The energy industry is a steward of some of the most critical infrastructure on the planet. Yet triple digit threat increases from ransomware attacks and state-sponsored cyberwar are putting the safe and economic management of oil & gas assets at risk. Teams who lack basic cybersecurity hygiene or a business continuity and disaster recovery plan are walking on thin ice.
The Cybersecurity and Infrastructure Security Agency (CISA) is the pinnacle of national risk management for cyber and physical infrastructure.
The following remarks are gathered from a recent opening statement by CISA director Jen Easterly before the House Select Committee on Strategic Competition Between the United States and the Chinese Communist Party:
We have observed a deeply concerning evolution in Chinese targeting of US infrastructure. Specifically, Chinese cyber actors, including a group known as “Volt Typhoon,” are burrowing deep into our critical infrastructure to be ready to launch destructive cyber-attacks in the event of a major crisis or conflict with the United States. This is a world where a major conflict halfway around the globe might well endanger the American people here at home through the disruption of our gas pipelines; the pollution of our water facilities; the severing of our telecommunications; the crippling of our transportation systems—all designed to incite chaos and panic across our country and deter our ability to marshal military might and citizen will. This threat is not theoretical. And what we’ve found to date is likely the tip of the iceberg.
Microsoft and other security partners reported in 2023 that Volt Typhoon had carried out multiple cyber-attacks on the Pacific island of Guam where the US has a strong military presence. Ironically, Microsoft itself was hacked this January with e-mail from its executives exposed by the same Russian-backed group responsible for the SolarWinds software supply chain breach, the largest cyberattack in US history.
Bringing the attacks closer to home, the Colonial Pipeline was infiltrated in 2021 when hackers stole 100 gigabytes of data before deploying ransomware that encrypted critical systems. Fearing that the attack could spread to operational systems, the operator shut down the entire pipeline as a precaution.
Before the start of 2024, it was impossible to know the real scope of cyberattacks across the energy industry because companies weren’t required to report incidents and teams also fear the reputational damage that comes with public knowledge. As the pipeline example shows, the biggest risk for critical infrastructure is from infected information technology (IT) systems crossing over into operational systems (OT), underscoring the need for robust safeguards to prevent hackers from taking over wellheads, production facilities, and petrochemical processing.
Looking for a trusted partner to help you navigate today’s evolving and complex cyber threats? With a 100% focus on energy, Stonebridge has a 30-year track record of keeping pace with the rapidly changing digital oilfield, IT/OT, and data security landscape. Contact us today to get started with a cybersecurity health check and business continuity plan.