How the energy industry can address new critical infrastructure reporting requirements using managed detection and response

Cybersecurity concept image with digital lock (cyber)
Image: Shutterstock

The energy industry is a key target for cybercrime due to the potential for widespread and significant ramifications and, as such, the cybersecurity posture of energy providers is becoming increasingly important from a national security standpoint, writes Trustwave general manager (Pacific) Jason Whyte.

For example, ransomware can be deployed to prevent energy providers from operating as normal, creating a strong imperative for them to pay the ransom and get back online. These types of attacks affect ordinary Australian citizens and can literally put lives at risk, making it extremely important that organisations in the energy sector harden their cybersecurity capabilities. 

Related article: Customer details exposed in EnergyAustralia cyberattack

This need has been reflected in the Australian government’s amended Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act), which has updated regulations for critical infrastructure (CI) operators, including energy. The new legislation announced mandatory reporting for serious cybersecurity incidents, putting the onus on businesses to raise the alarm if they fall victim to an attack. 

It’s not just the rate of cyberthreats that’s increasing; these attacks are also becoming more complex and stealthier, making them harder to prevent than ever before. Against this increased threat landscape, organisations are continuing to grapple with the ongoing skills shortage. The lack of cyber talent means many organisations, including those in the energy sector, are at a disadvantage compared with the relatively well-resourced cybercrime industry. 

One of the first recorded successful cyberattacks in the energy sector was directed at a power grid in Ukraine in December 2015. The attack was carried out via phishing emails riddled with hidden malware and blacked out approximately 230,000 houses.

To combat this increasing threat and better protect the energy sector, many organisations are turning to managed detection and response (MDR) to strengthen their cybersecurity posture. It’s no longer viable for cybersecurity to be reactive; the energy sector must be alert and ready for an immediate response, which is why MDR integration is becoming increasingly vital. However, establishing this type of immediate, 24-hour threat detection in-house is impractical for most businesses. The cost, effort, and expertise required is vast and time-consuming. To deploy and properly configure complex technologies like extended detection and response (XDR) or security information and event management (SIEM) platforms across multiple endpoints, servers, clouds, and networks can often take months to implement. Even after they’re deployed, these solutions require cybersecurity experts to manage them on an ongoing basis.   

Working with an experienced MDR provider can help energy businesses stay ahead of cybersecurity challenges while staying within budget and practicality. A trusted MDR provider can support energy providers with endpoint detection and response (EDR), protecting sensitive data with a deployment time of hours rather than months. This offers faster time to value, ensuring energy organisations get the security protection they need to comply with new legislation and protect themselves and their customers from the potentially devastating effects of a successful cyberattack. 

Related article: Russian spies launch cyberattack on Ukraine’s grid

When considering a quality MDR provider, organisations should look for one that is experienced with XDR and SIEM technologies, combines human-led threat hunting with 24/7 monitoring, is highly responsive, and has an active research arm that helps uncover threats before they affect the business. A quality MDR provider will also have field-tested experience that balances the need for protection with commercial realities. Choosing the right partner means energy providers can operate with confidence and better protect their systems and data from threats. 

https://www.homeaffairs.gov.au/reports-and-publications/submissions-and-discussion-papers/slacip-bill-2022
https://www.agl.com.au/thehub/articles/2020/02/protecting-the-energy-industry-from-cyber-attacks

Previous articleBiden-Xi climate cooperation energises COP27 negotiations
Next articleCannon-Brookes wins board shake-up at AGL