The energy sector has become a prime target for cyberattacks, with successful breaches posing severe risks to national security, economic stability, and public safety. Luckily, the industry is standing up and taking notice, with two-thirds of energy professionals (65%) now saying their leadership now sees cybersecurity as the greatest risk to their business.
This was one of the findings from the latest Energy Cyber Priority report from DNV Cyber, which revealed not only a growing awareness among energy professionals but also a significant uptick in cybersecurity investment.
But what is driving this heightened awareness? The answer lies in the high stakes of energy infrastructure, the rise of sophisticated attacks, and the shifting geopolitical landscape.
Attacks against the energy sector are not theoretical—they have already happened, with severe consequences. Some of the most infamous cyber incidents hammer this home:
Lessons from the Trenches
Attacks against the energy sector are not new, but their frequency and sophistication have skyrocketed in recent years. Some of the most notorious incidents shine a light on the devastating consequences of cybersecurity failures:
Colonial Pipeline (2021): A ransomware attack drove the largest fuel pipeline in America offline, which resulted in widespread fuel shortages, panic buying, and disruption. The attack, attributed to the DarkSide cybercriminal gang, exposed serious vulnerabilities in operational technology (OT) networks.
SolarWinds (2020): This supply chain attack, attributed to Russian state-sponsored actors, found its way into a slew of US government agencies and energy entities, demonstrating the risks that go hand in hand with third-party partners and the need for better supply chain security.
Stuxnet (2010): Widely considered the first weaponized malware, or cyberweapon, this sophisticated computer worm Stuxnet targeted Iranian nuclear facilities, destroying hundreds of centrifuges used to enrich uranium. This effectively showcased the potential for cyber warfare to disrupt or even cripple critical infrastructure.
Ukraine Power Grid Attack (2015): Russian cyber operatives successfully disrupted Ukraine’s power grid, leaving hundreds of thousands without electricity. This attack forcefully brought home the vulnerabilities of industrial control systems (ICS) and the potential for cyber incidents to escalate into massive, geopolitical crises.
The Driving Forces Behind Energy’s Cybersecurity Boom
These, and many other incidents, stress the urgent need for robust cybersecurity in the energy sector—and as the industry’s digital transformation accelerates, securing OT and IT networks becomes more pressing.
Looking at the current state of affairs, geopolitical tensions, evolving attack methods, and the rapid digitalization of energy infrastructure are all adding fuel to the fire. The findings from the report reveal several critical insights.
Leadership is Prioritizing Cybersecurity
One of the most notable takeaways from the report is that cybersecurity is now a boardroom issue. A whopping 78% of energy professionals believe their leadership understands cyber risks, marking a major improvement in executive awareness.
This shift is critical because cybersecurity strategy and investment decisions start at the top. Leadership buy-in ensures that entities allocate the resources needed to implement robust cybersecurity frameworks, invest in advanced threat detection and response systems, and develop incident response plans to limit downtime and cut financial losses.
This recognition at the highest levels will make sure cybersecurity is no longer viewed as just an IT issue, but as a business risk that affects operational continuity, regulatory compliance, and financial stability.
Employee Training is Reaping Rewards
While technology plays a key role in cybersecurity, human factors remain one of the biggest vulnerabilities. However, the report indicates a significant improvement in employee readiness.
Some 84% of professionals claimed they know exactly what to do when faced with a cyber threat.
Firms are focusing on security awareness training to educate employees about phishing, insider threats, and social engineering tactics.
This investment in training strengthens human defenses and cuts the risk of human error leading to a security breach.
Given that many cyberattacks originate from phishing or social engineering tactics, well-trained staff serve as a ‘human firewall’ and the first line of defense against potential threats.
OT Security is Never OTT
With the energy sector relying heavily on ICS and OT, securing these systems is a growing priority. The report reveals that:
More than two-thirds (67%) of respondents expect increased OT security investment.
Cyber threats targeting power grids, oil refineries, and renewable energy systems are becoming more frequent and sophisticated.
Securing OT is particularly tricky because many legacy systems were not designed to be connected to the internet, never mind, with cybersecurity even a factor. Unlike traditional IT environments, OT systems cannot always be patched or updated easily—continuous operation requirements, compatibility issues, and vendor constraints—making them vulnerable to attacks like Stuxnet, which specifically targeted industrial control systems.
To address these challenges, energy companies are segmenting OT and IT networks to limit attack pathways and deploying endpoint detection solutions specifically to monitor for anomalous activity in industrial environments.
Some are even adopting zero-trust security models to see that only sanctioned users can access critical infrastructure, and as energy companies expand their use of IoT-connected sensors, smart grids, and automated systems, securing OT will be a continuous and evolving process.
Tension at the Top
Unfortunately, cybersecurity in the energy sector is no longer just about preventing malicious activity—nation-state threats and actors have become a major concern.
A full three-quarters (75%) of organizations have intensified their cybersecurity efforts due to rising geopolitical tensions.
Almost the same number (72%) are fearful of foreign-directed cyberattacks, up from 62% in 2023.
These fears, in conjunction with real-word examples like that of Ukraine, reveal how nation-states can use cyber warfare to disrupt critical infrastructure as part of their ladder of escalation.
Energy companies are now reassessing their security postures to strengthen defenses against state-sponsored hacking groups by improving intelligence sharing with government agencies and industry partners and implementing resilience strategies to ensure operational continuity even during an attack.
With energy infrastructure playing a critical role in national security, protecting it from geopolitical cyber threats has to be a top priority.
Old Dogs, New Tricks
While nation-state threats have the energy sector in their crosshairs, increasingly sophisticated adversaries—some of whom could be much closer than expected, perhaps even just down the hall in the next office—are also ramping up their attacks. The report revealed that:
Concerns about cybercriminal gangs have jumped from 50% in 2023 to a staggering 79% this year.
The insider threat is also rising, with 62% of professionals worried about internal risks, compared to 51% last year.
Ransomware gangs and financially motivated cybercriminals recognize the high value of disrupting energy supply chains. They carry out ransomware attacks, demanding multi-million-dollar payouts to restore operations, sometimes even employing double and triple extortion methods, in which they threated to publicly release data if victims don’t pony up.
Supply chain attacks are also on the rise, compromising third-party vendors and usint them as a stepping stone to gain access to energy networks. Old tricks, such as phishing and credential theft, remain popular, tricking employees into granting access to critical systems.
To counter these risks, organizations are investing in zero-trust access controls to limit internal threats, as well as extended detection and response (XDR) solutions to root out malicious activity. Some are even turning to advanced authentication measures like biometrics and hardware security keys.
A Double-Edged Sword
The global shift towards renewable energy and digital transformation is at the heart of sustainability—but it is also a double-edged sword for the cybersecurity industry.
Interconnected energy systems increase the attack surface, making it easier for hackers to move laterally across networks, performing reconnaissance and exfiltrating information. Moreover, third-party integrations (such as cloud-based monitoring platforms) create potential vulnerabilities, while AI-driven automation improves efficiency but also arms attackers with an arsenal of new attack vectors and weapons if not properly secured.
According to the report, 49% of energy professionals acknowledge that cyber risk is an unavoidable trade-off for innovation. This means companies must:
Implement secure-by-design principles when deploying new technologies.
Conduct regular cyber risk assessments to identify and mitigate vulnerabilities.
Prioritize incident response planning to ensure rapid recovery from cyberattacks.
While digital transformation is accelerating, cybersecurity has to evolve at the same pace to prevent disruptions.
The Resilience Revolution
Energy companies can no longer afford to treat cybersecurity as an annoying afterthought. The findings from the Energy Cyber Priority report cannot stress enough how proactive security strategies are essential.
Entities in this sector who wish to survive and thrive, have no choice but to continuously invest in cybersecurity tools, employee training, and advanced threat detection. They must build stronger defenses for operational technology (OT) to secure critical infrastructure, and fuel greater collaboration between industry players and governments to combat nation-state threats.
Importantly, they need to recognize that cybersecurity is just as critical as physical security, after all, cyberattacks on the energy sector are not a future risk—they are happening now.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor and do not necessarily reflect those of Tripwire.
