Outdated systems and technology put energy industry at risk of cybersecurity threats

Outdated systems and technology put energy industry at risk of cybersecurity threats
As cyber threats become more advanced and persistent, energy industry companies using outdated systems and technology to save money puts them at risk of cyber-attacks, warns a new report published this month.
The report by security firm F-Secure lists phishing as the most popular method of infiltration due to outdated systems, technology, poor security, prioritisation and awareness.

According to the report, critical infrastructure (CNI) sites and energy distribution facilities are being targeted on a huge scale, and an increase in interconnected systems in the energy industry increases the level of vulnerabilities where cyber-attacks can go undetected for some time.

Whilst energy companies seek to ‘save costs in the face of lower oil prices by consolidating operations', the report states this is weakening business resilience and redundancy levels, meaning it will take much longer for companies to recover from destructive cyber-attacks.

The report states ‘this gives rise to new, single critical points of failure, with any disruption across the supply chain potentially having increased consequences’, and notes that cyber-attacks have always been directed towards the huge amount of programmable logic controllers (PLCs) being used throughout the energy industry.

It is reported that connecting industrial control systems to the internet, as well as enterprise networks, is on the rise, and this coupled with less backups and an ‘increased dependency on fewer facilities’ are all contributing to the vulnerabilities highlighted in the energy industry today.

The problem with legacy devices

A threat researcher at F-Secure states he doesn’t think that we have seen it all yet, adding that ‘espionage and sabotage attacks against CNI organisations have increased over the years’.

Additionally, the report has highlighted that increased connectivity is risky, owing to the considerable number of CNI systems that are in use today which were pre-installed before ‘round the clock internet connections were the norm’.

As a result, the majority of the connected OT components which have remote operation capabilities ‘are either partly or entirely lacking in security protocols’. When these systems were manufactured, legacy protocols and systems didn’t have the built-in security controls that many current products come with as standard, opening them up to major vulnerabilities.

Whilst breaches are a certainty, the report encourages energy organisations to top review their cybersecurity position to include the latest security technology in order to avoid major disruptions.
Get in touch
Our technical sales team are ready to answer your questions.
T: +44 (0)1782 337 800 • E: sales@impulse-embedded.co.uk
+44(0)1782 337 800
WE'RE HIRING!If you are looking for a new and exciting challenge please take a look at our recruitment page
Great service
Oct 2021
+44(0)1782 337 800
MediaNewsOutdated systems and technology put energy industr...