During the latest webinar in our Energy Transition series, Partners Carl Fleming and Scott Ferber hosted PWC Principals Brad Bauch, US Power and Utilities Cybersecurity & Privacy Leader, and Mark Ray, Cybersecurity & Privacy, to discuss the cyber threat landscape that the energy sector currently faces, the US government’s oversight of cybersecurity and key considerations for building a robust compliance program.
Below are key takeaways from the webinar:
1. The Cyber Threat Landscape. Threat actors are continually evolving in the tactics, techniques and procedures they are deploying against their targets, making it a daunting threat landscape. Where nation state threat actors are involved, the risk of compromise is heightened. Ransomware continues to be, by far, the most prevalent issue organizations are contending with across all sectors and geographies—followed by supply chain attacks and zero-day exploits. Amid Russia’s invasion of Ukraine and the punishing sanctions being imposed, along with Russia’s demonstrated willingness to use malign cyber means against an array of targets, the energy sector should be on high alert for cyberattacks.
2. US Government Engagement. The US government is using a carrot-and-stick approach with the private sector to encourage and, in some instances, require robust cybersecurity, as well as information sharing. Bottom line, the government is expecting more of the private sector (particularly the energy sector) when it comes to dealing with cybersecurity.
3. Building a Robust Compliance Program. There are unique considerations when building a robust compliance program that encompasses both Information Technology (IT) and Operations Technology (OT) systems. As a starting point, companies should consider:
- Benchmarking against cybersecurity compliance programs at peer companies and similar industries
- Creating processes that are enterprise-wide, with a control standards-based approach
- Avoiding program siloing
- Ensuring active monitoring and controlled access of IT and OT systems
- Developing strong protections for legacy OT software that is operationally essential.
To access past webinars in the Energy Transition series and to begin receiving Energy updates, including invitations to the webinar series, please click here.