Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Leo Simonovich
Leo Simonovich

2020's COVID Accelerated Digitalization Demands Stronger Cybersecurity in 2021

As critical infrastructure faces increasing and sophisticated attacks, these trends will enable the energy sector to shore up its cybersecurity defenses.

From shifts in geopolitics, the energy transition, and climate change to upending the status quo in global health, financial markets, and private sector business models, 2020 will be remembered as a year of seismic change.

For many, the year was an eye-opening education on the power of digital tools to rapidly revolutionize the way we do business. In the energy industry in particular, COVID-19 accelerated the convergence of digitalization and the energy transition — two trends that pose significant challenges and opportunities for global utilities, oil and energy producers, and industrial infrastructure and electrification companies.

Related Content:

Industrial Networks' Newest Threat: Remote Users

How Data Breaches Affect the Enterprise

New From The Edge: Understanding TCP/IP Stack Vulnerabilities in the IoT

The digital revolution in the energy sector comes with huge benefits and brings new challenges for cybersecurity. As energy companies digitally connect operational technologies such as gas compressors, electricity substations, and electric vehicle (EV) chargers with information technology (IT) systems to reduce costs, improve efficiency, and cut emissions, they simultaneously become more vulnerable to cyberattacks. Energy companies are expected to connect 2.5 billion industrial devices in the next two years — and each new digital node represents an opportunity for attackers to disrupt power, cause immense economic and physical damage, and threaten essential services.

2021 will shine a light on the need for industrial cybersecurity to serve as the foundation for the evolving digital energy ecosystem. Digitalization and the energy transition dramatically accelerated in the tumultuous and unpredictable 2020. Energy companies, investors, and policymakers must now look to cybersecurity as the key to unlocking the benefits of these trends in the post-COVID era as critical infrastructure faces increasing and sophisticated attacks.

Trend 1: COVID, Remote Work, and an Expanded Threat Landscape
For decades, utilities and energy companies monitored operations and security for energy assets safely from within the walls of a centralized office or industrial facility. COVID-19 changed that. In a matter of days, utilities and energy companies rapidly instituted remote operations to keep employees safe and continue to provide power to homes, businesses, and frontline workers.

In shifting to remote or irregular operations, tasks once performed in secure locations with specific procedures became exposed to a vastly expanded attack surface with each new remote connection positing as a potential entry point. Continued remote work in 2021 will mean organizations of all types and sizes need to harden, closely watch, and maintain their defenses. This includes taking new measures — from reengineering security architecture to preparing for incident response — and ensuring entire chains are protected, safeguarding not only their resources but also their customers.

Trend 2: Digitalization and the Energy Transition
Investments in electrification and renewable energy infrastructure are booming — and these technologies depend on digital management. Distributed energy resources, from solar, wind, and battery storage to EV charging infrastructure, will account for close to a third of the United States' installed generating capacity in just five years. These technologies are key to meeting consumer demands for a low- or zero-carbon economy and are vital parts of the fight against climate change. Yet, because they depend on digital management of variable and often distributed power, each opens millions of potential entry points for cyberattacks. Critical infrastructure companies and utilities will need robust new monitoring and response tools to spot, identify, and repel cyber intrusions across this vast digital operating environment.

Trend 3: New Security for Legacy Oil and Gas Assets
Critical systems on an oil rig or pipeline could once be air-gapped within a company's interconnected digital systems — but no longer. Oil and gas companies have taken advantage of digitalization to reduce costs, improve efficiency, and reduce emissions. This means relying on software and IT networks to monitor and control thousands of physical endpoint assets — from gas compressors and oil wells to pumpjacks and turbines. These assets are often located hundreds or even thousands of miles from a company's security operations center, forcing companies to choose between their balance sheets and security.

In the new digital energy ecosystem, oil and gas companies have begun to recognize their operations are now exposed to significant cyber-risks. Cyber-risks will increasingly be managed as top-level risks, similar to financial, reputational, and safety hazards. Energy companies will increasingly require solutions to secure isolated assets until technicians can respond with new security protocols or, when needed, on-site physical updates.

Trend 4: Traditional Energy Companies Find Innovative Business Models
"Traditional" oil and gas firms are changing. BP's new CEO, Bernard Looney, made headlines in 2020 heralding the company's push from fossil fuels to clean energy. That transition will depend on harnessing cutting-edge tech and software and transforming the oil colossus into a "lighter, more agile" company with operations across the entire energy value chain. Major companies will shift toward more dynamic, interconnected ecosystems with software and digital assets at the core of their new operations. This means that large and storied companies that long defined corporate discipline will need to put cybersecurity at the heart of their business models.

Trend 6: Tools to Stop the Attack Before It Happens
Energy companies and utilities once lacked the visibility and context to identify digital threats and stop an attack in its tracks. New tools make better monitoring possible — and necessary. Where cybersecurity experts at energy companies once defended a castle surrounded by a moat, open to the world by just a drawbridge or two, it's now pierced by hundreds of new walkways and doorways — some obvious and easy to monitor, others more inconspicuous.

Leveraging AI and machine learning, new built-for-purpose cybersecurity technologies are giving all energy companies — regardless of size and budget — the situational awareness to defend the operating environment from attacks. As industrial operating environments increasingly become targets for cyberattacks, these technologies are poised to gain traction in 2021 and become the industry's first line of defense.

Leo Simonovich is responsible for setting the strategic direction for Siemens' industrial cybersecurity business worldwide. He identifies emerging market trends, works with customers and Siemens businesses to provide best-in-class cyber offers, and contributes to the ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.