In the United States, oil and electric companies are particularly susceptible to cyber threats like unethical hacking, compromised networks, and more. Though there are technologies designed to stop these threats before they start, many energy companies remain vulnerable due to a variety of factors. From attacks that result in physical shut-downs to remote interference with smart utility meters, the threats continue to loom as technology struggles to keep up. Here, we’ll examine how cyberattacks can threaten energy infrastructure and what is being done about it.
Why the Energy Industries Are Under Attack
In a world driven by technology, it is no wonder that energy infrastructures are under constant attack. The most common cyber threats faced by utility companies are data theft and fraud. Although these are common threats across industries, utility companies are a particularly ripe target for cybercriminals because of the widespread impact that results from these attacks.
Hackers and other unethical actors continue to find new ways to attack the energy infrastructure. These attacks range from small-scale data breaches to far-reaching outages. Although their motives aren’t certain, some common motivating factors for these attacks include activism, politics, and retaliation against specific decision-makers in the industry. According to a 2016 report compiled by the Mission Support Center of the Idaho National Laboratory, cybercriminals are more likely to attack public utilities. In response, lawmakers, government agencies, and utility company officials have worked together to create and enforce infrastructure protection standards to quell these attacks.
Efforts to Reduce Energy-Related Cyber Attacks
Cyber threats to public utilities are a real problem, but addressing them hasn’t been so straightforward. Common roadblocks include funding issues and inconsistent policy, which lead to inconsistent results. The cost to implement highly effective cybersecurity is one of the main barriers as well, and many companies have failed to evolve with the technology required to stem these attacks.
Despite the lag in properly addressing utility-specific cyberattacks, there have been some recent efforts. The Department of Energy’s Office of Cyber Security Energy Security and Emergency Response unveiled its initiative designed to protect the United States energy system. The report, released March 18, 2021, highlighted new research problems that focus on three key areas:
1. Addressing security vulnerabilities in the global supply chain: The Department of Energy is assisting with the testing of cutting-edge analytic technology that can better pinpoint security vulnerabilities in the United States energy system. To stop cyber threats before they start, the DOE’s partnerships with tech companies, legal experts, and cybersecurity experts serve to solve a huge problem.
2. Increasing protection from electromagnetic and geomagnetic interference: Interference via electromagnetic and geomagnetic pulses can wreak havoc on energy systems, so the Department of Energy is actively working with utility companies and researchers to identify weaknesses in the system that facilitate these kinds of attacks.
3. Cultivating the next generation of cybersecurity experts: To address looming threats, utilizing the latest technology is a must. By focusing on training new researchers and top talent, cyber threats in the utility system can be effectively reduced.
Stopping Future Threats
The issue of cyber threats as they relate to the United States energy system is a complex one that relies on technology for many of its answers. While the DOE’s efforts are a step in the right direction, there is more work to be done.
One of the biggest barriers to progress is utility companies’ use of legacy technology. Not only is this older tech easier for cybercriminals to exploit, but it is also problematic because it can usually only be serviced by a handful of vendors. The limited number of vendors tend to focus on keeping systems operational rather than addressing security vulnerabilities. Compounding the problem are energy company decision-makers who see security as secondary to routine maintenance and use a band-aid approach to vulnerabilities. Patching hardware issues instead of updating to the latest technology makes it that much easier for cybercriminals to infiltrate systems. Once a breach occurs, the response time is impacted since only a few vendors can serve systems and/or equipment. Overhauling systems is time-consuming and costly, which certainly impacts the decisions of energy company executives. One estimate put a complete system overhaul at a price tag of $100 million.
So what does the future hold for energy companies in the United States that are faced with cyber threats? Barring the high cost, infrastructure overhauls are one of the most viable solutions to minimize cyberattacks. Network upgrades offer a technology-driven solution that can spot weaknesses via remote monitoring. The benefits of updated technology are hard to ignore, but regulatory agencies have been reluctant to push mandates for these upgrades. The DOE’s initiative is a step in the right direction, but only time will tell if these changes will stick.
Recent Comments