Cyber attacks on the energy sector will become increasingly common, putting property and life at risk, according to new research.

The Cyber Priority report by DNV, based on a survey of more than 940 energy sector professionals and interviews with industry bosses, found that more than 80% believe an attack is likely to cause operational shutdowns (85%) and damage to assets and infrastructure (84%). Seventy-four per cent expect an attack to harm the environment whilst 57% anticipate it will cause loss of life.

RIG_copy

Cyber attacks on the energy sector are an increasing likelihood Photo: DNV

“Our research finds the energy industry is waking up to the operational technology (OT) security threat, but swifter action must be taken to combat it. Less than half of energy professionals believe their OT security is as robust as their IT security,” said Trond Solberg, managing director, cyber security, DNV.

Whilst most believe their organisation is more vulnerable than ever before, many companies are taking a ‘hope for the best’ approach, says DNV.

Fewer than half of C-suite respondents believe they need to make urgent improvements and more than a third say their company would need to suffer a serious incident before investing in their defences.

Solberg likens this to the slow uptake of physical safety practices in the industry. “It took tragic events such as the Piper Alpha incident in 1988 and the Macondo disaster in 2010 for the industry to prioritise and institutionalise global safety protocols, and for tighter regulation to come into place,” he said.

In the maritime industry, incidents of cyber attackshave shot up in the past couple of years, according to Marpoint, which specialises in onboard internet solutions.

”With hundreds of thousands of unfilled cyber security jobs, we will witness a dramatic increase in this figure due to the continued growth of ransomware, data breaches, and other cyberattacks,” the ompany says.

“Shipping companies will find it increasingly difficult to protect their networks and data; hence the role of third-party cyber security partners such as Marpoint will become more significant.

”These efforts will be strengthened by AI and machine learning technologies to analyse vast quantities of data more quickly, detecting sneaky issues such as phishing attacks and insider threats.”

DNV recommends that the first step is to identify where critical infrastructure is vulnerable to attack. Also key in the fight against attacks is to invest in protecting the supply chain, ensuring that suppliers demonstrate compliance with best security practice.

Workforce training is also needed so that employees are better able to spot attacks and vulnerabilities.

Topics