How is cyber innovation disrupting the energy sector and critical infrastructure?
Groundbreaking technologies are driving a seismic shift in cybersecurity, particularly for critical infrastructure and the energy sector. Image: Kaitlyn Baker/Unsplash
Listen to the article
- Groundbreaking technologies are driving a seismic shift in cybersecurity, particularly for critical infrastructure and the energy sector.
- The ongoing digitization and renewables-driven transformation of the energy sector makes energy companies particularly vulnerable.
- The World Economic Forum is convening a meeting where stakeholders will discuss how to maintain the momentum in renewable innovation, while prioritizing cyber concerns.
New technologies keep making cybersecurity in the energy sector more important – and more challenging. Ground-breaking technologies produce new efficiencies and reduced emissions as the energy transition and ongoing digitalization revolutionize the sector. Add rapid advancements in artificial intelligence to the mix and the result is a blistering pace of change for an industry where infrastructure investments typically span decades. Both the nature and the pace of change heighten the need to build a strong cybersecurity ecosystem.
Why the energy sector matters
The energy sector operates critical infrastructure. Access to affordable, reliable energy remains a critical enabler for economic prosperity everywhere around the world. Because energy infrastructure serves as the backbone for global nations and businesses to operate, it is a frequent target for cyberattacks.
The energy transition is a priority because of its role in meeting the global commitment to combat climate change. Digitally-native technologies and business models like wind and solar power, smart metering, distributed generation, and peaker plants cannot work without digitized operational technologies (OT). Digital management that maximizes the efficiency of equipment extracting, producing, moving, and using other fuels likewise is indispensable for meeting carbon emissions targets. Existing energy companies are shifting their business models toward renewables while also digitizing existing operational technologies to increase efficiency and reduce emissions.
Attackers increasingly target these OTs, exploiting the new vulnerabilities created by digitalization. Infrastructure defenders need to keep up with innovation in the assets and business models of their parent organization and with the potential misuse of new technologies by attackers. In a 2021 SANS survey, cybersecurity experts identified the energy sector as the most likely to suffer attacks on industrial control systems that impact operational safety and reliability.
Finally, technological innovations expand the possible attack pathways available to malicious actors. This is true whether or not companies adopt the innovations in question. Organizations whose business practices remain unchanged also face rising threats, as attackers adopt new technologies like ransomware and AI-generated phishing attacks. Because some nation-states seek covert opportunities to cripple rival economies, energy infrastructure will remain a high-value target for sophisticated, well-resourced attackers.
How is the Forum tackling global cybersecurity challenges?
Keys to (cyber)secure the future
A recent gathering of the World Economic Forum’s Oil and Gas Sector Cybersecurity Community identified three major challenges relating to the pace of innovation in their sector: adoption of new technologies, regulatory change, and partnering to enable collective defence. This community’s purpose is to convene stakeholders from the oil and gas industry, government and academic institutions to develop tools and frameworks that amplify and accelerate the adoption of proven approaches for cyber resilience. Community discussions help establish and align cybersecurity principles across the oil and gas supply chain, and help the sector benchmark cybersecurity best practices to meet the challenges faced globally.
As companies adopt new technologies – and as attackers innovate – security teams must decide how to achieve their organization’s mission without unduly exposing the organization or its customers to cyber risks. In the same SANS survey mentioned earlier, 59% of cybersecurity teams identified technical integration of legacy OT and modern IT systems as their biggest challenge to securing OT. This is one area where AI solutions can already help. Organizations are deploying AI cybersecurity monitoring for detection of signals within noise at previously unfeasible scales, allowing narrowing large amounts of data streams to just a few alerts that can be used by operators. Recently, a single natural gas power plant saw AI narrow the monitoring burden for operators by eight orders of magnitude, reviewing over 700 million events to draw operator attention to less than 10 alerts.
Innovations bring changing – and uncertain – regulatory landscapes. Because regulatory change is typically slower than innovation, energy sector leaders often must choose how to invest in cybersecurity without knowing the form final regulations will take. From the energy sector perspective, there is a clear preference for outcome-oriented regulations that avoid overly prescriptive compliance measures. Clear standards and reporting methods that apply across broader economic areas can help reduce the cost of compliance for large energy organizations.
Energy supply chains are interdependent – disruptions anywhere in the value chain can cause chaos up and down from producer to consumer. Just as critically, attackers sometimes target third-party suppliers as a strategy to move laterally into a larger organization. Building strong cyber defences and resilient energy infrastructure thus calls for maturing cybersecurity across the whole of the energy ecosystem. Equipment manufacturers, cybersecurity organizations, and technology vendors all have roles to play in this ecosystem.
Have you read?
Building a resilient cyber community
Recognizing that disruptive innovations will continue to drive competition and cyber threats in the energy sector, the World Economic Forum’s Centre for Cybersecurity is convening community participants for a body of work aimed at further exploring how to navigate these challenges. Drawing from the existing Oil and Gas Cybersecurity Community and the Electricity Cybersecurity Community, the new group will meet in November for a member-driven discussion.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Stay up to date:
Cybersecurity
Related topics:
The Agenda Weekly
A weekly update of the most important issues driving the global agenda
You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.
More on CybersecuritySee all
Rob Rashotte
October 30, 2024