The IT Certification Resource Center

Featured Deal

Get CompTIA, Cisco, and Microsoft training courses free for a week.
Learn More ❯

The Energy Sector Needs Security Professionals

Looking for a place to put your certified cybersecurity skills to good use? U.S. energy production and distribution facilities (as well as similar operations in other countries) are eager to meet with you.

Wind farmThe other evening, while assisting my wife in the kitchen — because I’m just that kind of guy — I turned on the microwave and ended up flipping a circuit breaker. It was a simple fix: Walk down the hall, open the fuse box, and reset the switch. Power in the kitchen was out for less than 30 seconds.

 

Over dinner, we discussed what we would do in the event of a prolonged blackout. Our conversation took a somber turn as we talked about the likelihood of cyberattacks that could take down the energy grid and what we might do to prepare. We threw some ideas around like storing water, keeping enough food on hand and so forth.

 

(Full disclosure: My real fear is no toilet paper — it will be worth more than gold.)

 

What really caused me to ponder such a situation was when the wife said, “I’m trusting that the energy companies have enough smart people to protect their power plants from hackers.”

 

The truth is that our energy industry doesn’t have nearly enough skilled cybersecurity professionals to guarantee the uninterrupted flow of energy. A 2017 survey by the Ponemon Institute found that nearly 70 percent of oil and gas companies suffered hacks last year that “exposed confidential information and disrupted operational technology.” More bad news: Just 35 percent of respondents rated their cyber-readiness as high.

 

Although considered critical infrastructure, our energy grid isn’t in the best condition. A big reason is age: 88 percent of coal plants were built between 1950 and 1990, our youngest oil refinery is more than 40 years old. We’re doing a tiny bit better in terms of nuclear power generation: the oldest of the two generators at Tennessee’s Watts Bar Nuclear Plant began operation in 1996, and the newer unit came online last year.

 

As the industry shifts to a smart grid and implements necessary upgrades, plants are increasingly connected to the internet, and simultaneously exposed to the risk of a cyberattack.

 

The energy industry’s security situation is precarious for three additional reasons: