September 21, 2015 By Rick M Robinson 2 min read

Information sharing about cyberthreats and cybersecurity is a key element of protection for every industry. Malicious attackers share information, and their intended victims also benefit from sharing what they learn about ongoing and potential threats.

But sharing threat and security information is particularly critical for the energy sector for a variety of related reasons. First and foremost, the electrical grid and other energy-related facilities are practically the definition of critical infrastructure. Major disruption or damage to these facilities could cause serious financial and economic dislocations at a minimum, and the potential for catastrophic damage is very real.

The World’s Largest Machine

Adding to the critical nature of energy industry cyberthreats is the nature of potential attacks and attackers. Cyberattacks against firms in other industries are typically launched by criminal groups that are in it for the money. But while energy firms might be threatened by cyber blackmail, attackers are more likely to be aiming at destruction or disruption via acts of cyber terrorism or cyber warfare.

Such attacks can be expected to be both exceptionally sophisticated and dangerous. Moreover, the North American electrical grid in particular is highly interconnected, so much so that it has been characterized as the world’s largest machine, as noted by InsideCounsel. Any disruption of this system can propagate through the grid almost instantaneously, without regard to which organizations own or operate the facilities where the initial disruption occurs.

These concerns have existed within the energy industry and government cybersecurity organizations for some years. As early as the 1990s, the Clinton administration issued directives that led to the formation of the North American Electric Reliability Corporation (NERC), a public-private partnership organization tasked with safeguarding the electrical grid. This agency then established a Critical Infrastructure Protection (CIP) program.

But the looming Internet of Things (IoT) promises to greatly magnify the challenge of protecting energy infrastructure from cyberattacks. As facilities and their components go increasingly online, their vulnerabilities increase, as well — as does the need for protective information sharing.

Information Sharing in a Regulated Environment

The energy sector is also highly regulated, complicating the process of information sharing among energy firms and other relevant players. On the one hand, firms must provide certain types of information to regulatory agencies as a matter of compliance. On the other hand, rules originally designed to prevent financial collusion may restrain firms from sharing specific data.

The result is a complex legal environment. Thus, InsideCounsel advised energy firms that are planning on information sharing to consider possible implications for legal liability, as well as the potential consequences of divulging information to competitors or the public.

In short, cybersecurity information sharing in the energy industry is both critical and complicated — and growing more so in both respects. And it is not only a concern for the energy industry itself. As cyberthreats grow more sophisticated and the world becomes increasingly interconnected, the security and communication concerns of the energy industry are pointing toward the future of cybersecurity for all industries.

More from Energy & Utility

Water facilities warned to improve cybersecurity

3 min read - United States water facilities, which include 150,000 public water systems, have become an increasingly high-risk target for cyber criminals in recent years. This rising threat has demanded more attention and policies focused on improving cybersecurity.Water and wastewater systems are one of the 16 critical infrastructures in the U.S. The definition for inclusion in this category is that the industry must be so crucial to the United States that “the incapacity or destruction of such systems and assets would have a…

The UK energy sector faces an expanding OT threat landscape

3 min read - Critical infrastructure is under attack in almost every country, but especially in the United Kingdom. The UK was the most attacked country in Europe, which is already the region most impacted by cyber incidents. The energy industry is taking the brunt of those cyberattacks, according to IBM’s X-Force Threat Intelligence Index 2024.The energy sector is a favorite target for threat actors. The complexity of systems and the reliance on legacy OT systems make them easy prey. Because of the critical…

Third-party breaches hit 90% of top global energy companies

3 min read - A new report from SecurityScorecard reveals a startling trend among the world’s top energy companies, with 90% suffering from data breaches through third parties over the last year. This statistic is particularly concerning given the crucial function these companies serve in everyday life.Their increased dependence on digital systems facilitates the increase in attacks on infrastructure networks. This sheds light on the need for these energy companies to adopt a proactive approach to securing their networks and customer information.2023 industry recap:…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today