Industrial Control Systems in the Energy Industry Highly Vulnerable to Cyber Attacks
According to a variety of researchers, cybersecurity experts, and government officials, industrial control systems in the energy industry are one of the leading vulnerabilities when it comes to system-hacking, mainly due to years of underinvestment.
In fact, according to cybersecurity company Claroty, the number of vulnerability disclosures associated with industrial control systems increased 25% over the last year! And ransomware specifically is up an eye-popping 93% year-over-year.
Why Industrial Control Systems are Increasingly Vulnerable
It goes without saying that the increase in vulnerability disclosures over the past few years has correlated with the growing interconnectivity and automation of software and systems in general. Despite making important strides in technology, it is a challenge to ensure that all interconnected systems are continuously evaluated and upgraded to keep pace with the ever-evolving internet.
The recent Colonial Pipeline attack is a prime example of the repercussions of such lack of attention. The attack exposed years of industry-wide underinvestment and inaction and cost the operating company millions of dollars in ransom payments (much of which was subsequently recovered in what can only be explained as an incredible stroke of luck).
You might be thinking that the federal government could help, but any assistance from federal sources will probably not be enough to move the needle. Despite President Biden’s recent pledge to make additional funds available for cyber-hardening critical infrastructure, there is so much critical infrastructure in the U.S. that it is extremely difficult to prioritize where this funding should go. The Department of Homeland Security recognizes 16 sectors as owning critical infrastructure, which means that utility and energy companies must compete with many companies for that all-precious dollar.
Cybersecurity, as well as hardening interconnected technological platforms like industrial control systems, is a critical element of emergency preparedness in the utility industry. If your company is lagging behind in this regard, hopefully the Colonial Pipeline attack will serve as an eye-opener.