E2B: Energy Industry Cybersecurity Threats In The Digital Age

Are energy companies taking cybersecurity seriously? Are they shifting focus to application security?

E2B host Daniel Litwin speaks with Dan Cornell, Chief Technology Officer of the Denim Group and Kent Landrum, Managing Director at Opportune LLP, to get answers to these questions and more.

Cornell begins by explaining cybersecurity challenges for the energy industry. “The energy sector is so diverse from a cybersecurity standpoint—different sizes, economics, and types of business. Many under invest in cybersecurity,” he says.

Cornell notes that many organizations are adopting important tactics like threat modeling, vulnerability scans, code analysis and software composition analysis. “Firms will be better off to be more programmatic than tactical in cybersecurity,” Cornell says. “The awareness around risk, especially in the software supply chain, is becoming greater because every organization consumes software.”

Cornell and Landrum also discuss different types of cybersecurity risks, with Cornell noting that cyber-attacks by nation-states actors are the most dangerous as opposed to the “hacktivist” variety because they have resources. Cornell and Landrum point to several high-profile cyber attacks have hit the energy industry in recent years—most notably being Saudi Aramco, the biggest OPEC exporter, being targeted by the “Shamoon” virus, which cripples computers by wiping their disks, in 2012 and 2017. “Aramco was a wake-up call for the [energy] industry,” Landrum says.

The attack on Ukraine’s power grid in December 2015 is also startling, according to Landrum. This well-coordinated cyber incident took 30 substations offline and put 230,000 people in the dark for hours. “The Ukraine example is one of the first cases where we saw the progression from the enterprise or the corporate side of IT over into operations technology,” Landrum says.

Cornell speaks about digital transformation and its opportunities and challenges. “Companies are adopting more technology faster and a DevOps culture where they break down the silos between development and operations teams, which is good, but there are application security implications,” he says. “It’s really more of a cultural change than anything.”

Meanwhile, Landrum says he continues to see many energy firms use legacy enterprise resource planning (ERP) and energy trading and risk management (ETRM) systems that run on outdated versions of commercially available applications, which can open up cyber vulnerabilities and hinder technical advancements . “The consequence of that is it essentially traps the IT department and prevents them from being able to upgrade and patch those components to close known security vulnerabilities,” he says.

In summary, Landrum and Cornell agreed that updating or “modernizing” legacy energy enterprise applications like ERP and/or ETRM systems can go a long way in reducing a system’s attack surface and ensuring energy companies become a harder target for malicious cyber threat actors.

Follow us on social media for the latest updates in B2B!

Twitter – @MarketScale
Facebook – facebook.com/marketscale
LinkedIn – linkedin.com/company/marketscale

Follow us on social media for the latest updates in B2B!

Image

Latest

hvac workforce development
Mentorship and Knowledge Transfer are Key HVAC Workforce Development Strategies for a Growing Industry
January 20, 2025

The HVAC industry is facing a critical challenge: a growing demand for skilled workers amid a wave of retirements. According to the U.S. Bureau of Labor Statistics, the need for HVAC technicians is projected to grow by 9% from 2023 to 2033. With this increasing demand, HVAC workforce development has become essential as companies…

Read More
InfoComm 2024
Recap of InfoComm 2024 with AtlasIED
January 18, 2025

InfoComm 2024, the industry’s most vibrant stage for showcasing the latest advancements in pro AV, has concluded in spectacular fashion. From groundbreaking product releases to insightful panel discussions, this year’s event highlighted the ongoing evolution of the sector. As a market leader in audio/comms solutions, AtlasIED played a pivotal role in shaping this year’s conversations…

Read More
audio/comms solutions
Unlocking Abundant Benefits with AtlasIED’s Innovative Audio/Comms Solutions
January 18, 2025

Modern businesses are continually looking for cutting-edge solutions to streamline their operations and increase efficiency. One such essential instrument is an effective and robust audio/comms solution. AtlasIED, a global leader in audio/comms solutions, is redefining this landscape by offering state-of-the-art products that cater to the diverse needs of various industries. Why AtlasIED – A Masterstroke…

Read More
innovative leap in commercial audio
An Innovative Leap in Commercial Audio: AtlasIED’s Fine Speaker Takes Center Stage
January 18, 2025

The innovation journey of AtlasIED has reached a transformative milestone. The result is an avant-garde speaker technology that is set to revolutionize the commercial audio space. Here’s a close look at the ground-breaking Atlas Fine speaker. The Birth of a Path-Breaking idea The coming together of AtlasIED and Fine on a common platform marks the…

Read More