Fortinet Industry Perspectives
This is a summary of an article written by Rick Peters, CISO, Operational Technology, North America at Fortinet. The entire article can be accessed here.
As energy and utility companies undergo digital transformation, they face unique challenges when it comes to cybersecurity, especially in recent weeks. Because they provide critical infrastructure services, they are very attractive to cybercriminals. The majority of the core functions of these organizations occurs within their OT networks, which were once isolated from cyberattacks. But as IT and OT environments converge, OT devices are now being targeted by threat actors that are demanding ransom, stealing trade secrets, and engaging in cyber warfare.
While these companies have similar vulnerabilities to those in other sectors, their expanded digital footprint across diverse supply chains, transportations, and delivery systems increase their risk of falling victim to cyberattacks. What's more, many of the traditional security tools that work in other sectors simply will not work in the OT environment.
When working to address this issue, it is important to understand just how widespread the challenge is – more than half of organizations have experienced a breach in their ICS or supervisory control and data acquisition (SCADA) systems. Because of the prevalence of these cyber risks, there are several solutions that leaders must put into place to defend against these complex cyber threats.
The potential for a cyberattack on our energy and utility companies needs to be addressed by leaders in the industry, and without a moment to spare. Lack of awareness, heightened focus on transformation without regard to security, and a spending gap has all contributed to increased risk across these critical infrastructure environments. Fortunately, thanks to mounting awareness of these threats, cybersecurity is quickly becoming a top priority for most energy and utility companies.
The question is, what can cybersecurity teams do to quickly protect their OT environments? The answer boils down to four key strategies:
Cyber threat actors and adversaries lurk everywhere, targeting energy and utility companies with a vengeance not commonly seen in other sectors. As guardians of our critical infrastructure – including energy grids, mining and drilling operations, refineries, energy transportation and pipelines, and materials companies – the security teams who work in these organizations have an enormous challenge ahead of them. The four strategies outlined above are their building blocks for success in outmaneuvering cyber criminals seeking to harm our critical infrastructure.
Learn how Fortinet can help you extend security and maintain compliance in any ICS/SCADA-connected environment.