We all win when energy companies build strong cybersecurity into their digital transformation journey toward better efficiency and clean energy. I’ve discussed security threats and other challenges in previous Energy and Resources blogs, and in this blog, I want to underscore the urgency around cybersecurity, how it’s evolving, and how companies can use technology to manage risk.
A Microsoft sponsored Poneman Insitute study shows that 68 percent of senior management believe that IT and operational technology (OT) are critical to supporting strategic goals.¹ Business leaders realize that connecting everything from vehicles to power plants can offer unprecedented gains in scale and efficiency. However, digital transformation can be a balancing act of risk and reward. These expanding digital platforms can become targets for increasingly sophisticated attacks—with potentially disastrous impacts. Imagine what could happen if a cybercriminal gains access to an oil field or power grid?
As energy companies are rapidly digitizing and adopting new technology, they also need sophisticated tools to stay ahead of and safeguard against current and emerging threats. We depend on the continuous availability of fuel and power. Incidents like the Colonial Pipeline attack in 2021, which shut down fuel supply to much of the United States’ east coast, can threaten critical infrastructure, community wellbeing, and business interests.
While energy security is essential for our economy and way of life, protecting a large, geographically distributed environment with potentially thousands of endpoints can be challenging. For example, the average large utility plant maintains a footprint of more than 94,000 miles.2 But as attack surfaces and cybercrime grows in the energy sector, studies show that most critical-infrastructure firms are under-prepared. For example, just 29 percent have modern zero-trust architecture, and only 37 percent have fully deployed multi-factor authentication.3
At Microsoft, we understand the risks and complexity energy companies face around threat detection and management, and we’re committed to helping organizations get the insight and control they need to secure all their endpoints.
Getting fearless with cybersecurity
To improve resilience and reduce cyber risk, organizations need to optimize visibility and respond quickly and effectively to threats across all their internet of things (IoT) and OT networks. We created Microsoft Defender for IoT, which is part of Microsoft 365 Defender and Microsoft Sentinel, to help companies eliminate security blind spots and safeguard their organizations and operations.
We’ve also created industry-specific solutions designed to help organizations be fearless with OT security. Let’s look at some recent examples of our customers’ innovations with Microsoft Defender for IoT shared below.
Fortune 500 American utility secures OT network
As power and utilities companies grow their OT footprint, they also increase their attack surface area. This can include power plants, connected customer devices, and vast transmission and distribution networks.
When a major American utility wanted better visibility into the OT network running its energy plants, the company turned to Microsoft Defender for IoT. To protect against cyberattacks, the utility needed a complete picture of which IT devices were connected to its networks. By deploying Microsoft Defender for IoT, the company gained holistic insight and protection of its OT and IT infrastructure extending across existing and new facilities, including a new liquified natural gas terminal.
Now, the company has continuous visibility into all connected assets and centralized command-and-control over its OT networks. As a result, the utility has the insight it needs to make networks more efficient and secure. The company can detect, flag, and resolve anomalies faster, and implement stronger safeguards against intrusion. With Microsoft Defender for IoT, the utility is better able to protect its networks and the consumers from cyberattacks.
Leading global oilfield services firm protects critical processes
After a security incident that caused costly downtime, one of the world’s largest oilfield services companies decided to harden its industrial infrastructure. When the firm determined that lack of visibility into OT assets and vulnerabilities was a major contributing factor, it made gaining this insight a top priority.
To improve security and mitigate risk, the company deployed Microsoft Defender for IoT across 150 global facilities. With greater visibility into assets, the firm can now detect, manage, and prioritize vulnerabilities while balancing the needs of both operations and securities teams.
Microsoft Defender for IoT provides a complete inventory and continuous monitoring of all connected assets, across vendors and protocols, with no impact on the OT network. The company also used the advanced AI capabilities in Microsoft Defender for IoT to predict the most likely pathways hackers might use to gain access to crown jewel assets. As a result, the team could visualize, prioritize, and simulate mitigation actions to protect its most critical processes.
Microsoft Defender for IoT is now a critical component of the company’s security architecture. The solution brings operations and IT teams closer together and protects the interests of the organization and key stakeholders.
As energy firms address issues like safety, performance, cost-control, and decarbonization, they also need to prioritize security. I’d like to invite you to explore the resources below to learn more about how Microsoft Defender for IoT can improve resilience and sustainability for both your business and our collective future. You can also connect with the Microsoft Security team at Black Hat 2021 this week, where we will share our experience to help customers detect threats quickly, respond effectively, and fortify their security posture.
- Learn more about Microsoft Defender for IoT.
- Discover Microsoft Defender for IoT in Power and Utilities.
- Read about Microsoft Defender for IoT Oil and Gas.
- Learn more about themes and actions critical for energy transition.
- To learn more about Microsoft for Energy and Resources, visit our future of energy industry solutions website.