Interview with Andrew Lintell of Claroty
With nearly 90% of the world’s largest energy companies experiencing cyberattacks in 2023, the sector is facing escalating risks across the board. To explore the depths of these growing threats and the strategies to combat them, we speak with Andrew Lintell, General Manager, EMEA, at Claroty.
Amid economic and political challenges across the region, the energy sector seems to be a frequent target of nation-state actors. So, how can European energy companies better prepare for cyber threats stemming from geopolitical tensions?
Europe’s energy sector is already under critical threat amid the escalating geopolitical tensions. Last year, attacks on UK utility companies increased by 586%, and a large part of it is driven by nation-state actors. We also saw two dozen energy companies in Denmark being successfully targeted by Russia-linked threat actors. These incidents will only increase as the geopolitical environment becomes more tense.
So, European energy companies must prioritise collaboration and intelligence sharing to strengthen their defences. Companies should enhance cross-border collaboration. Cyber threats do not respect national boundaries, so it’s crucial for energy companies across Europe to work together. This involves sharing threat intelligence, best practices, and response strategies in real-time. Establishing strong communication channels and participating in joint cybersecurity exercises can help companies better anticipate and respond to threats.
Establishing strong communication channels and participating in joint cybersecurity exercises can help companies better anticipate and respond to threats.
It’s also important to invest in threat detection and monitoring technologies. As attackers become more sophisticated, traditional security measures are no longer enough. Organisations should deploy AI-driven tools that can detect anomalies and potential threats across operational technology (OT) and IT systems. These tools can provide early warnings and help security teams respond more quickly to emerging threats.
Most importantly, companies must prioritise securing remote access and supply chains. With the rise of remote management and the involvement of multiple third-party vendors, the attack surface has expanded significantly. Implementing strict access controls, continuous monitoring, and strict vetting of third-party partners can reduce the risk of breaches through these vectors.
What are the main barriers to effective coordination and information sharing in Europe?
There are several factors that hinder effective coordination, including regulatory fragmentation, trust issues, and disparate technology standards. Different countries have their own regulations and policies, which can deter seamless collaboration across borders. This fragmentation creates gaps in communication and slows down response times.
Companies may hesitate to share sensitive information, fearing reputational damage or competitive disadvantage. This reluctance prevents the timely exchange of critical threat intelligence.
Varying technology standards across countries and organisations also complicate data sharing and integration. Incompatible systems and tools make it difficult to collaborate effectively, leading to missed opportunities in threat detection and response.
Addressing these barriers requires harmonising regulations, building trust through established frameworks, and adopting common technology standards. National governments, European regulatory bodies, and industry leaders all share the responsibility for driving these efforts.
I think the NIS2 directive that comes into law from October this year will address a lot of these barriers. The directive mandates the establishment of a European Cyber Crisis Liaison Organisation Network (CyCLONe) to enable coordinated responses to large-scale cyber incidents across borders.
It will be important for businesses to implement solutions that can keep detailed accounts of vulnerabilities, indicators of compromise (IoCs), and security logs from their network infrastructure, including IT and OT assets. This will help energy companies to easily share intel with relevant authorities, stakeholders, and other businesses to drive collective resilience and ensure compliance.
Europe is currently pushing towards more sustainable practices in energy production and renewables are a big focus. What unique security challenges arise with decentralised renewable energy systems, and how should strategies adapt?
Unlike traditional, centralised power plants, renewable energy sources like solar and wind are spread across wide geographical areas. For instance, consider a wind farm spread across a rural region in Europe. Unlike a single, centralised power plant that might cover a few acres, this wind farm could span hundreds of square miles, with turbines located in remote and often isolated locations. Each turbine has its own control systems and connectivity, which need to be secured.
This distribution and decentralisation increases the number of entry points for potential attacks, making the entire network more vulnerable. One major challenge is visibility. In a decentralised system, operators often lack a comprehensive view of all connected devices and assets. This blind spot can be exploited by attackers who can infiltrate less secure parts of the network without detection.
Another major challenge is the integration of legacy systems with modern technology. Many decentralised energy systems still rely on older equipment that wasn’t designed with cybersecurity in mind. These systems lack the necessary security controls and are incompatible with modern IT security solutions.
Additionally, there’s the issue of remote access. Decentralised systems often require remote management and maintenance, increasing the risk of unauthorised access. To adapt to these challenges, security strategies must be proactive and comprehensive. This means adopting a multi-layered approach that combines visibility, integration, and remote access control.
AI is a big part of the cybersecurity narrative today. In the energy sector, how can AI be used to enhance OT security, particularly in stress testing systems?
There is a lot of scope for AI to be integrated into building resilience across the energy sector. AI-driven assessments and security stress tests can provide a comprehensive picture of how resilient your energy network is and where are the potential gaps.
AI enables the red team to mimic sophisticated threat actors more accurately, discovering potential weak points that might be missed by human testers.
One way to do this is through AI-powered red team and blue team exercises. In these exercises, the red team simulates cyberattacks using AI to identify vulnerabilities within OT systems. AI enables the red team to mimic sophisticated threat actors more accurately, discovering potential weak points that might be missed by human testers. It can also simulate a wide range of attack scenarios, from well-known exploits to novel, previously unseen tactics, providing a more comprehensive assessment of the system’s defences.
On the other hand, AI can improve the blue team’s defensive strategies. It can help them detect and respond to these simulated attacks in real-time, analysing vast amounts of data to identify unusual patterns and suggesting immediate countermeasures.
AI-driven solutions can also model complex threat landscapes and predict how different components of an OT environment might react under various attack conditions. This allows security teams to test the resilience of their systems against sophisticated cyber threats, including those that may not have been encountered before.
What key steps should organisations take to ensure resilience against evolving cyber threats in energy networks?
The first step is to gain comprehensive visibility into all cyber-physical systems (CPS) within the OT environment. This includes power grids, industrial control systems, sensors, control systems, actuators, and other infrastructure where digital systems and physical machinery interact.
Organisations need a real-time, complete inventory of all OT, IoT, and Building Management System (BMS) assets across power generation, transmission, and distribution infrastructure. Without this visibility, security gaps can go unnoticed, leaving critical assets vulnerable to attacks.
From there, companies must integrate existing IT tools and workflows with OT systems. Many OT environments rely on proprietary protocols and legacy systems that don’t easily align with IT security solutions. However, integrating these tools is crucial for extending cybersecurity measures across the entire infrastructure. By bridging IT and OT systems, organisations can leverage their existing security investments to protect both environments without the need for additional, costly tech stacks.
It’s also important to extend IT security controls and governance to OT environments. This means extending security protocols such as access control, encryption, and monitoring into OT systems. These measures can significantly help to unify the security framework across the energy network, ensuring consistent protection and governance.
Executive Profile
