Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Leo Simonovich
Leo Simonovich

Global Predictions for Energy Cyber Resilience in 2020

How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch.

The new year is shaping up to be a year of giant leaps for cybersecurity and the energy sector. The escalation of attacks brought us to a tipping point in 2019. Across the energy sector, leaders now recognize we need to step up defenses to meet the threat environment.

Over the past few years, cyberattacks on the energy sector have grown in volume and in sophistication. Attacks increasingly targeted the operating technology (OT) environment, reaching beyond information technology (IT) systems like servers and mobile devices to attack machinery and equipment including turbines, compressors, and transformers. This distinction has consequences. Attacks on the OT environment have the potential to cause physical damage to a plant, create service outages, and even cost lives. In some cases, attackers had the backing of nation-states in developing attacks specifically tailored to disruption of operations — not the theft of information that many IT cybersecurity measures are designed to prevent.

Just as important: Defending the OT environment is not the same as defending IT. The tools used to recognize malware on a server or desktop aren't a one-to-one match for the steps needed to recognize attacks intended to break a steam turbine, let alone stop an attack in progress. Utilities — especially large utilities — continue to seek better visibility into their operating assets through digitalization. When asked in an industrywide survey conducted in the summer of 2019 by Siemens and the Ponemon Institute, utility sector cybersecurity officers estimated that 30% of cyberattacks on OT went undetected. Some utilities are now using artificial intelligence and machine learning technologies to boost cybersecurity by not only monitoring their system conditions, but automating the contextualization of their data. Understanding context is essential to recognizing attacks in the OT, where malicious code may not carry the telltale signatures used to recognize conventional IT attacks.

The good news is that leaders across the industry are aware they face a new type of threat, and they're aware that current defenses can't meet that threat. That awareness will prompt action. Here are my predictions about five key trends in cybersecurity in the utility sector this coming year.

Trend 1: Cybersecurity will take new prominence in organizational structures.
Cybersecurity risks now rise to the level of the C-suite and the boardroom. Get cybersecurity wrong, and your organization will face financial, reputational, and service outage consequences. Clear, direct communications from cybersecurity experts to leadership will be an essential feature of any strong organization. A CEO doesn't need to be an expert — but they'll need to hear from someone who is.

Trend 2: People and talent will remain scarce.
With cyberattacks now confronting the OT environment, a strong cybersecurity team needs to draw on experience from the operating environment, security, and IT. A single person rarely has the necessary skills and experience — and those people who bring a combined background will be highly valued.

In our recent industry survey, lack of skilled personnel was the No. 1 most cited pain point in managing cybersecurity risk. Fifty-eight percent of cybersecurity officers indicated that their organization did not have sufficient staff to meet their cybersecurity objectives in the OT environment. Meanwhile, the same survey showed that utilities allocated the smallest share of their cybersecurity budget to personnel and training. Large organizations will compete to hire the talent that is available.

Trend 3: Small and midsize organizations will be targets.
Many utilities In the United States and around the world are relatively small, serving a municipality or a region. These small and medium-sized organizations face the same threat environment as the largest corporations. In one set of attacks in 2018, nation-state hackers targeted small businesses in or affiliated with the electricity sector. The set of targets included small generating stations with contracts to provide emergency backup power to U.S. military installations. This is an alarming example of how the shift toward threats targeting OT coincides with a shift toward targeting smaller organizations.

Trend 4: Partnerships will drive innovation.
Many organizations already contract out cybersecurity as an efficient way to bring together cyber expertise with the knowledge of their unique operating environment. When surveyed, 70% of respondents indicated an interest in contracting third parties for monitoring and detection Expect a cottage industry of experts in cyber and OT to offer solutions — and expect some growing pains. Organizations will need to learn how to build the trust and intimacy needed to share real-time operating data with partners, on top of doing the technical work that enables monitoring and protection.

Trend 5: Context will be key, and artificial intelligence will be king.
Whether in-house or as partners, one major challenge in defending operating environment lies in understanding what's happening in the machinery quickly enough to flag and mitigate attacks. Getting it right requires monitoring every possible attack pathway, along with thousands of data points about the operating state of equipment. There are clear advantages to automating this analysis, even before considering the talent shortage in cybersecurity. To date, only 18% of utility organizations have adopted AI to automate monitoring and contextualization of OT system conditions, but these technologies offer great promise for amplifying the efforts of small teams, and tailoring solutions to unique systems.

I'm broadly encouraged by a new awareness about the nature of threats against the energy sector. We have a lot of work to do to catch up — and we should not expect attackers to stay still. But I believe the energy sector is primed and ready to answer the escalating attack environment in OT, and to build the trust, the partnerships, and the technologies that will protect critical infrastructure in 2020 and beyond.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Car Hacking Hits the Streets"

Leo Simonovich is responsible for setting the strategic direction for Siemens' industrial cybersecurity business worldwide. He identifies emerging market trends, works with customers and Siemens businesses to provide best-in-class cyber offers, and contributes to the ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.