Defense In-Depth: Cybersecurity For Energy

Despite ongoing threats and a massive wake-up call in 2021, the oil and gas industry doesn’t appear to be ready for the increasingly dangerous cybersecurity threats present in the world. The Colonial Pipeline ransom attack in June 2021 cost the company $5 million in ransom, created supply chain shortages, and fueled price hikes while causing market uncertainty.

And with a lack of cybersecurity standards at the federal level, the oil and gas industry is vulnerable to future incidents. A recent bill hopes to address cybersecurity protection measures by requesting that the Federal Energy Regulatory Commission (FERC) create mandatory cybersecurity standards for the power, utility, and energy sectors

Even while this is taking place, the sector cannot sit idly by while waiting for federal standards to materialize. E2B: Energy to Business host Daniel J. Litwin spoke with Glenn Hartfiel, Principal, and Geoff Yut, Consultant, in Opportune LLP’s Process & Technology practice about current best practices to create and implement better cybersecurity solutions and strategies.

Yut explains, that as a baseline, it was difficult to predict what an organization doesn’t know might already be lurking in its network. He recommended that routine assessment of one’s attack surface and evaluating cyber risk exposure through third-party connections or vendors is critical.

“I think it’s important to remember that firms can’t protect what they don’t know that they have,” Yut says. “So, it’s important to regularly assess your attack surface and evaluate your exposure to cyber risk through those third-party connections or vendors.”

Hartfiel mentions there are some things companies can do on their own to mitigate their risk of a cyberattack such as implementing multifactor authentication, geo-blocking IP addresses outside of the U.S., installing malware scanners, and giving permission to select people within the organization who are trusted with access. The other big piece of advice that Hartfiel finds himself stressing to energy clients and the industry is educating people on best practices of cybersecurity.

“That is the biggest one that I stress is educate your users not to open attachments,” Hartfiel says. “They don’t know who they came from, right? That’s the weakest link in any company…to have somebody open up an email and then click on something and they have a rootkit installed or a malware virus that then can go out and attack the whole network.”

The age-old phrase “go big or go home” is why oil and gas and other energy-related industries become targets of hackers. These attacks make big headlines and can result in huge paydays. They can also create widespread panic if a grid goes down or a pipeline operation shudders. And when it comes to making the proper cybersecurity modifications and ensuring infrastructure is sound and up to date to handle such operational risks, there are no shortcuts.

“It takes at least 12 months to do upgrades and not cause any major impacts,” Hartfiel says.

The process is something that will likely need budgeting over some time. But since hackers wait for no one, the time for companies to strengthen their cybersecurity measures to make it harder for the next cyberattack is now.   

Follow us on social media for the latest updates in B2B!

Image

Latest

DXpedition
Icom Powers 3Y0K : Ham Radio’s Most Ambitious DXpedition to Remote Bouvet Island Part 1
July 11, 2025

Bouvet Island sits at the edge of the world. It is frozen, uninhabited, and almost impossible to access. Fewer people have set foot there than in space. That level of remoteness is exactly what makes it so valuable to amateur radio operators. The island ranks tenth on ClubLog’s list of Most Wanted DXCC entities,…

Read More
entrepreneurial success
The Hidden Key to Entrepreneurial Success: Build Momentum Through Personal Branding and Authentic Networking
July 10, 2025

What if the biggest pivot of your career started with a conversation?  In this episode of Professional Quotient, host Jason Winningham welcomes Fanny Dunagan, CEO and Content Strategist of PathLynks, LLC. Fanny shares her journey from high-pressure consulting in Singapore to founding her own media and branding company — and why learning to network…

Read More
Q2 2025
RM Q2 2025 Wrap Up
July 9, 2025

Rogue Marketing continues to lead with intention in a space often driven by noise. Q2 2025 reflected a strategic focus on substance, where each initiative supported long-term brand growth. The team transformed internal recognition efforts into enduring brand assets and refined event strategies through immersive, results-driven experiences. Website launches during the quarter balanced visual…

Read More
amateur radios
Hamvention Spotlight: Emergency Preparedness Led PrepHam Paul to Amateur Radios and a Rising Voice in the Field
July 9, 2025

PrepHam Paul (K5VLP) celebrated his first visit to Dayton Hamvention by marking a major channel milestone. He hosted a giveaway of the  IC-2370B mobile radio from Icom to thank viewers for helping him reach 10,000 subscribers. His passion for emergency preparedness, rooted in his experience as an Eagle Scout and later studies in emergency management,…

Read More