The recent cyber-attack on the Continental Pipeline and the impact on residents up and down the East Coast of the U.S. is one of the starkest reminders of the importance of cybersecurity for critical infrastructure. The frequency and severity of ransomware attacks on critical infrastructure are on the rise. According to the 2021 Global Risks Report, cybersecurity failures are among the top mid-term threats facing corporations around the world.
As enterprises drive digitization across business units, their exposure to risk grows.
For all enterprises, cybersecurity remains a challenge due to new regulatory requirements, increasingly strict penalties for non-compliance, migration of many business components to the cloud, new application development and merger and acquisition activities. Energy companies face the additional complexity of an industry ecosystem that in increasingly decentralized and complex with the transition to green energy.
Cybersecurity as a Strategic Initiative
The recent ransomware attack on the Colonial Pipeline brought this to the forefront. The 5,500-mile pipeline transports more than 100 million gallons of fuel per day from Houston, Texas, to the Northeast region of the U.S. It was taken offline on Friday, May 7, by a Russian hacking group called DarkSide, which demanded payment of $100 million in bitcoin. As of this writing, the pipeline has been restarted which has restored the flow of gasoline across the Southeastern and Eastern parts of the U.S. that felt the effects of the shutdown the most acutely. Rising gas prices, not seen since 2016, are also driving the need to get the pipeline back to normal quickly.
Other recent cyber-attacks that occurred earlier in 2021 raised awareness to the fact that security breaches are on the rise. In February of this year, a hacker broke into a Florida water treatment plant and attempted to increase the amount of chemicals and poison the water. And, in late 2020, the SolarWinds software hack further emphasized that the success of these events will depend on the shortcomings and limitations of companies’ cybersecurity measures.
The recent incident at Colonial Pipeline makes it glaringly clear that cybersecurity services are essential to a company’s livelihood. Because oil and gas companies and other enterprises involved in critical infrastructure are vulnerable to widespread cyberthreats, cybersecurity is becoming a strategic corporate initiative.
Protecting Oil and Gas Enterprises
To optimize the value offered by digitization, businesses and governments must reimagine how we protect our critical infrastructure. Unless cybersecurity practices are embedded into the corporate or organizational culture and digital products lifecycle, we are likely to see more frequent attacks on oil and gas pipelines, utility power plants and water treatment plants.
The following principles should be priorities for all energy and utility senior executives:
- Establish a comprehensive cybersecurity governance model
- Implement a holistic risk management and defense strategy with capabilities focused on prevention, monitoring and response
- Prepare and test resilience plans based on a list of pre-defined scenarios to mitigate and offset the impact of potential future attacks
- Collaborate with specialized cybersecurity service providers to get expert help protecting your entire environment
ISG can help your company establish a plan and strategy that will protect your company from cyber-attacks. Contact us to find out how to get started.