Responding to Infrastructure Attacks

Whether it’s revisiting the panic created by Stuxnet or the more recent shockwave emanating from the Colonial Pipeline hack, the reality is that our energy infrastructure has always been, and will continue to be, a prime target for cyber criminals. Whether their motives are purely financial or spill over into the geopolitical realm is inconsequential. What matters is that these far-reaching attacks are escalating in complexity and frequency as well-funded hacking organizations continue to see opportunities to exploit soft spots in our cyber defenses.

According to Claroty67 percent of organizations within the oil and gas sector were hit by ransomware last year, further illustrating the ongoing challenges facing the industrial and energy sectors. To offer some insight on these findings and the overall threats facing oil and gas operations, I recently sat down with Gary Kneeland, Principle Product Manager at Claroty.

Jeff Reinke, editorial director: What are the most prominent vulnerabilities facing the oil and gas sector right now?

Gary Kneeland, Claroty: The oil and gas sector is currently grappling with several significant vulnerabilities, primarily driven by digital transformation. The adoption of advanced technologies like IoT, AI, and big data analytics has exposed the sector to sophisticated cyber threats. A critical vulnerability lies in the sector’s reliance on outdated legacy systems, which often lack essential security patches and are highly susceptible to modern cyberattacks.

The expanding attack surface, due to the integration of operational technology (OT) systems, industrial control systems (ICS), and SCADA systems further exacerbates these vulnerabilities.

JR: Why types of attacks are most common?

GK: Ransomware attacks are the most prevalent in the oil and gas sector, with financial and public safety consequences. These attacks often result in data encryption, with severe financial and operational consequences. This year alone, 67 percent of energy, oil, gas, and utilities organizations were hit by ransomware, with 80 percent of these attacks resulting in data encryption.

The financial impact of these attacks is severe, with recovery costs averaging $3.12 million per incident. Additionally, AI-powered phishing, deepfake scams, and automated vulnerability exploitation are becoming increasingly common, especially as AI becomes more integrated into cybercriminal tactics.

JR: What impact has Colonial Pipeline had on cybersecurity within the sector?

GK: The Colonial Pipeline attack was a watershed moment for the oil and gas sector, highlighting the critical vulnerabilities within its infrastructure. This attack not only disrupted daily lives but also led to tighter regulations and the introduction of new directives like the TSA directive for pipeline owners and operators. The incident underscored the need for stronger cybersecurity measures and prompted a reassessment of existing security frameworks within the industry.

JR: How are nation-state hackers impacting the oil and gas threat landscape?

GK: Nation-state hackers have increasingly targeted the oil and gas sector, driven by motivations such as espionage, sabotage, and geopolitical influence. These actors are often behind the most sophisticated and disruptive attacks, leveraging AI-powered tactics to enhance their impact. As geopolitical tensions rise, these nation-state-backed cybercriminals continue to intensify their focus on critical sectors like oil and gas, further complicating the threat landscape.

JR: What technologies, tools and/or strategies are seen as the most promising cybersecurity solutions for this sector?

GK: Key technologies and strategies seen as promising for securing the oil and gas sector include comprehensive visibility into all cyber-physical systems (CPS), seamless integration of IT and OT systems, consistent application of IT security controls across OT environments, and network segmentation. AI and machine learning are also critical, enabling real-time threat detection and automated security processes.

Additionally, adopting zero-trust architectures and enhancing regulatory compliance are viewed as essential for building a resilient cybersecurity posture.

JR: What cybersecurity trends do you see impacting oil and gas over the next 12-18 months?

GK: The convergence of IT and OT environments will necessitate a unified security strategy to address both traditional IT threats and the unique vulnerabilities of OT. Geopolitical tensions will likely drive further emphasis on network segmentation, asset visibility, and continuous security updates. Zero-trust architectures and stricter regulatory compliance will also gain prominence as the industry seeks to safeguard its critical infrastructure against evolving threats.

Read More