The U.S. energy sector is compromised by critical third-party vulnerabilities
- The report warns that the US energy sector is being endangered by vulnerable third parties
- New report claims energy infrastructure is failing to stay safe
- Something must be done about the increasing dependence on third parties
New research has shown that the US energy sector is plagued by significant vulnerabilities, with a worrying amount stemming from third-party weaknesses.
A recent one report by SecurityScorecard and KPMG based on a survey of the 250 largest US energy companies claims that third-party risks are responsible for 45% of breaches, with 67% of breaches in this sector related to software and IT vendors.
The data shows that the U.S. energy sector is critically dependent on third-party services for cybersecurity.
Escalating cyber threats
The report also highlights a notable disparity between oil and gas companies and their renewable energy counterparts. Oil and gas companies generally score better in cybersecurity, with many receiving an ‘A-‘ rating, reflecting their relative strength in tackling cyber threats. Renewable energy companies, on the other hand, lag behind and receive an average score of “B−.”
The interconnected nature of renewable energy systems, such as smart grids and solar or wind energy installations, makes them particularly vulnerable to cyber attacks. The report suggests that addressing these vulnerabilities should be a priority for the sector.
In the energy sector, most cybersecurity vulnerabilities are concentrated in three key areas – application security, network security and DNS health – with 92% of companies scoring the lowest in these risk categories.
U.S. critical infrastructure has already suffered a number of attacks from Russia, China and Iran, underscoring the need for better resilience against vulnerabilities and better protection of exposed endpoints.
“The energy sector’s growing dependence on third-party suppliers highlights a critical vulnerability: its security is only as strong as its weakest link,” said Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard.
“Our research shows that this increasing dependency poses significant risks. It is time for the industry to take decisive action and strengthen cybersecurity measures before a breach becomes a national emergency.”