Outdated devices in remote, unmanned facilities could be extremely easy targets.

Bring IT and OT together to address risks.

Disconnect within the organization is one of the biggest obstacles to OT security. OT is often the domain of engineers and operations staff, who do not view their equipment through an IT lens. Bridging the gap between OT and IT by bringing these teams together around the same table is vital to improving OT security posture.

Practice incident response.

Given current trends and the broadening vulnerability landscape, it’s not a matter of “if” but rather “when” energy companies will be attacked. That’s why continuously revisiting and drilling incident response (IR) processes, procedures, and roles/responsibilities, including legal and communications strategies, is essential.

The better rehearsed you are, the better you’ll fare in an incident in terms of both network and business impact and reputation damage.

Dig into the full data from our latest energy sector threat intelligence report: Get the report

techUK’s Operational Technology Security Impact Day 2024 #techUKOTSecurity

techUK’s Cyber Programme is delighted to be holding our first securing Operational Technology (OT) security impact day to showcase how cyber companies are helping organisations to secure their OT and navigate the convergence of IT/OT systems.

Find all the insights here!

Cyber Security Programme

The Cyber Security Programme provides a channel for our industry to engage with commercial and government partners to support growth in this vital sector, which underpins and enables all organisations. The programme brings together industry and government to overcome the joint challenges the sector faces and to pursue key opportunities to ensure the UK remains a leading cyber nation, including on issues such as the developing threat, bridging the skills gap and secure-by-design.

Learn more

Join techUK's Cyber Security SME Forum

Our new group will keep techUK members updated on the latest news and views from across the Cyber security landscape. The group will also spotlight events and engagement opportunities for members to get involved in.

Join here

Cyber Security updates

Sign-up to get the latest updates and opportunities from our Cyber Security programme.





Related topics


Sean Arrowsmith

Sean Arrowsmith

Director of Industrials , NCC Group