By Almog Apirion, CEO and Co-Founder of Cyolo
Cyberattacks affecting the US energy infrastructure pose a persistent threat, and there are numbers of them that have never been discussed publicly. The recent hearing by the US Senate Committee on Energy & Natural Resources, focused on the complex and critical task of securing the American infrastructure, highlighted the fact that there are more questions than answers to this ever-growing challenge.
While the industry waits for clear regulatory guidance, the focus should be on the basics of securing all access to the critical power-delivery infrastructure. Understanding where critical components are made and the vulnerabilities associated with them is much needed, but while authorities figure this out, immediate action is necessary to restrict said access from internal and external sources to both new implementations and legacy systems.
It is not new that threat actors are becoming increasingly sophisticated, which underscores the urgency to prioritize cybersecurity measures to ensure the reliability of power-delivery to customers. Government agencies, private companies and security experts must work together to come up with plans that reduce these risks. However, most energy operators lack clear guidance and funding, so any direction provided to them should be flexible and specific enough to enable training programs to be created with that content.
The energy sector is very good at the day-to-day operation of critical infrastructure; it lacks guidance and resources when it comes to cybersecurity. As such, investment in this area is key. In fact, cybersecurity measures to protect the energy sector and maintain safety for energy users should take center stage. Additionally, open collaboration across the industry of known and emerging threats can help improve our overall industry cybersecurity posture.
