E2B: Energy Industry Cybersecurity Threats In The Digital Age

Are energy companies taking cybersecurity seriously? Are they shifting focus to application security?

E2B host Daniel Litwin speaks with Dan Cornell, Chief Technology Officer of the Denim Group and Kent Landrum, Managing Director at Opportune LLP, to get answers to these questions and more.

Cornell begins by explaining cybersecurity challenges for the energy industry. “The energy sector is so diverse from a cybersecurity standpoint—different sizes, economics, and types of business. Many under invest in cybersecurity,” he says.

Cornell notes that many organizations are adopting important tactics like threat modeling, vulnerability scans, code analysis and software composition analysis. “Firms will be better off to be more programmatic than tactical in cybersecurity,” Cornell says. “The awareness around risk, especially in the software supply chain, is becoming greater because every organization consumes software.”

Cornell and Landrum also discuss different types of cybersecurity risks, with Cornell noting that cyber-attacks by nation-states actors are the most dangerous as opposed to the “hacktivist” variety because they have resources. Cornell and Landrum point to several high-profile cyber attacks have hit the energy industry in recent years—most notably being Saudi Aramco, the biggest OPEC exporter, being targeted by the “Shamoon” virus, which cripples computers by wiping their disks, in 2012 and 2017. “Aramco was a wake-up call for the [energy] industry,” Landrum says.

The attack on Ukraine’s power grid in December 2015 is also startling, according to Landrum. This well-coordinated cyber incident took 30 substations offline and put 230,000 people in the dark for hours. “The Ukraine example is one of the first cases where we saw the progression from the enterprise or the corporate side of IT over into operations technology,” Landrum says.

Cornell speaks about digital transformation and its opportunities and challenges. “Companies are adopting more technology faster and a DevOps culture where they break down the silos between development and operations teams, which is good, but there are application security implications,” he says. “It’s really more of a cultural change than anything.”

Meanwhile, Landrum says he continues to see many energy firms use legacy enterprise resource planning (ERP) and energy trading and risk management (ETRM) systems that run on outdated versions of commercially available applications, which can open up cyber vulnerabilities and hinder technical advancements . “The consequence of that is it essentially traps the IT department and prevents them from being able to upgrade and patch those components to close known security vulnerabilities,” he says.

In summary, Landrum and Cornell agreed that updating or “modernizing” legacy energy enterprise applications like ERP and/or ETRM systems can go a long way in reducing a system’s attack surface and ensuring energy companies become a harder target for malicious cyber threat actors.

Follow us on social media for the latest updates in B2B!

Twitter – @MarketScale
Facebook – facebook.com/marketscale
LinkedIn – linkedin.com/company/marketscale

Follow us on social media for the latest updates in B2B!

Image

Latest

automation
Revolutionizing Revenue Cycle Management: The Power of AI & Automation
July 7, 2025

Amid a rapidly evolving tech landscape, decision-makers need to navigate new AI-driven solutions addressing industry-specific hurdles. This session, recorded at the HFMA 2025 show, sheds light on how leaders are using pioneering automation technologies to stay competitive and efficient.

Read More
Portable AV system
AV Anywhere: Portable AV Systems Are Now Essential for Mission-Critical Response in Unpredictable, Connectivity-Challenged Environments
July 7, 2025

In crisis scenarios, portable AV systems must perform under pressure because failure is not an option. As Keysight Technologies notes, the evolution of mission-critical communications now depends on low-latency, mobile-ready platforms that can operate reliably in unstable, infrastructure-poor conditions, making portable AV systems essential for real-time response and public safety operations. These are the…

Read More
future of marketing
Vibes and the Future of Marketing with Adbloom Founder and CEO Andrew Abony
July 7, 2025

Affiliate marketing is shedding its outdated reputation and entering a new era—one centered on authenticity, emotional resonance, and genuine human connection. As the future of marketing becomes increasingly relationship-driven, this shift is impossible to ignore. In fact, during the 2024 U.S. Cyber Monday, influencers and affiliate marketers were responsible for driving around 20% of…

Read More
brand identity
The Branding Balancing Act: Reinvent Without Losing Your Brand Identity
July 7, 2025

The recent resurrection of the Pac-12—reborn with new members and a possible rebrand—raises critical questions about what keeps a brand relevant in the face of disruption. According to Yahoo Sports, the rebuilt conference has signed a five-year media deal with CBS despite fielding just two original members, underscoring how legacy names must evolve to maintain…

Read More