Respondents from the energy sector are more confident than most in their ability to fend off the security threats posed by their IIoT deployments, and the steps to increase the security of IIoT-based solutions place the sector just ahead of the IIoT security index.

This level of maturity, while encouraging, masks some serious challenges for the sector. The energy industry is one that has long been susceptible to cyber-attacks. It is a prime target for criminal elements, though while in the past this may have been for financial gain, the industry is increasingly under threat from terrorists and rogue states.

One of the most famous examples of an energy-related security breach occurred in December 2015, when hackers attacked the Ukrainian power grid leaving 230,000 citizens in the dark by compromising information systems of three energy distribution networks.

Sadly, attacks on the sector are increasingly common. A report in March 2018 from the insurance and risk management group, Marsh,  revealed that about a quarter of respondents from the energy industry knew that their companies had been hit by a cyber-attack in the past year alone.

HOW MATURE IS THE ENERGY SECTOR’S APPROACH TO IIOT SECURITY? (%)

Laggards
Starters
Progressives
Leaders

HOW MATURE IS THE ENERGY SECTOR’S APPROACH TO IIOT SECURITY? (%)

Laggards
Starters
Progressives
Leaders

As a sector that has long been concerned about the implications of network vulnerabilities, IT managers within the energy industry should be well aware of the security pitfalls of IIoT and therefore be able to mitigate the risk.

Despite this, challenges persist and 99 per cent of respondents report facing security challenges of some sort. Around half cited the risk of external cyber-attacks (48 per cent) and the potential for IIoT data to be misused by employees (46 per cent) as a risk, while 42 per cent were concerned about the security of their networks.

Given the historical levels of threats in the industry it would have been a fair assumption that the sector would be well placed to deal with its security challenges, though seven in ten (74 per cent) agreed or strongly agreed that they should be doing more to beef up their protection against cyber-attacks. While this anxiety about cyber-attacks is reported by all sectors of the energy industry, energy extractors appear least prepared to deal with the challenge, with 85 per cent stating there was room for improvement.

MY ORGANISATION'S PROCESSES TO COMBAT CYBER SECURITY COULD BE STRONGER (%)

28% Strongly agree
46% Agree
22% Disagree
4% Strongly disagree

MY ORGANISATION'S PROCESSES TO COMBAT CYBER SECURITY COULD BE STRONGER (%)

28% Strongly agree
46% Agree
22% Disagree
4% Strongly disagree

While anxiety about cyber-attacks is reported across the energy industry, energy extractors appear least prepared to deal with the challenge

However energy companies, are taking remedial action to address their vulnerabilities. Looking at some of the specific actions taken to improve security, four in ten have upgraded their security technologies (43 per cent), and a similar proportion has invested training for employees and security policies.

Beyond this, 75 per cent of energy respondents reported that they were working with partners to ensure the ongoing security of their IIoT initiatives to some extent, while 55 per cent of extraction companies stated that they would outsource the security of their IIoT solutions as much as possible (compared to just 31 per cent of distribution), in reflection of the deeper skills shortages they face.

WHAT CHANGES TO SECURITY HAS YOUR ORGANISATION MADE, OR INTEND TO MAKE, TO ADDRESS IIOT SECURITY CONCERNS? (%)

Investing in new security technologies
Creation of internal IoT security policies
Training employees on IoT
Securing physical assets
Communicating to customers on use of IoT
Upgrading existing security technologies
Hiring skilled staff

WHAT CHANGES TO SECURITY HAS YOUR ORGANISATION MADE, OR INTEND TO MAKE, TO ADDRESS IIOT SECURITY CONCERNS? (%)

Investing in new security technologies
Creation of internal IoT security policies
Training employees on IoT
Securing physical assets
Communicating to customers on use of IoT
Upgrading existing security technologies
Hiring skilled staff
75%

are working with partners to ensure the ongoing security of their IIoT initiatives

There is good recognition among C-level execs about the potential vulnerabilities of IIoT: 17 per cent of energy respondents (and 29 per cent of distribution companies) say that CISOs (Chief Information Security Officers) are leading their IIoT projects, and they influence them in a further 38 per cent of cases – the highest reported level of CISO involvement of all the sectors in this report.

While the sector is clearly struggling with the new and evolving threats it faces, this level of CISO involvement indicates that many energy businesses are on their way to countering them.

FOR MORE INFORMATION ON THE RESEARCH, DOWNLOAD THE REPORT - INDUSTRIAL IOT ON LAND AND AT SEA: ENERGY

Press enter or esc to cancel