The actress Sharon Stone famously noted that the world’s greatest dancer was not, as commonly considered, Fred Astaire. Rather, it was Fred’s dancing partner Ginger Rogers, who matched every step that he did, but backwards and in high heels. A somewhat similar thought arises concerning Sir Isaac Newton, who not only wrote a book, “The Principia,” which largely originated the modern fields of energy, gravitation, celestial motion and calculus, but he also wrote it in Latin.

Latin was, of course, the lingua franca, or universal operational language, of the educated West for more than 1,000 years. In 2015, perhaps we can say that our own lingua franca is Internet Protocol (IP). Throughout the world, it is now common to have a modern enterprise that — often unknown to management — is entirely based on IP linking from computers to desktops, video systems, telephones, radios, mobile devices and even safety alarms.

The Energy Industry Bucks the Trend

Until very recently, one exception to this IP monoculture could be found in the energy industry, each aspect of which (e.g., oil, gas, electricity, bulk transport, geothermal, solar, etc.) has its own complex technological and operational underpinnings and business ecosystems. In those industries, there was often a bifurcation between information technology (IT) and operational technology (OT).

Generally, the IT systems comprised traditional administrative, financial and technical computers, all using IP to communicate. The OT systems had a wide variety of little-known, arcane and obscure communications interfaces and protocols. The most publicly known subset of OT was found in supervisory control and data acquisition (SCADA) systems, which directly managed pipes, processes, relays, motors, circuit breakers and other complex and potentially dangerous devices.

Due to a variety of business, environmental, technical and operational drivers, there began to be a convergence of IT and OT in the early 21st century. The consumer-driven capabilities of IT became increasingly powerful while the OT systems needed to become rapidly digitized for such things as oil exploration, optimum refinery controls, pipeline operation, rapid and dynamic energy routing and consumer distribution.

Security in the Energy Industry

Unfortunately, as with other industries, certain security problems immediately became all too clear for the energy industry. Some general themes were:

  • Unlike most well-secured and closely monitored IT, any OT deficiencies could have immediate and enormous real-world consequences, such as sewage valves opening, generators exploding, etc. There were no second acts for OT security failings.
  • Many utilities were not fully aware whether their systems — both OT and IT — could be hacked, had already been hacked or were being analyzed to be hacked in the near future.
  • The air gap that formerly existed between OT and IT was no longer operable. The Hollywood picture of a skilled energy expert wearing immense protective gloves and pulling a giant switch did not always occur. In fact, there were often numerous virtual connection points throughout a utility’s system, which was not needed for human operation.
  • As with many other industries, there had been deperimeterization even outside the enterprise. Utilities’ co-petition had replaced competition — everyone is everyone else’s customer/competitor/carrier/partner/vendor/supplier.
  • Revenue threats from other energy sources impeded rapid upgrade of systems.

Fortunately, via cognitive energy, new countermeasures and compensating controls — educational, operational, managerial and technical — can help bring such risks to an acceptable level.

Some of these ideas hark back to Newton and “The Principia. In the 17th century, Newton proved that energy can be transformed, but not destroyed. Newton’s 20th-century heir, Albert Einstein, took this a step further and proved that energy could be equivalent to matter, which has led to relativity theory, atomic energy and many other advances. And in the 21st century, Stephen Hawking proposed that even information cannot be completely destroyed, it must be conserved or transformed.

Making Cognitive Energy Practical

In a practical manner, we can now, via cognitive energy principles, apply to IP-enabled OT those rigorous techniques formerly only amenable to IT. We can also apply to IT the many safety, availability, reliability and sustainability processes that were formerly the sole domain of OT. In other words, equivalent protection can be applied to the waveform of a tablet’s USB connection (say, 1 gigahertz and 5 volts) as well as to a high-voltage transmission line (60 hertz and 745 kilovolts).

There are many products that can be customized for both OT and IT as well as industry-specific consulting skills. Organizations in the energy industry should also search for solutions that can be deployed in a judicious and balanced manner based on intelligence information shared among hundreds of other enterprises from other highly regulated, mission-critical industries.

In the 17th century, Francis Bacon said, “Et ipsa scientia potestas est,” which is roughly translated as: “Knowledge itself is power.” In our century, the equivalent may be “Data is the new natural resource.” It’s not only the power of information, but also the knowledge of and about power — and the protection of data throughout its life cycle — that is essential to every phase of energy exploration, storage, generation, transmission and billing. Thus, secure, efficient and sustainable energy intermediation is crucial, be it the flow of bits, bytes, bucks, barrels of oil or information.

More from Energy & Utility

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

The UK energy sector faces an expanding OT threat landscape

3 min read - Critical infrastructure is under attack in almost every country, but especially in the United Kingdom. The UK was the most attacked country in Europe, which is already the region most impacted by cyber incidents. The energy industry is taking the brunt of those cyberattacks, according to IBM’s X-Force Threat Intelligence Index 2024.The energy sector is a favorite target for threat actors. The complexity of systems and the reliance on legacy OT systems make them easy prey. Because of the critical…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today