Evolving cybersecurity to protect today’s energy network architecture

The energy sector is in a unique position when it comes to network security. Not only does it need to protect private information and keep employees productive, but it is tasked with preventing attacks that could bring the power infrastructure supporting communities across the nation to its knees.

While the ramifications of a cyberattack on the energy sector could be extraordinary, energy companies face many of the same challenges as organizations in other verticals. For example, with the growing challenges of adapting to a mobile and disparate workforce, energy firms need to give their work-from-anywhere (WFA) users the flexibility, secure access and network performance needed to perform their duties.

Beyond this, energy companies often need to give secure access to remote contractors who may use one device to connect to various enterprise networks. To make the challenge worse, many energy firms have a complex network infrastructure in place, including legacy data centers and systems that, in today’s world, need to handle everything from switching to Wi-Fi to WAN optimization. For larger companies, their distributed field network needs to support many branch offices which could be located internationally.

Energy companies today realize that traditional perimeter-based cybersecurity tools are no longer adequate to protect them from a constantly evolving threat landscape. Especially with the WFA environment caused by COVID-19 and adopted by many companies, there is now too large of an attack surface and too many attack vectors to secure with walls around everything. Rather than attempting to build security around the distributed network, these days the network itself must provide security. Traffic entering the network must be secured from start to finish and security and the network must operate as one fully integrated system.

The evolving cyberattack landscape

The world’s fragile state during the COVID-19 crisis opened the door for an aggressive wave of cyberattacks. Ten years ago, energy firms’ on-premises-focused security personnel were able to identify network attacks very quickly, since most took place in the top-level layers of a system, often through a malware attack. These days however, vulnerabilities are exploited over long periods of time, with more massive destruction to infrastructure in mind. Energy companies can no longer assume that their network systems will remain safe.

Cyber thieves are also infiltrating through underlying networks, passing from router to router and accessing information located far below a system’s top level. The evolution of these attacks means that energy firms may not be aware of a breach for long periods of time, increasing the amount of harm to the company and overall power infrastructure that can be performed.

Energy companies should update their security strategies to address worst-case scenarios and assume that at some point they will be victims of attack. This means understanding that any single employee may serve as a hacker’s entry to the enterprise network. Anyone can be fooled by increasingly sophisticated attacks and clicking on a phishing email, resulting in an opening for malicious events.

Focus on analytics and visibility

To address these sophisticated attacks, analytics and visibility are instrumental in strengthening an energy company’s security posture, particularly when it comes to branch sites. Analytics and visibility deliver invaluable insights into an organization’s ongoing security status and can help identify critical vulnerabilities previously unseen. While information technology (IT) leaders traditionally have focused on their organization’s connectivity and security, now analytics and visibility of distributed networks are getting their fair share of attention.

The type of information this approach provides can prove vital for the rising number of companies suffering an attack. The first challenge after a breach attempt has been identified and systems have been shut down is to determine how far cyber thieves have infiltrated before being detected and what exactly they accessed. This is particularly true in cases of ransomware, where an organization must be able to determine the criminal’s activity on its systems. Hackers may claim they accessed and encrypted five terabytes of data, but a company may be able to see they collected only a handful of files before being shut out. Only with complete visibility will energy firms have the information they need to counter a criminal’s claim.

Approaches to strengthen network architecture

Energy companies can strengthen their network architecture against attacks through a number of approaches. For example, zero trust network access (ZTNA) technologies should be a high priority for organizations to limit access to privileged accounts and data left easily accessible, particularly in their WFA and distributed contractor environment. Requiring authentication before granting access is an important way a company can protect its network and keep data secure.

Many energy firms need to reassess their infrastructure foundations before additional security approaches can be considered. Integration is critical for strengthening an organization’s network architecture, since many have disparate systems that should ultimately be integrated. Achieving strong integration will enable companies to have greater visibility into their distributed systems, making it easier to identity and defend against incoming cyberattacks.

Steps toward a secure future

Approaches such as secure access service edge (SASE) can go a long way toward strengthening an energy company’s network architecture. SASE is the integration of security and networking solutions, such as firewall-as-a-service (FWaaS) and ZTNA, into a unified service that can be delivered entirely through the cloud. Cloud delivery offers firms greater flexibility, making it easy to apply security services and consistent policies remotely where they are needed. Secure and seamless transition from the cloud is critical since so many applications are cloud based, including collaborative communications.

Cybersecurity needs to become more of an integrated consideration for every new project. For example, in today’s WFA environment, every area needs embedded security, including branch sites and remote workers. Simply educating remote workers about security risks is not enough to protect networks from malicious attacks.

In today’s world, where any organization can be a target for cyberattack, a strongly secured network architecture and end-to-end visibility are the building blocks to a resilient security posture. Enabling a single point of control using approaches such as SASE will help ensure energy companies can create a more streamlined and secure network architecture, whether from the headquarters or remote branch locations. To protect private data and networks, all organizations should work toward a common goal — implementing an approach that combines the crucial elements of network architecture, security and visibility.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.