U.S. oil and gas sector faces OT security challenges post-Operation Epic Fury

The U.S. oil and gas sector's cybersecurity posture is under renewed scrutiny following Operation Epic Fury, with a new survey from Tosi revealing a significant gap between operator confidence and actual operational technology (OT) security capabilities. While investments have accelerated, many organizations may still lack the necessary tools to identify real-time cyber threats targeting OT environments, The Cyber Express reports.

The Tosi survey of OT decision-makers in the U.S. oil and gas sector found that 87% of operators are confident in detecting an OT breach within 24 hours. However, over half rely primarily on IT security tools with limited visibility into OT networks, and 27% depend on manual detection by field staff. This reliance on inadequate systems creates a major vulnerability, especially after Operation Epic Fury, which has heightened awareness of cyber risks. Sixty-three percent of operators now perceive cyber risk as higher than before February 28.

The sector is rapidly increasing cybersecurity spending, with 94% of operators reviewing unplanned OT security investments. Key priorities for improvement include continuous monitoring, anomaly detection, and OT-specific incident response. Despite increased spending, cultural divides between IT and OT teams remain the largest obstacle to progress, with operational risk aversion also cited as a significant challenge. This comes amid federal warnings about Iran-aligned cyber activity targeting critical infrastructure, including programmable logic controllers in energy and water sectors.

Source: The Cyber Express