A Hands-On Approach to Addressing Cyber Risks in the Energy Sector Is Key to Securing Energy Systems

The recent ransomware attack on the Colonial Pipeline Company and the increase in ransomware attacks are catalyzing concern across the energy industry.

In an article for Energy Central, Danielle Jablanski, senior research analyst with Guidehouse Insights, says that beyond training and certifications, there are four practical ways to expand the knowledge base and coordinate incentives and initiatives across government, academia, and industry.

“Energy systems will not be secured overnight, and the tools, tactics, and procedures of threat actors will continue to morph,” Jablanski said. “Building a strong cohort of informed and capable leaders is key to strengthening US electric utilities’ ICS and securing the energy sector supply chain.”

The new approach includes strategies such as sharing information on cyber hygiene, attack patterns, and the booming exploit economy, expanding blackstart simulation exercises with the Rapid Attack Detection, Isolation and Characterization Systems (RADICS) program, demonstrating the potential for cascading effects based on interdependence of critical sectors, and working with equipment manufacturers and systems vendors to connect vulnerabilities to mitigation efforts.

In the article, Jablanski explains that as cyber risks to the industry continue to gain attention, new emphasis is being placed on the security of operational technology (OT) and industrial control systems (ICS).

“Securing OT is different in many ways from securing IT, but every organization has to understand risks and costs to begin to build mature security programs to defend against cyberattacks,” Jablanski said.