industry unlocked
organisation, or ransomware could be
used to demand a high pay-out. In the
first half of 2019 alone, there were nearly
50 new advisories from ICS-CERT and a
spate of new attacks, with LockerGoga
stealing the headlines.
Risk four: Third-party
fragmentation
There is significantly more third-party
involvement in energy firms than in
other companies, which leads to their
Attacks can be
deployed at a
nation-state level
to cripple a critical
organisation.
www.intelligentciso.com
|
Issue 18
networks becoming more distributed and
fragmented. The fact that they have more
ingress points than other verticals means
that there’s a far wider attack surface for
security teams to identify and to protect.
Risk five: Different devices for
different types of providers
There are different types of energy
provider – electric, gas, nuclear, etc –
each with a specific mix of specialist
devices. Therefore, it’s difficult to create
a directive which would have relevance
to the entire industry. The level of expert
knowledge required within the energy
sector’s security and engineering teams
is high, making it difficult to achieve
cross-departmental knowledge-sharing
and collaboration.
Risk six: Siloed teams
IT security and OT engineering teams
work in two different worlds. Their
objectives are misaligned, their skillsets
are not transferable and neither
understands how to protect the other.
To overcome this risk, organisations
within the energy market need to unify
management of their hybrid IT-OT
networks. They can achieve this by
eliminating silos between teams, gaining
full network visibility and understand
how both IT and OT impact each other
as well as the risks that each introduces.
In terms of protecting their OT devices,
these companies shouldn’t just look
at the software that runs the OT
devices, but the management software
used by the HMI (human-machine
interface) as well. This software often
remains unpatched and will likely run
outdated versions of Windows. If these
companies don’t act soon, they are
not only putting themselves at risk
financially but are also endangering the
wider economy and safety of the UK
citizens. The time to act is now. u
45