The rise of cyberattacks in the energy sector is making it increasingly critical that organizations keep all OT systems up to date – whether legacy platforms or modern control systems running on outdated versions.
In 2023, over 200 cyber incidents targeted critical infrastructure in the energy sector, with over 50 percent in Europe. This rise has put a renewed focus on control systems. While cyber security has historically fallen under IT’s responsibility, OT systems are becoming prime targets for cybercriminals. Operating systems now have shorter life cycles; for example, MS Windows 10 is no longer supported, leaving legacy Distributed Control Systems (DCS) vulnerable. In contrast, ABB’s modern control systems use LTS enterprise versions of Windows, which offer extended support periods.
Outdated control systems create openings for malware or ransomware attacks. Although IT departments usually have strong cyber security knowledge, the same cannot be said for OT environments, and aging control systems are often left to run on unsupported platforms.
For me, the most robust defense is a continuous approach to modernizing these systems – not just upgrading once, but staying current with the latest patches to keep systems resilient.
Don’t ignore the threat
A reliable, secure, and functioning global energy sector is paramount for security, economic prosperity, and public health and safety. A cyberattack can bring that to a halt, causing significant unplanned downtime that puts public infrastructure at risk and costs businesses millions through lost production and ransom payments.
Despite this, too many companies continue to ignore this threat because they have yet to be successfully attacked. This attitude can be a fundamental barrier to modernization, because the issue just gets kicked down the road – until an attack happens, and it’s too late. As the nature of attacks has shifted from remote to onsite, they have become even harder to detect. In many cases, malware forces companies to rebuild all IT systems.
The financial cost – as well as reputational damage – is very high. A 2024 IBM report found the average cost savings for organizations that used security AI and automation extensively in prevention versus those that didn’t was $2.2m.
Take, for example, the ransomware attack on Colonial Pipeline's systems in May 2021. The company supplies 45% of diesel, petrol, and jet fuel for US East Coast. They had to shut down all 5,500 miles of pipeline, which caused fuel shortages and panic buying in multiple states and paid $4.4 million in ransom. The incident revealed how a single cyber breach could cripple critical infrastructure and disrupt daily life for millions, highlighting the urgent need to strengthen cybersecurity defenses around industrial control systems and critical infrastructure. Which brings us to why OT modernization is an essential defence against attacks.
Modernization you can trust
At ABB, we recognize the importance of having a trusted partner to manage cyber security in the OT environment for our customers.
Our approach towards modernization is designed as a continuous process, ensuring systems stay updated with the latest patches and up-to-date versions of the DCS software. This protects your equipment from cyber risks that build in outdated software, while also avoiding the expensive risks and downtime associated with a complete system overhaul.
Many of our customers take a proactive approach to safeguarding operations and infrastructure, such as ENGIE. At its South Australian Pelican Point power station, we have built up 25 years of trust through developing, designing, and installing its control system. With that robust foundation already in place, we have strengthened ENGIE’s cyber resilience by upgrading the existing DCS software to the latest version and hosting Cyber Security workplace.
This proactive approach comes down to two things: having a trusted and experienced partner and recognizing that the cost of a cyberattack far outweighs the cost of modernization.
