An oil and gas engineer sitting at a computer terminal. Oil and gas infrastructure is uniquely vulnerable to cyberattacks, given its heavy reliance on operational technology (OT) that most cybersecurity tools are not designed to protect. (Shutterstock/Andrey_Popov)

Operation Epic Fury Exposes Security Detection Gaps in Oil and Gas Sector

Share this link on Facebook

Share this page on X (Twitter)

Share this link on LinkedIn

Share this page on Reddit

Email a link to this page

Tools used by information technology (IT) security providers to prevent cyberattacks often work poorly in defending operational technology (OT)—yet many companies use them for that purpose anyway.

The Trump administration continues to maintain that the United States and Iran are close to finalizing a peace deal that could reopen the Strait of Hormuz. Even if a deal is reached, Operation Epic Fury sheds new light on the threats that Iran could pose to US critical infrastructure.

Iranian hackers conducted a Pay2Key ransomware attack against US healthcare organizations earlier this year, followed by a separate attack that wiped data from medical device giant Stryker. The Cybersecurity and Infrastructure Security Agency (CISA) also issued a warning that Iranian-affiliated actors were targeting US water and energy systems.

Industry is responding, but there are still gaps.

A recent survey conducted for cybersecurity provider Tosi found that operational technology (OT) decision-makers in the American upstream and midstream oil and gas industry believe they can detect a cyberattack within the critical first 24 hours. However, even if the intrusion is detected, the survey concluded that most lack the tools to respond accordingly.

Operational Technology Is an Achilles........

© The National Interest