Get in Touch
Published: 21st March 2023 | In: Insights
The security of the UK’s energy supply is one of the government’s top priorities. To ensure the country can continuously meet demand, it needs a mixture of multiple sources of energy, from modern nuclear power stations to new renewables including solar farms and vast offshore windfarms.
New licences, new opportunities
The government has also been planning to recover more oil and gas from the North Sea, in the most economically viable way possible. As part of this strategy, the UK’s North Sea Transition Authority, formerly called the Oil & Gas Authority, which is owned and controlled by the government, has recently closed the application process for 100 new licences for oil and gas exploration in the region.
Although production of oil and gas from the UK Continental Shelf, which includes areas of the North Sea, peaked in 1999, it’s estimated that over 3 billion cubic metres of oil and gas remain untapped from UK waters. This will take years to extract and make available for homes and businesses. But first it needs to attract the necessary investment to build the infrastructure required.
New energy, new risks
Despite more people switching to electric cars, oil still fuels over 90% of transport needs in the country today while, according to the Department for Business, Energy and Industrial Strategy, more than 75% of homes are heated by gas. Although renewable energy now contributes to a greater percentage of the UK’s total, thanks partly to increasing numbers of solar farms and offshore windfarms, many of which are also in the North Sea, there will clearly still be a huge demand for oil and gas in the country for the foreseeable future.
The new licences should open up a flood of fresh investment and create profitable business opportunities for scores of companies up and down the energy sector supply chain. However, this rapid ramp-up in activity comes with increased risk. As we’ve seen in other sectors of the economy, it could also open opportunities for financially-motivated threat actors looking to earn a windfall, or for nation-state sponsored cybercriminals attempting to disrupt the UK’s energy supply as part of a broader political strategy.
Technology has, of course, moved on leaps and bounds since the last peak of oil and gas production almost a quarter of the century ago. Deep into the digital age, companies at every stage of supply chains are utilising huge numbers of Internet of Things (IoT) and Operational Technology (OT) devices to deliver results, improve efficiency and innovate in new areas. International Data Corporation (IDC) estimates there will be almost 42 billion connected IoT devices in use by 2025. And some analysts believe it could rise to double this number.
Fragile security – until now
But this rapid increase is a double-edged sword. The security built around IoT and OT devices is seriously lagging behind that protecting traditional IT – in fact, it’s common knowledge that IoT and OT are two of the weakest links in the IT landscape. Another vulnerable area that is relevant and important to the oil and energy sector is the supply chain, which adversaries are increasingly looking to compromise. The weakest chinks in supply chains are seen as easier entry points than well-defended, well-resourced corporations. Criminals seek to enter through the weakest point to move up the chain to bigger and potentially more profitable organisations.
As the energy industry is essential for every other sector and the everyday running of the economy, it’s no wonder that some threat actors see it as their top target. Of course, every organisation should be protected at all times, but it’s true that the consequences of some being held to ransom are far more debilitating to the economy than others. Britain’s energy sector is one of 13 categorised by the National Cyber Security Centre (NCSC) to be Critical National Infrastructure.
Real-world attacks on IoT and OT in the global energy sector are well known in the cyber security industry, with Saudi Arabia’s Aramco being hit by wiper malware in 2012 and Colonial Pipeline in the US suffering a serious cyber-attack in 2021, to name two of the most infamous ones.
Proactively protect your business
But while cyber-attacks are on the rise and have become more complex that doesn’t mean they are inevitable. They can be prevented, and even if they do happen there are tried and tested means to minimise the impact during and after a cyber-attack. Although it might seem a daunting task to protect a large, complicated IT estate against any kind of threat that might occur at any time, help is available.
At Quorum Cyber, we have years of experience and expertise helping to defend energy companies from increasingly complex cyber-attacks. As a Microsoft Solutions Partner for Security, our teams are certified in the latest Microsoft Security technologies. They’re trained to protect your business before, during and after a cyber-attack.
Our Managed Extended Detection and Response (XDR) service monitors absolutely everything, from any vendor, be it on-premises or in the cloud, in IoT or OT, and any cloud environment, including from Amazon Web Services (AWS), the Google Cloud Platform (GCP) and Microsoft Azure. In 2022 we were the first cyber security company headquartered in the UK, and one of the first in the world, to be verified by Microsoft for our XDR service.