Cyber Challenges for the Energy Industry

In 2013, the Department of Homeland Security reported that out of 200 instances the energy sector was the target of more than 40 percent of cyberattacks the department handled. The 2015 Dell Security Annual Threat Report finds that the attacks on SCADA systems has doubled since 2013. In December 2015, part of Ukraine’s power grid encountered an unprecedented cyber-attack, causing 225,000 people to lose power. Though the United States has yet to see this type of high level cyber-attack, the possibility exists that a nation state or a malicious actor could take down part or all of one of the nation’s aging and vulnerable power grids.

Regulatory Obligations and Industry Standards for the Energy Sector

The Energy Sector is heavily regulated when it comes to cybersecurity. The following are regulations and industry standards that energy entities should be aware of.

Federal Law:

  • Federal Information Security Management Act of 2002

  • Homeland Security Act of 2002

  • Uniting and Strengthening America by Providing Appropriate Tools Required to Incept and Obstruct Terrorism Act

  • Cyber Security Research and Development Act

  • National Defense Authorization Act of 1996


Federal Energy Regulatory Commission:

  • CIP-003-6 (Security Management Controls)

  • CIP-004-6 (Personnel and Training)

  • CIP-006-6 (Physical Security of BES Cyber Systems)

  • CIP-007-6 (Systems Security Management)

  • CIP-009-6 (Recovery Plans for BES Cyber Systems)

  • CIP-010-2 (Configuration Change Management and Vulnerability Assessments)

  • CIP-011-2 (Information Protection)

energy industry cyber security

Fortalice’s Expertise in the Energy Sector

A wide breadth of energy organizations across the country entrust the Fortalice team to provide its energy industry cyber security services. Our expertise is relied upon by energy consultants, energy production companies and industrial conglomerates. Our steadfast support for these energy organizations ranges from providing penetration testing, risk assessments, cyber intelligence assessments, forensics, incident response, and the design of secure technology infrastructures. While our cyber risk client engagements are short, once the relationship is established, our customers come back to us as long-term trusted advisors on the myriad of emerging cyber security issues that they face.

energy industry cyber security

Latest from the Wall