IronNet Blog

Executive Commentary, Threat Research, and Analysis from the IronNet team.

The case for Collective Defense in the U.S. energy sector

America’s energy sector—including the oil and gas and electric power generation and transmission industries—has long faced significant threats in the cyber arena.  Four years ago,  the Idaho National Lab for the U.S. Department of Energy reported that “threats from malicious cyber attacks on the North American electric grid continue to grow in frequency and sophistication.”  

The report further noted that while “[t]here have been no reported targeted cyber attacks carried out against utilities in the U.S. that have resulted in permanent or long-term damage to power system operations thus far…electric utilities throughout the U.S. have seen a steady rise in cyber- and physical security-related events that continue to raise concern.”

And those threats remain just as significant today.  In 2019, the Director of National Intelligence used five specific examples of how enemies might attack the U.S. in cyberspace to describe the nature of the overall cyber threat landscape facing the country, a majority of which dealt with cyber threats to the energy sector.

Specifically, the DNI noted that “China has the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure—such as disruption of a natural gas pipeline for days to weeks—in the United States.”  The DNI also indicated that Russia is actively “mapping our critical infrastructure with the long-term goal of being able to cause substantial damage” and specifically “has the ability to execute cyber attacks in the United States that generate localized, temporary disruptive effects on critical infrastructure—such as disrupting an electrical distribution network for at least a few hours—similar to those demonstrated in Ukraine in 2015 and 2016.”

The DNI likewise noted Iran it is actively “preparing for cyber attacks against the United States and our allies” and is “capable of causing localized, temporary disruptive effects—such as disrupting a large company’s corporate networks for days to weeks—similar to its data deletion attacks against dozens of Saudi governmental and private-sector networks in late 2016 and early 2017.”

The bulk of the private sector attacks in Saudi Arabia during 2016-17 that the DNI analyzed were focused specifically on the energy industry.

Leaning in on energy sector cybersecurity

It is no surprise, then, that the U.S. energy sector leans forward when it comes to cyber defense.  Tom Fanning, the CEO of Southern Company and a member of the Cyberspace Solarium Commission, has said publicly that “the battles of the future will be fought on our nation’s energy infrastructure, telecommunication networks, and financial systems” and that, as a result, “collaboration between the private sector and government in protecting our American way of life [becomes] that much more vital.”  

We are bought into the vision of Collective Defense to better protect ourselves and our sector.

-Oil and gas sector CISO and IronNet customer

Indeed, the Cyberspace Solarium Commission recommended in its report that America adopt a “new social compact” for cyberspace, one built around the concept of Collective Defense in order to create to “truly shared situational awareness.”  Specifically, the Solarium Commission recommended that the government establish a Joint Collaborative Environment, “to shar[e] and fus[e] threat information, insight, and other relevant data across the federal government and between the public and private sectors.” According the Solarium Commission, the joint collaborative threat environment would help address the fact that relevant “data or information is not routinely shared or cross-correlated at the speed and scale necessary for rapid detection and identification.”

The idea of Collective Defense as a core building block of national level cybersecurity—for critical infrastructure sectors and other key parts of an economy—is a concept that IronNet’s key leaders have championed since they left government.

And Collective Defense is at the heart of IronNet’s IronDome solution.  IronDome is built around the idea of taking behavioral cyber threat intelligence and sharing it, in real-time, across multiple industry sectors and with the government to enable companies to work together and defend their enterprises collaboratively.

Increasing visibility through Collective Defense 

This idea of exponentially increasing their visibility into the threat landscape is exactly why the chief information security officer of one of IronNet’s major U.S. energy sector customers noted that they were “fully bought into the vision of collective defense…[as a] vital goal for our sector and the nation.” Indeed, another major IronNet energy sector customer’s chief security officer said that his company’s “bet is on IronNet's vision and team,” while yet another energy sector CISO asserted that “if anyone can develop a meaningful partnership and information exchange with the US Government, IronNet is best positioned to achieve it.” Likewise, the CISO of one of IronNet’s key customers in the oil and gas sector noted that his company had “bought into the vision of collective defense to better protect ourselves and our sector” and that IronNet’s work was “complementary” to their other efforts, including working with the industry ISAC.

As these threats mount—whether in the energy industry or others—IronNet continues to innovate by leading the Collective Defense movement. 

Webinar Title Collective Defense: The CISO PerspectiveListen as Tom Wilson, CISO of Southern Company, shared his perspective on the biggest challenges the energy sector is facing, and how his organization is responding with a Collective Defense approach.