In May 2021, an unthinkable cyberattack crippled the Colonial Pipeline’s digital infrastructure, capturing 100 gigabytes of data and preventing the US’s most significant refined fuel pipeline from maintaining normal operations. This critical pipeline, which provides 45% of the fuel for the East Coast, was inoperable for six days, initiating panic buying, gas lines, and a cacophony of internet hot takes critiquing the company’s response.
The incident cost the company millions in recovery costs while doing irreparable reputational damage to their brand, which is inextricably associated with this defining cybersecurity failure.
It’s also emblematic of the unique cybersecurity challenges facing the energy sector.
Energy companies are a top target for threat actors. The energy sector accounts for 16% of all officially documented cyberattacks, a number that has only increased alongside the recent pandemic. Collectively, the energy sector is the third most targeted industry by cybercriminals. Meanwhile, energy companies are protecting increasingly expanding attack surfaces as companies initiate new connections between informational technology (IT) and operational technology (OT).
Unfortunately, the energy sector shouldn’t expect cybersecurity risks to subside anytime soon. Instead, they should anticipate that cybersecurity failures will become more expensive, consequential, and disruptive moving forward.
#1 Cybersecurity incidents will be more expensive
#2 Cyberattacks will be more consequential
#3 Threat actors will be more disruptive