Get to Know the Energy Sector

Learning Objectives 

After completing this unit, you’ll be able to:

• Identify the various components that make up the energy sector.
  
• Compare passive defense measures versus active defense measures.
  

Before You Start

If you completed the Cyber Resilience Program Development module, then you already know what cyber resilience is. You understand why we care about it, what you have to do to establish it, and how members of the board can promote and strengthen an organization’s cyber resilience. Now let’s dig into this topic a bit more by exploring how it manifests in the energy sector. As one of the world’s most complex industries makes a multifaceted transition–from analogue to digital, centralized to distributed and fossil-based to low-carbon–managing cyber risk and preventing cyberthreats are quickly becoming critical to company value chains.

This module was produced in collaboration with the World Economic Forum. Learn more about partner content on Trailhead.

The Energy Sector

There are multiple critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital that their incapacitation or destruction would have a debilitating effect on physical security, economic security, public health and safety, or any combination thereof. The energy sector is one of these critical sectors.

The energy sector plays a critical role in supplying electricity, oil, and natural gas to power homes, businesses, and industries worldwide. Without a stable energy supply, our health and the global economy would be severely impacted. Your residence likely receives its energy from an electrical grid, which is an interconnected system that transports electricity from power plants or other sources of energy to wherever it is needed. Oil and natural gas are primarily used in the energy sector as the source for burning to generate electricity. They are also used in furnaces or boilers, to power commercial buildings and some residential homes. 

The energy sector is part of the Operational Technology/Industrial Control Systems (OT/ICS) industry. While OT is the broad range of technology used in the management and control of physical systems, ICS is the more specific term that refers to the technology used to control industrial processes. The ICS are often connected to the internet, making them vulnerable to cyberattacks. 

For example, wind turbines are an ICS used to generate electricity by harnessing the power of the wind. They are equipped with sensors that measure wind speed and direction and adjust the position of the blades to optimize energy production. The data collected by these sensors is sent to a control center, where operators can monitor the turbines’ performance and make adjustments as needed to maximize energy output. Other internet connected ICS are solar panels, gasoline pumps, and smart thermostats. 

The Threat Landscape

Cyberattacks on the energy sector and ICS are different from traditional attacks on enterprise networks so they require a different set of security skills, technologies, processes, and methods to manage the risks involved. Adversaries targeting ICS have specialized knowledge of control system components, industrial protocols, and engineering operations. In addition, the energy sector’s adoption of new technologies like artificial intelligence (AI), Internet of Things (IoT), blockchain, and big data has increased the sector’s attack surface and attackers’ ability to bypass traditional cybersecurity measures. 

In the energy sector, once safety and operational impacts from a cyberattack are seen, it’s often too late to prevent the damage. Unlike other sectors where the attack effects may be reversible or repairable, a cyberattack in the energy sector can lead to catastrophic consequences, such as system failures or physical damage to the infrastructure. 

Therefore, it is crucial for energy companies to take proactive measures to prevent such attacks from happening in the first place. Active defense must be a priority for maximized security and operational resilience.

Passive Defense vs Active Defense

Passive Defense

Passive defense can be compared to locking doors and windows to prevent intruders from entering, whereas active defense can be compared to a security guard fervently searching for potential threats and taking action to counter any threats identified. 

Passive defensive measures enhance security without requiring frequent and direct involvement from security personnel. The defensive measures only need occasional updates and tuning to maintain their effectiveness over time.

In contrast, active defense measures entail regular involvement from security personnel to detect and combat threats against the system. This proactive approach requires continuous monitoring and analysis of possible threats, along with prompt and effective action to contain any security breaches that occur.

In typical IT enterprise networks, cybersecurity is the use of passive defense measures to safeguard systems and data, prevent unauthorized access to networks, and detect potential threats. Tools used in these networks include: 

• Firewalls
  
• Intrusion detection systems (IDS)
  
• Antivirus and anti-malware software
  
• Vulnerability scanners
  
• Data encryption solutions
  

Active Defense

Active defense (like threat hunting) is a context-aware, intelligence-driven approach. The network tools and methods are designed to prevent malicious activity from happening in the first place. Active defense tools and methods include: 

• Threat intelligence platforms (TIPs): TIPs are tools that bring all the information about potential cyberthreats to one place. They collect data from different sources, like the internet or private feeds. And they help security teams stay informed about new threats (for example, Malware Information Sharing Platform, Open Cyber Threat Intelligence).
  
• Threat hunting tools: Threat hunting tools use advanced analytics and machine learning algorithms to proactively search for potential threats. They can be used to identify suspicious behavior that may not be detected by other security tools (for example, OSQuery, Snort, Suricata).
  
• Deception technologies: Deception technologies use decoys, traps, honeypots, and other techniques to lure attackers into revealing their tactics and techniques. Think of a decoy house filled with valuable items designed to lure in burglars. Just as the decoy house is not a real living space, honeypots and other deception technologies are not real networks or systems. They are sacrificial computer systems intended to attract cyberattacks, like a decoy. Honeypots mimic a target for hackers, and use hackers’ intrusion attempts to gain information about them and the way they’re operating or to distract them from other targets (for example, Honeyd, Deception Toolkit, Modern Honey Network).
  
• Artificial intelligence and machine learning: AI and machine learning algorithms can be used to analyze large volumes of data and identify patterns that may indicate potential threats. They can be used to detect and respond to suspicious behavior in real time, enabling security teams to take proactive measures to mitigate potential threats.
  
• Context-driven behavior analysis: Context-driven behavior analysis involves analyzing network traffic and other data sources to identify suspicious behavior based on the context of the activity. It can be used to identify potential threats that may be missed by other security tools.
  

Overall, cybersecurity encompasses passive measures to protect and secure digital systems and data, while active defense involves proactive measures to detect and disrupt threats.

Knowledge Check

Ready to review what you’ve learned? The knowledge check below isn’t scored—it’s just an easy way to quiz yourself. To get started, drag the term in the left column to the appropriate defense category on the right. When you finish categorizing all the items, click Submit to check your work. To start over, click Reset.

Great work! Now that we’ve reviewed the threat landscape of the energy sector and the differences between passive and active defense, let’s explore active defense frameworks.

Resources 

• Trailhead: Cyber Resilience in the Oil and Gas Industry
  
• External Site: The World Economic Forum (WEF): Strengthening the Cybersecurity of the Power Grid 
  
• External Site: The World Economic Forum (WEF): Cybersecurity in the Energy Industry: Why Working Together Across the Value Chain Is Vital for Resilience
  
• External Site: Neurosoft.gr: The Electric Avenue: An Overview of the Energy Sector’s Threat Landscape
  
• External Site: International Energy Agency: World Energy Outlook 2022