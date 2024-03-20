OT presents a different cybersecurity challenge from IT systems. Traditionally, most OT systems across the energy industry were stand-alone, unconnected from the internet and other systems. However, as infrastructure grows more complex, vulnerabilities are increasing and adding new threat layers — particularly in the software supply chain. Adding to the problem are the legacy systems in OT, with firmware that can’t be updated or hardware that can’t be replaced without reducing efficiency.

As a result, this sets up a catch-22 for the energy industry: How do you continue to use legacy systems while cybersecurity threats against the energy sector are on the rise?

It starts with knowing your exposure, according to the IBM report. Implementing zero trust and least privilege frameworks will limit access and misuse of credentials. But chances are there are credentials already available on the dark web, so it is necessary to use dark web capabilities to find credentials at risk, identify leaked identities and check social media networks sharing unauthorized information.

Most importantly, the energy industry needs to prioritize cybersecurity across critical systems. Threat actors will continue to take advantage of weak OT systems and an uncertain global outlook, especially as war rages in Europe. Nation-state actors want to take down the critical infrastructure in the countries they see as enemies, and as the UK is home to many of the world’s largest and most important energy companies, it will remain at high risk.