Editorial comment
According to the latest ‘Energy Cyber Priority’ report from DNV Cyber, published in January, energy companies are increasingly recognising cybersecurity as a critical priority, with 65% of energy professionals identifying it as the greatest risk to their business.1
Register for free »
Get started now for absolutely FREE, no credit card required.
The sector is boosting investment in cyber defences, with 71% of professionals expecting increased spending in this area. Notable progress includes stronger leadership awareness, enhanced employee training, and growing investment in operational technology (OT) cybersecurity, as the new digital technologies that underpin the energy transition also create new vulnerabilities.
The energy transition is broadening the industry’s exposure to cyber risks, with threats from state actors, cybercriminal gangs, and malicious insiders on the rise. Supply chains present a particular vulnerability, as many companies lack full visibility into the cybersecurity practices of their suppliers. Meanwhile, generative AI is enabling more sophisticated cyberattacks, prompting calls for greater innovation in training and skills development to counter evolving threats.
The report emphasises the need for the energy sector to double its cybersecurity efforts to safeguard physical infrastructure, secure supply chains, adapt to advanced threats, and leverage AI responsibly. Companies must prioritise OT security, enhance workforce skills, and innovate in training to remain resilient amidst growing geopolitical tensions and increasingly sophisticated adversaries.
In the keynote article for this issue of World Pipelines, Ian Bramson, Vice President of Global Industrial Cybersecurity, Black & Veatch, discusses how to confront cybersecurity challenges in pipeline operations (p. 8). Ian outlines how “the midstream industry remains plagued by fragmented regulations, legacy systems and an expanding attack surface. With the increasing convergence of OT and information technology (IT) and the proliferation of new digital tools, operators face challenges that are technical, logistical and cultural.”
It’s worth highlighting the broader implications of failing to address cybersecurity threats to midstream assets. The potential for cyberattacks to cause physical harm to infrastructure, disrupt energy supplies, and endanger public safety underscores the urgency for action. The interconnectedness of the global energy sector means that a breach in one region could have ripple effects worldwide, and this makes clear the importance of collective effort. Governments and industry must work together not only to safeguard oil and gas supply, and the work of the energy transition, but also to build trust with stakeholders and the public. The most secure version of our future will heavily rely on collaboration, regulation, and innovation.
Read Black & Veatch’s article for an understanding of the types of threats facing the pipeline sector, and the ways in which they are evolving. The piece paints a vivid picture of the realities of safeguarding pipeline infrastructure in 2025: “This isn’t just bureaucratic box-checking. It’s a wake-up call for an industry increasingly in the crosshairs of sophisticated threat actors”.
1. https://www.dnv.com/cyber/insights/publications/energy-cyber-priority-2025/
