Energy

Industry Snapshot

The global energy industry represents over $3 trillion in annual revenue, spanning oil and gas, power generation, transmission, and distribution. It's designated "uniquely critical" by Presidential Policy Directive 21, with over 80% of infrastructure privately owned. Dragos identified 26 active threat groups targeting industrial organizations in 2025, with 3,300 impacted by ransomware. AI/GenAI spending by US oil and gas companies is projected to grow from <20% to over 50% of total IT budgets by 2029 (Deloitte).

Theme 1: OT/IT Convergence Security

What's happening: The boundary between IT and operational technology networks is dissolving as digitization accelerates. Dragos reports adversaries have moved beyond prepositioning to actively mapping control loops to manipulate physical processes. Only 30% of OT networks have visibility, and 56% of organizations can't see below the IT/OT boundary. NERC CIP-015 now mandates internal network security monitoring for the Bulk Electric System. TSA Pipeline Security Directives (post-Colonial Pipeline 2021) require network segmentation and continuous monitoring.

Key insight: Energy companies need defense in depth at the IT perimeter while specialized OT vendors (Claroty, Dragos, Nozomi) secure the operational technology environment. Cloudflare operates at the IT layer (Purdue Levels 4-5), complementing OT-native security at Levels 0-3.

Cloudflare mapping: Magic Transit protects control center data centers and public IP infrastructure from volumetric attacks. WAF and API Shield protect utility portals and trading platforms. Network Firewall with IDS detects ransomware lateral movement. Logpush provides audit trails for NERC CIP and TSA compliance.

Theme 2: Workforce & Network Modernization

What's happening: Energy companies operate thousands of remote sites (substations, well pads, compressor stations, offshore platforms) connected by expensive MPLS circuits ($500-2,000/month per site) and legacy VPNs. 66% of the oil and gas workforce operates in mechanically intensive roles requiring mobile access. Third-party contractors need time-limited access to specific systems without full network connectivity. A Forrester study found 90% reduction in VPN-related IT tickets and ~$5.2M connectivity savings with Cloudflare.

Key insight: The traditional hub-and-spoke VPN model was never designed for thousands of remote field locations with contractors needing temporary access.

Cloudflare mapping: Cloudflare WAN (WANaaS) replaces MPLS with encrypted tunnels. Cloudflare One Appliance enables site onboarding in hours. Access (ZTNA) replaces VPN with identity-based, device-posture-checked access. Browser Isolation protects control room workstations accessing external vendor portals.

Theme 3: AI & Digital Operations

What's happening: Early AI adopters in energy report 40% fewer equipment failures and $10M in annual savings from predictive maintenance (Deloitte). Over 1 billion smart meters are deployed globally (IEA), but utilities leverage only 2-4% of collected data. ExxonMobil is pursuing low-carbon data centers as a named business line, positioning itself at the intersection of energy supply and AI compute demand. Shadow AI is a major concern — employees using ChatGPT to process well log data, CEII (Critical Energy Infrastructure Information), and proprietary trading strategies without governance.

Key insight: AI adoption in energy is accelerating faster than governance can keep up. The risk isn't just data leaks — it's unvetted AI tools processing critical infrastructure information.

Cloudflare mapping: AI Gateway provides unified AI observability and cost controls. DLP scans AI prompts for CEII, well log data, customer PII, and trading strategies. CASB detects shadow AI usage. Workers enables edge IoT data processing. API Shield protects smart meter and DER management APIs.