The energy industry is lagging behind other industries in protecting themselves against malicious hackers as cybersecurity protection remains weak and is not a priority.
Nearly seven out of ten respondents who work in the upstream, midstream and downstream companies said in a survey that their businesses have been compromised at least once during the year, with a loss of confidential information and disrupting their operations. Oil and gas companies are failing to protect themselves against hackers, according to a survey of 377 executives who secure or oversee cyber risk that was conducted by the Ponemon Institute, a Traverse City, Mich.-based privacy, data protection and information security policy research group, and sponsored by Siemens, a German-based electrification, automation and digitalization company.
The survey also revealed that 61% of respondents said their company has difficulty mitigating cyber risks with only 41% who said they continually monitor their infrastructure to prioritize threats and attacks. A large percentage of companies or 65% said the top cybersecurity threat is a negligent or careless insider and 61% said the company’s industrial control systems protection and security is inadequate.
Energy companies have not updated their systems and technology, leading to the potential of large breaches that can affect major infrastructure needs in the U.S., said Mike Kail, chief innovation officer at Cybric, a Boston-based security-as-a-service platform provider.
“The overall evolution of operational excellence has lagged far behind industry trends and standards,” he said. “The security issues and challenges within the oil and gas industry are monumental.”
These industries need to be more pro-active in their approach towards infrastructure and security and failing to address these issues quickly can be far reaching.
“Not to be a doomsayer, but imagine what the consequences would be if critical infrastructure were to go offline for even a few hours due to an attack or breach,” said Kail. “The original Mad Max movie gives a sensationalistic view into what could happen as a result of a longer term issue, but given our implicit reliance on such resources, it’s not that far-fetched.”
The businesses in the energy sector have focused too much of their resources and attention on physical security such as their plants and machinery instead of their technology.
These flaws lead companies more susceptible to attacks, said James Lee, executive vice president at Waratek, a Dublin, Ireland-based provider of application security solutions.
“To a hacker, the ways you attack a control application is just the same as how you steal information from a retailer or bank,” he said. “The difference is a cyberattack against control technology puts lives at risk.”