Energy Sector Cybersecurity: How Collaboration Is Countering Emerging Threats

The threat of cyber‑attacks inflicting physical damage on power plants and oil refineries has moved from fiction to fact, dominating today's headlines.

Attackers are increasingly targeting energy and oil & gas organizations, underscoring the urgent need for stronger industrial cybersecurity.

Tripwire’s latest survey shows 70% of energy sector security leaders fear a successful cyber‑attack could trigger catastrophic failures, including explosions—according to Tim Erlin, VP of Product Management & Strategy at Tripwire.

Historically, energy operators focused solely on physical security. Today, with most industrial control systems (ICS) online, cyber threats demand equal attention.

While data theft remains common, attacks on critical infrastructure can halt operations, damage equipment, and even endanger lives—real‑world incidents confirm this trend.

The FBI and Department of Homeland Security recently released a joint report detailing a massive Russian cyber‑campaign targeting U.S. critical infrastructure, publicly attributing attacks on energy assets to the Russian government—a first in U.S. history.

Other notable threats include Triton (also known as Trisis), which disrupted a Saudi petrochemical plant last year and was believed to be engineered to trigger an explosion. Earlier, the modular malware Industroyer leveraged industrial protocols to cripple IC systems and deploy destructive wiper code.

Responding to the threat

According to Tripwire’s survey, 59% of energy firms have raised security budgets in response to high‑profile attacks such as Trisis/Triton, Industroyer/CrashOverride, and Stuxnet. Yet many still believe their investments fall short of achieving robust IC security.

Only 56% of respondents said a major incident would compel sufficient investment, which explains why just 35% employ a layered defense—widely considered best practice—while 34% prioritize network security and 14% focus on IC device protection.

Another hurdle is organizational: the historic split between IT and OT. Still, 73% of survey participants report improved IT‑OT collaboration compared to the past.

With threats escalating, organizations recognize that IT and OT must unite. The survey shows both teams agree that inadequate security can cause operational shutdowns and jeopardise employee safety.

Despite progress, IT often remains the driver: 50% of participants say IT leads IC security initiatives, 35% see equal responsibility, and only 15% credit OT.

IT’s leadership is understandable given its long cybersecurity experience. The digital threat is newer to OT. Yet, because operational settings differ from IT, the most effective converged teams allow OT experts to lead where appropriate. OT partnership is essential to build IC security programs that preserve operations.

A three‑step approach for building defense‑in‑depth

Industrial cybersecurity can be tackled through a practical three‑step framework:

Step 1 – Network hardening. Segregate networks following the ISA IEC 62443 standard, secure all wireless links, and implement secure remote‑access solutions for troubleshooting. Continuous monitoring of industrial network infrastructure is also essential.

Step 2 – Endpoint protection. Begin with comprehensive asset discovery and maintain an up‑to‑date endpoint inventory. Secure configuration and change monitoring should be enforced across all devices.

Step 3 – Controller security. Strengthen detection and visibility by securing vulnerable controllers, monitoring for unauthorized access or configuration changes, and responding swiftly to contain threats.

As physical and digital realms merge, opportunities for greater productivity arise. Yet, embedding security into the digital transformation journey is vital to shield critical infrastructure from emerging cyber threats.