Early warning systems—including AI-powered, real-time alerting solutions—are more important than ever before as operational and information technologies continue to evolve and overlap.
For decades, organizations have categorized technology as either operational technology (OT)—which manages and controls physical systems and processes—or information technology (IT), which focuses on creating, processing, storing and exchanging electronic data. But the line between the two is increasingly blurred thanks to the growing reliance on and usage of digital systems and technologies like Internet of Things (IoT) and Industrial IoT (IIoT) devices.
For energy companies, this trend can be seen at work in nearly all their physical systems and equipment, from smart meters to acoustic sensors that monitor the flow of oil through a pipeline. As such, those in the energy industry are forced to rethink how they manage both OT and IT and the risks inherent in each.
Many have responded by integrating the two. When done right, companies can increase efficiencies and reduce costs across the business. However, energy companies must not lose sight of the additional risks that often come with integrating OT and IT.
Integrated systems, increased cyber risk
Cyberattacks that affect OT systems have real world consequences. Well over a decade ago, the Stuxnet worm was deemed responsible for burning out the centrifuges of a uranium enrichment facility in Natanz, Iran. What began as a threat in the digital domain—thought to be transmitted using compromised USB drives that infected the facility’s internal network—quickly found its way into OT systems, causing a significant amount of damage.
Or take, for example, the 2014 spear-phishing attack on an unnamed steel mill in Germany. It overrode industrial control systems and caused the mill’s furnace to malfunction. In 2022, cyberattacks targeting oil loading facilities caused massive issues for Amsterdam-Rotterdam-Antwerp (ARA) and German oil refining hubs. Tankers were prevented from being able to load up and many were forced to divert to other terminals in the region.
These examples show how quickly weaknesses in IT-based systems can affect OT. The reverse is also true. Although many OT systems are connected to the Internet, like those used to control water and gas plants, they were not designed to do so. Therefore, vulnerabilities inherent in operational technology often puts energy companies’ IT ecosystems at risk for cyberattacks.
Sometimes those vulnerabilities provide cyber criminals with direct access to an energy company’s network. For example, a successful attack on an IoT installation—like a smart meter network—could drive malware back into corporate IT systems including procurement, billing and customer relationship management (CRM) applications. While there might not be any ramifications to physical operations, the effects on the energy company’s digital world would be significant—taking down contact centers, web portals and more.
Although such cyber threats are not new to the energy industry, the growing integration of operational and information technology means that the air gaps—where systems are isolated or physically separate—between the two are quickly beginning to disappear. As a result, energy companies must be ready to defend against an increasingly broad and rapidly evolving attack surface.
Managing risk in a hyperconnected world
Energy companies are rightly investing in a wide range of cybersecurity measures and
solutions that aim to eliminate vulnerabilities and protect their networks against both known and unknown threats. These investments include real-time risk detection technology and tools that allow organizations to identify risks and critical events as soon as they happen—a capability that can be instrumental in determining how well an organization can mitigate risks and maintain business continuity.
Such tools give energy companies a comprehensive view of threats to both their IT and OT systems. Take for example, real-time alerting solution Dataminr Pulse. In 2021, Dataminr alerted its customers to network issues related to the Colonial Pipeline attack a full day before full media coverage began. This allowed customers to respond faster and mitigate risks more quickly.
In 2022, Dataminr customers received early warnings of cyberattacks against European oil refining ports and an attack against satellite provider Viasat. This latter incident resulted in the loss of remote access to almost 6,000 wind turbines.
Access to real-time data enabled a consistent response to each. Not only were customers able to contextualize the attacks against a wider backdrop, they could also implement contingency plans, address any vulnerabilities in their own systems and better protect themselves against future risks.
This kind of early warning system is more important than ever before as operational and information technologies continue to evolve and overlap.
Learn more about Dataminr Pulse and how it can help energy companies mitigate known and unknown risks to OT and IT systems.