The energy industry faces significant and unique cybersecurity challenges due in large part to the global supply chain and associated geopolitical risks. Among the key contributing factors are industry pressures such as increased distributed and renewable generation, increased reliance upon energy services from end users, significant market pressures on product prices and production costs, as well as rising geopolitical tensions.
These industry challenges are further compounded by technological changes such as the strengthening trend of digitization of operational technology (OT) systems, increasing connectivity (loss of the air gap), as well as interdependencies with other critical infrastructure and transportation. The resulting interaction with significant cybersecurity risks greatly magnifies the potential for business disruption to organizations in the energy industry.
The growing reliance upon and complexity of digital OT systems across the energy sector results in a greater susceptibility to wide-spread disruptions. To ensure we stay ahead of these trends, IOActive has long been looking into the cyber-induced grid-level effects of other cybersecurity vectors that could produce large-scale shut ins to production and shutdowns in distribution.
IOActive first demonstrated a worm to attack smart meters in 2009. Over the years, we have built upon that research by proving attacks on SCADA radios used in pipeline and bulk electric systems, as well as mobile applications for ICS systems that cross the air gap.
IOActive’s application of original research into cybersecurity threats facing embedded systems and other core operational technologies coupled with our team’s experience conducting numerous private cyber assessments across the entire energy supply chain has helped our global energy clients identify and manage risks to their products, customers, and society. IOActive helps our clients discover latent risk in their systems and build safe, resilient operations to deliver the level of service their customers depend upon.