Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Energy. Show all posts
Vendors
Breaches Clean Energy Cyber Security Energy IT Security Ransomware resilience Risks Supply Chain Vendors

Energy Sector Faces Heightened Supply Chain Risks Amid Growing Dependence on IT and Software Vendors

 

The energy industry is experiencing a sharp increase in supply chain risks, largely driven by its growing reliance on external vendors. According to a recent report, two-thirds of security breaches in this sector now originate from software and IT vendors.

The study, conducted by SecurityScorecard and KPMG, titled "A Quantitative Analysis of Cyber Risks in the U.S. Energy Supply Chain," draws attention to frequent threats, including ransomware attacks targeting traditional IT systems.

Researchers have emphasized that as the transition to cleaner energy picks up pace, and as the grid becomes more interconnected and software-reliant, vulnerabilities in the energy sector are expected to increase.

Ryan Sherstobitoff, senior vice president of threat research and intelligence at SecurityScorecard, stated, “The energy sector's rising dependence on third-party vendors exposes a significant vulnerability—its security is only as robust as its weakest link."

He added that this growing reliance on external vendors introduces considerable risks, urging the industry to strengthen cybersecurity defenses before a breach escalates into a national crisis.

The report highlighted that third-party risks account for nearly half of all breaches in the energy sector—significantly higher than the global average of 29%. Over 90% of organizations that experienced multiple breaches were attacked through third-party vendors.

Additionally, the report found that software and IT vendors were responsible for 67% of third-party breaches, while only a small number were linked to other energy companies. A notable portion of these incidents stemmed from the MOVEit file transfer software vulnerability, which was exploited by the Clop ransomware group last year.

The report also pointed out application security, DNS health, and network security as some of the most significant weaknesses in the sector.

The findings come at a time when the U.S. Department of Energy is convening with energy sector leaders to promote the Supply Chain Cybersecurity Principles, urging companies to focus on reducing risks posed by software and IT vendors, which represent the highest third-party threats.

As part of this effort, energy operators are encouraged to ensure new technology purchases are secure by incorporating initiatives like CISA’s "Secure by Design" and following the Department of Energy’s Supply Chain Cybersecurity Principles. The industry must also bolster security programs to defend against supply chain risks and geopolitical threats, especially from nation-state actors, and analyze ransomware attacks affecting foreign counterparts to improve resilience.

“The energy sector is a complex system undergoing a significant generational shift, heavily reliant on a stable supply chain," said Prasanna Govindankutty, KPMG's principal and cybersecurity leader for the U.S. sector.

He further explained that with rising geopolitical and technology-based threats, the industry is facing a level of risk exposure that could negatively impact both businesses and citizens. Organizations that can quantify these risks and implement mitigation strategies will be better equipped to navigate the energy transition.
Read more »
Technology
Energy Oil ransom payments Ransomware Technology

Securing the Grid: How Ransomware is Targeting Energy and Oil Sectors


According to a new analysis from cybersecurity firm Sophos, ransomware attacks are hitting the energy and oil and gas sectors harder, costing utilities more in recovery time and money as victims appear to be more inclined to pay ransom demands.

Ransomware Attacks: A Growing Threat

The report examines ransomware's impact on critical infrastructure firms and is based on more than 200 responses from a larger survey of 5,000 cybersecurity and IT leaders conducted in January and February. Sophos reported that the global ransomware attack rate appears to be decreasing. Still, researchers discovered that recovery times for energy, oil and natural gas, and utilities have been gradually growing since at least 2022.

This slowness could represent the increased complexity and severity of attacks, needing more recovery labor. According to the paper, this also implies a rising lack of recovery planning.

Vulnerabilities in the Energy Sector

According to the report, more than half of energy, oil and gas, and utility ransomware victims required more than a month to recover, up from 19% in 2022.

The Biden administration has spent recent months warning about Chinese-backed infiltrations into sensitive civilian and military critical infrastructure. Security officials have stated that the "Volt Typhoon" hackers may attempt to impair essential infrastructure serving people to influence public opinion as tensions rise in Taiwan. 

Researchers cautioned that cyberattacks on IT infrastructure, such as bill payment systems, can influence operations and services, implying that even if an attack solely impacts the IT side of the business, key functions such as energy generation and transmission may be affected.

"There's a preponderance of older technologies configured to enable remote management without modern security controls like encryption and multifactor authentication," Chester Wisniewski, global field chief technology officer at Sophos, said in a news statement. "Like hospitals and schools these utilities are frequently operating with minimal staffing and without the IT staffing required to stay on top of patching, the latest security vulnerabilities, and the monitoring required for early detection and response."

The Cost of Ransomware Attacks

As reported by Sophos, nearly half of all successful assaults were caused by an unpatched or untreated vulnerability, with compromised credentials accounting for slightly more than a quarter. According to the researchers, the energy, oil and gas, and utilities sectors are the "most likely to fall victim to the exploitation of unpatched vulnerabilities."

Furthermore, that same group is more inclined to pay a ransom to restore encrypted data rather than relying on backups.

According to the report, this is the first time that energy, oil/gas, and utility firms have reported a higher propensity to pay the ransom rather than employ backups.

The Rising Tide of Ransomware

While the survey highlights how ransomware remains one of the most disruptive to critical infrastructure operations, the general lack of information in the larger threat picture due to low reporting rules suggests that the true cost of ransomware could be significantly greater. 

The Cybersecurity and Infrastructure Security Agency is now working on a rulemaking process that will require many critical infrastructure businesses to report significant cyber events, with the final rule likely early next year.

Read more »
water supply
Cyber Security Data Center Data Policies Data reports Energy EU European Commission water supply

EU Data Centers to Report Energy and Water Use Under New Rules

 

The European Union is poised to take a significant step toward regulating energy and water use in data centers. Beginning in September, all organizations operating data centers within EU nations will be required to file detailed reports on their water and energy consumption. Additionally, these organizations must outline the measures they are taking to reduce their environmental footprint. 

Data centers have been specifically targeted because they account for an estimated 2% to 3% of the total energy consumption in the EU. The increasing demand for data processing power, driven largely by the rise of AI technologies, is a major factor behind this significant energy use. Ermengarde Jabir, a senior economist at Moody’s, highlights the immense power requirements of data center hubs within the EU. 

For instance, data centers in Amsterdam demand approximately 950 megawatts of energy capacity, while those in Dublin require over 700 megawatts. Similarly, data centers in Paris and Frankfurt have comparable energy needs to Dublin. To put this in perspective, 1 megawatt of power is sufficient to power between 750 to 1,000 homes for an entire year. Notably, the world’s largest data center hub, located in northern Virginia, has a staggering capacity of 4,500 megawatts. 

The EU's new reporting rules, along with any subsequent regulations aimed at reducing energy consumption, currently apply only to data centers within EU member states. However, EU environmental regulations often serve as a model for other regions, with the notable exception of North America, according to Cándido García Molyneux, an environmental lawyer based in Brussels with the law firm Covington & Burling. “When the EU adopts these reporting requirements, it is very likely that many other countries will follow suit,” Molyneux explains. He also notes that nations aspiring to join the EU or engage in trade with the EU may need to comply with these energy regulations. 

Moreover, the EU has already implemented government procurement regulations focused on energy efficiency. Companies providing cloud or web-based services to EU residents and businesses from data centers outside the EU might also face future energy use regulations. The EU’s drive to reduce energy consumption is motivated by several factors, including the desire to phase out fossil fuels and decrease dependence on foreign energy sources, according to Moody’s Jabir. 

Although efforts to reduce energy consumption began before the conflict in Ukraine, the war has intensified the EU's resolve to cut imports of Russian oil, gas, and coal. The introduction of energy and water use reporting rules marks an early step toward broader regulation. While some energy experts believe most data center operators are prepared to comply, Molyneux anticipates challenges for certain operators. Smaller data center operators might not be aware of the new rules, and others could struggle to gather the required information in time. 

In summary, the EU’s new reporting requirements for data centers represent a crucial move toward greater transparency and accountability in energy and water use. By enforcing these regulations, the EU aims to achieve substantial reductions in energy consumption, contributing to broader environmental and sustainability goals.
Read more »
Technology
Artifcial Intelligence Data Centre Energy Quantum computing Sustainable Technology Technology

The Rising Energy Demand of Data Centres and Its Impact on the Grid

 



In a recent prediction by the National Grid, it's anticipated that the energy consumption of data centres, driven by the surge in artificial intelligence (AI) and quantum computing, will skyrocket six-fold within the next decade. This surge in energy usage is primarily attributed to the increasing reliance on data centres, which serve as the backbone for AI and quantum computing technologies.

John Pettigrew, the Chief Executive of National Grid, emphasised the urgent need for proactive measures to address the escalating energy demands. He highlighted the necessity of transforming the current grid infrastructure to accommodate the rapidly growing energy needs, driven not only by technological advancements but also by the rising adoption of electric cars and heat pumps.

Pettigrew underscored the pivotal moment at hand, stressing the imperative for innovative strategies to bolster the grid's capacity to sustainably meet the surging energy requirements. With projections indicating a doubling of demand by 2050, modernising the ageing transmission network becomes paramount to ensure compatibility with renewable energy sources and to achieve net-zero emissions by 2050.

Data centres, often referred to as the digital warehouses powering our modern technologies, play a crucial role in storing vast amounts of digital information and facilitating various online services. However, the exponential growth of data centres comes at an environmental cost, with concerns mounting over their substantial energy consumption.

The AI industry, in particular, has garnered attention for its escalating energy needs, with forecasts suggesting energy consumption on par with that of entire nations by 2027. Similarly, the emergence of quantum computing, heralded for its potential to revolutionise computation, presents new challenges due to its experimental nature and high energy demands.

Notably, in regions like the Republic of Ireland, home to numerous tech giants, data centres have become significant consumers of electricity, raising debates about infrastructure capacity and sustainability. The exponential growth in data centre electricity usage has sparked discussions on the environmental impact and the need for more efficient energy management strategies.

While quantum computing holds promise for scientific breakthroughs and secure communications, its current experimental phase underscores the importance of addressing energy efficiency concerns as the technology evolves.

In the bigger picture, as society embraces transformative technologies like AI and quantum computing, the accompanying surge in energy demand poses critical challenges for grid operators and policymakers. Addressing these challenges requires collaborative efforts to modernise infrastructure, enhance energy efficiency, and transition towards sustainable energy sources, ensuring a resilient and environmentally conscious energy landscape for future generations.


Read more »
Technology
CESER DOE Energy Net Zero Emission Technology

U.S DOE Announces $70 Million Funding for Improving


Funding that will support research into tech

Today, the U.S. Department of Energy (DOE) announced funding of up to $70 million to support research into technologies intended to reduce risks and increase resilience to energy delivery infrastructure from a variety of hazards, such as natural disasters, extreme weather events caused by climate change, and cyber and physical threats. 

This new competitive funding opportunity will support the advancement of next-generation innovations that fortify the resilience of America's energy systems, which include the power grid, electric utilities, pipelines, and renewable energy generation sources like wind and solar. It will be accessible to stakeholders in the public and private sectors, universities, and DOE's National Laboratories. 

President Biden's aim of net-zero emissions

Achieving President Biden's objective of a net-zero emissions economy by 2050 will require strengthening America's energy and national security, which is why the announcement made today supports the Biden-Harris Administration's efforts to construct robust and secure energy infrastructure across the nation. 

Along with making significant investments in climate resilience and adaptation, the Biden-Harris administration has also received over $50 billion from the President's Investing in America agenda

Under the direction of the DOE's Office of Cybersecurity, Electricity Security, and Emergency Response (CESER), the All-Hazards Energy Resilience initiative aims to tackle upcoming obstacles to maintain a secure and dependable supply of electricity to communities all throughout the country.  

U.S. Secretary of Energy Jennifer M. Granholm said “Making smart investments in America’s energy systems today is essential to ensuring they’re more reliable and resilient against tomorrow’s threats, while also reaching President Biden’s ambitious clean energy and climate goals.” He further added, “As we build our clean energy future, these investments will help save money in the long run by identifying and developing innovative solutions that ensure our nation’s energy infrastructure can withstand emerging threats and the challenges of a changing world.”

This grant opportunity is purposefully wide, and recipients are encouraged to develop creative and distinctive solutions that are not "one size fits all," given the rapidly changing environment and technology landscape. 

The recipients of awards will encompass all categories of energy delivery infrastructure and will tackle a wide range of possible risks related to energy generation, production, transmission, and/or distribution. 

Under this funding opportunity, CESER anticipates funding up to 25 research, development, and demonstration (RD&D) projects with budgets ranging from $500,000 to $5,000,000. Applications are encouraged from diverse teams from state and local governments, national laboratories, colleges, charity and for-profit businesses, and tribal nations.   

The projects' suggested subject topics include the following:

Cyber Research and Development: Energy systems are more vulnerable to cyberattacks as a result of the expanding digital ecosystem. These initiatives will improve cybersecurity and lower cyber threats to the infrastructure used in energy distribution. 

Development and Research on Climate Mitigation: The world's vital energy infrastructure suffers from a growing number of extreme weather events, rising sea levels, and rising temperatures. Through the development and application of creative solutions, these projects will lessen the influence of climate change on the reliability and transmission of energy.  

Development and Research on Wildfire Mitigation: Communities, ecology, and energy systems are all severely impacted by wildfires. Through these studies, possibilities to fortify infrastructure against wildfires will be identified, allowing electric companies to increase rapid recovery, operate through catastrophic occurrences, and improve resilience.

Research and Development on Physical Security: Vandalism, sabotage, and ballistic damage are some of the hazards that utility power plants must deal with when it comes to their physical security. Physical barriers, access control, and video monitoring systems are some of the modern defenses against these attacks, although they are insufficient to reduce breaches and damage. 

University-Based Research and Development: By integrating university-based research, these projects will strengthen the electric sector's cyber and cyber-physical security posture. In line with the White House Initiative on Advancing Educational Equity, Excellence, and Economic Opportunity through Historically Black Colleges and Universities, applicants must be from historically black colleges and universities. Teams must consist of academic institutions as well as owners, operators, and/or providers of solutions for the energy sector. 

Please click here for a complete list of the topic areas and more in-depth information.  

Visit their official site to learn more about DOE's initiatives to safeguard and preserve the US energy industry.

Read more »
Vulnerability
Australia Breach Customer Cyber Attacks Data Energy Experts Investigation Ransomware Report Security Software threat UK Vulnerability

Cyberattack Strikes Australian Energy Software Company Energy One

 

Energy One, an Australian company specializing in software solutions and services for the energy industry, has fallen victim to a cyber assault.

In an announcement made on Monday, the company revealed that the breach was identified on August 18 and had repercussions for certain internal systems both in Australia and the United Kingdom.

“As part of its work to ensure customer security, Energy One has disabled some links between its corporate and customer-facing systems,” Energy One said.

Energy One is actively engaged in an inquiry to ascertain the extent of the impact on customer-related systems and personal data. The organization is also committed to tracing the initial point of intrusion employed by the attacker.

Though detailed specifics about the attack are presently undisclosed, the company's official statement strongly suggests the possibility of a deliberate ransomware attack.

To facilitate the investigation, cybersecurity specialists have been enlisted, and competent authorities in both Australia and the UK have been informed about the incident.

According to a recent report by Searchlight Cyber, a British threat intelligence firm, malevolent actors have been peddling opportunities for initial access into energy sector enterprises globally, with prices ranging from $20 to $2,500.

Perpetrators of cybercrime can exploit various avenues, including Remote Desktop Protocol (RDP) access, compromised login credentials, and vulnerabilities in devices like Fortinet products.
Read more »
Subscribe to: Posts (Atom)