Powering Resilience: Navigating the Cybersecurity Challenges in the Energy Sector

The energy sector’s critical infrastructure, interconnected systems, and critical role in the functioning of today’s society make it a prime target for cyber criminals. The impact of a cyber-attack can endanger public safety, in addition to crippling financial consequences for energy companies and the impact on the broader economy and national security. A constant and sustained awareness of the latest cyber threats and trends is therefore essential for any company working in this sector. IBM’s 2023 X-Force Threat Intelligence Index revealed that the UK’s energy industry was among the primary targets for cyberattacks for the second consecutive year in 2023, representing 16% of all cyber-attacks. 

Energised Cyber Threats  

Critical infrastructure  

Critical infrastructure such as power grid and oil and gas facilities are all highly valuable targets for a range of attackers.  

In May 2023 Denmark suffered its largest ever cyber-attack, during which 22 separate energy companies were targeted, of which 11 organizations were successfully breached. This was done by executing commands on vulnerable firewalls to obtain device configurations and usernames. In an illustration of the need to maintain a strong cyber security posture, EDF Energy has recently been placed under “significantly enhanced regulatory attention” after an inspection into its cybersecurity practices. 

According to data acquired by Recorded Future News there were a record number of cyber-attacks targeting critical infrastructure reported to the UK government at the start of 2023, while the NCSCS has recently warned about the need to protect against escalating threats to the nation’s Critical National Infrastructure (CNI).   

Industrial Control Systems (ICS) Vulnerabilities: 

Energy facilities such as electrical sub stations or power plants typically use Industrial Control Systems to operate systems. Malicious actors can take advantage of potential vulnerabilities, such as weak user access controls, to introduce malware and other ransomware.   

Ransomware 

Like most sectors, ransomware and phishing (including spear-phishing) attacks remain one of the biggest threats and causes of breaches and downtime to businesses. Attacks on oil and gas facilities, power grids or clean energy generators can bring down services for customers and disrupt the whole energy supply at its source.  To learn more about phishing, read our Phishing 101 guide here.  

According to IBM’s Cost of a Breach report the average global cost of a data breach for energy sector increased to US$4.78m in 2023, from US$4.72 in 2022.   

The transition to renewable energy has only increased the sectors reliance on technology and consequently the attack surface and number of entry points for cyber criminals. Legacy digital systems or clean energy infrastructure with weak built in cyber security measures, for example smart grids or solar farms are just two examples of potential entry points for ransomware.  

Nation-state-affiliated actors and hactivists are also a particular threat in the current geopolitical landscape, due to their highly sophisticated nature and potential to disrupt government operations. Hacktivists are often motivated for environmental or ideological reasons to target non-renewable energy infrastructure.  

Supply Chain Attacks 

The energy sector relies on complex global supply networks, from exploration, production (and power generation), transmission or transportation, to distribution. This can present multiple vulnerabilities, while making it challenging for energy providers to maintain full operational visibility. Malicious actors can gain unauthorised access by strategically targeting the weak points of suppliers and third-party vendors, which are especially vital to keep energy supply chains operational.  

Proactive Cybersecurity Measures for Energy Resilience 

Maintaining a Resilient Supply Chain 

Conducting regular audits on vendors and implementing strict cyber security standards ensures that third parties maintain a robust cyber security posture. Regular risk assessments across the whole supply chain are also critical in addition to close collaboration and sharing of threat intelligence across between global energy actors. PureCyber’s Phishing Simulation and Penetration testing service can help businesses in the energy sector find their vulnerabilities before the cyber criminals do.  

Incident Plan Response 

Developing and regularly updating an incident response plan ensures a quick and efficient response to cyber incidents and prevents prolonged downtime. Any business who plays a role in the energy supply sector must plan for the worst-case scenario before it happens, no matter how well prepared they think they are.   

Employee Training and Awareness  

Sustaining a strong cyber security posture is a shared responsibility. Conducting regular training sessions on cyber security best practice, for example how to spot a phishing email, can help employees protect themselves, their colleagues, and the broader sector from cyber threats.   

Continuous Monitoring and Compliance  

Companies in the energy often use a mixture of cyber and physical infrastructure such as SCADA (Supervisory Control and Data Acquisition) systems, which are used to control and monitor the physical processes, devices, and infrastructure involved in energy production and distribution. Continuous monitoring of such system’s endpoints and the wider cyber security framework of an energy company is therefore paramount in strengthening resilience against attack and adhering to industry best practice.  

Regulatory Compliance  

Adhering to industry/geographically specific and internationally recognised cyber security standards such as ISO27001 and Cyber Baseline is key to meeting basic cyber security requirements. For example, it is a legal requirement for any energy company involved in UK Government contracts to achieve Cyber Essentials accreditation.  

Next Steps  

Energy companies face a complex array of attack vectors, from financial extortion to sophisticated state sponsored attacks. As such, we at PureCyber strongly encourage businesses in the energy sector to take proactive steps to adapt to a highly challenging cyber landscape, and in doing so protect their costumers, national infrastructure, economies and contribute towards a sustainable energy future.  

How PureCyber Can Help You 

PureCyber’s offers a range of scalable and flexible cyber security solutions to build the cyber resilience of the energy sector. This includes our crest certified penetration testing services, 24/7 SOC and Active Threat Detection, cyber policies, patch management and incident response.  

Furthermore, as a long-standing certification body for both the Cyber Essentials Standard and Cyber Essentials Plus accreditation, PureCyber have a history of working closely with customers to help them achieve this governance standard.  

To view our subscription options and explore how our cyber experts can help to protect your energy, click here or read our previous articles on the energy sector here.