Energy and utilities organizations are embracing modern technologies like the Internet of Things (IoT), 5G, and the cloud for the myriad benefits they bring. But these technologies also bring new cybersecurity challenges that pose a risk to their resilience, according to a survey released this week by MSSP LevelBlue.
Like other companies in critical infrastructure sectors, those in energy and utilities see the operational efficiencies such dynamic computing brings. However, these technologies also fuel demand for new security capabilities for tech environments that, for decades, had been kept disconnected from the internet and IT networks. This is a huge opportunity for MSSPs to step in and secure this critical sector.
“As traditional security measures become insufficient in the face of rapidly evolving cyber threats, energy and utility companies find themselves in a challenging position,” Theresa Lanowitz, chief evangelist for LevelBlue, told MSSP Alert. “The same technologies that drive innovation also expose them to new risks, making it crucial to balance technological advancement with robust cybersecurity practices.”
This rapidly evolving situation also opens up opportunities for MSSPs to contribute much-needed expertise to help organizations address this paradox.
“As cyber threats grow more sophisticated and complex, the demand for additional resources and MSSPs specializing in critical infrastructure sectors, such as energy and utilities, has increased,” Lanowitz said. “This trend is driven by the expanding attack surface created by emerging technologies and the urgent need for organizations to safeguard their assets effectively.”
Enthusiasm and Caution
For its 2024 Futures Report: Cyber Resilience in Energy and Utilities, LevelBlue – via marketing services firm FT longitude – surveyed 1,050 executives in such critical infrastructure sectors as transportation, financial services, healthcare, and manufacturing about their cybersecurity resilience strategies. The survey included 150 executives from the energy and utilities space.
The survey found that 75% of respondents said they plan to increase investments in dynamic computing technologies and AI strategies, with 75% expecting to work with more sophisticated supply chains and 85% betting on improved revenue and operations.
At the same time, most – 85% – recognize the security risks that will create. Regarding AI, 67% describe their companies as cautious or late adopters, but 74% said the technology’s benefits outweigh the risks. In addition, 79% understand their organizations are accepting a level of uncertainty about these risks.
The survey by LevelBlue – created in May when AT&T spun out its managed cybersecurity business – also found worries about their organizations’ views of security resilience. About 81% said there are barriers to their cybersecurity resilience strategies, and 77% said digital transformation is one obstacle. In addition, 73% said resilience is primarily the responsibility of cybersecurity teams and is not an enterprise-wide priority.
Also, 63% said cybersecurity is an afterthought for their organizations, 72% said their companies don’t invest in cyber resilience beyond cybersecurity, and 81% said budgets are reactive rather than proactive.
A Federal Focus
Critical infrastructure like energy and utilities has been a key part of the federal government since president Biden issued his cybersecurity executive order in May 2021 to bolster the security posture of the United States’ government agencies and private sector. This comes when interconnectivity and dynamic computing technologies are quickly being adopted by critical infrastructure organizations, and operational technology (OT) and IT continue to converge.
At the same time, organizations like healthcare facilities, government agencies, water and wastewater systems, financial services organizations, and similar critical infrastructure are coming under increasing attacks and are being targeted by foreign adversaries like Russia, China, and Iran.
“The inconvenient truth is that the escalation of the cyber threat coincides with an explosion in computing power – including AI and edge computing,” the report authors wrote. “This creates unprecedented innovation opportunities. … At the same time, securing dynamic computing requires new thinking.”
Help Is Needed
Organizations will need third-party help adopting this new thinking.
“There has been a notable increase in resources allocated to cybersecurity,” LevelBlue’s Lanowitz said. “By leveraging third-party expertise and resources, energy and utilities can enhance their security posture without overwhelming their internal teams. … Computing is only becoming more complex and unwieldy. Organizations of all types are seeking a strategic extension of their team.”
MSSPs can offer a range of services tailored to the needs of the energy and utilities sectors, lend an always-on presence, and have the latest knowledge of regulations, compliance, governance, and diverse endpoints, she said, adding that “MSSPs can also help shift organizations from a reactive to a proactive security approach and prepare teams for potential threats through a tailored resilience model.”
