- The US energy sector is being put at risk by vulnerable third parties, report warns
- New report claims energy infrastructure is failing to stay secure
- Increased reliance on third-parties must be addressed
New research has claimed significant vulnerabilities are plaguing the US energy sector – with a worrying amount stemming from third-party weaknesses.
A recent report by SecurityScorecard and KPMG based on a survey of the 250 largest US energy companies claims third-party risks account for 45% of breaches, with 67% of breaches in this sector linked to software and IT vendors.
The data shows the US energy sector has a critical reliance on third-party services for cybersecurity.
Escalating cybersecurity threats
The report also highlights a notable disparity between oil and gas companies and their renewable energy counterparts. Oil and gas companies generally score better in cybersecurity, with many earning an “A−” rating, reflecting their relative strength in addressing cyber threats. In contrast, renewable energy firms lag behind, receiving an average score of “B−.”
The interconnected nature of renewable energy systems, such as smart grids and solar or wind power installations, makes them particularly vulnerable to cyberattacks, with the report suggesting that addressing these vulnerabilities should be a priority for the sector.
In the energy sector, most cybersecurity vulnerabilities are concentrated in three key areas – application security, network security, and DNS health – with 92% of companies having their lowest scores in these risk categories.
US critical infrastructure has already been subject to a number of attacks from Russia, China, and Iran, highlighting the need for improved resilience against vulnerabilities and better protection for exposed endpoints.
“The energy sector’s growing dependence on third-party vendors highlights a critical vulnerability — its security is only as strong as its weakest link,” noted Ryan Sherstobitoff, Senior Vice President of Threat Research and Intelligence at SecurityScorecard.
“Our research shows that this rising reliance poses significant risks. It’s time for the industry to take decisive action and strengthen cybersecurity measures before a breach turns into a national emergency.”
