Operation Epic Fury Reveals OT Security Gaps in U.S. Oil and Gas Sector

Severity: High (Score: 76.2)

Sources: Ien, Uk.Finance.Yahoo, Thecyberexpress, Industrialcyber.Co, www.prnewswire.com

Summary

Following Operation Epic Fury, an independent survey of 100 OT decision-makers in the U.S. oil and gas sector revealed a significant gap in cybersecurity capabilities. While 87% of operators expressed confidence in detecting cyberattacks within 24 hours, only 16% utilize continuous OT monitoring systems. The survey highlighted that 51% rely on IT security tools with limited visibility into OT environments, and 27% depend on field operators to notice anomalies. This discrepancy raises concerns about the sector's preparedness against state-sponsored cyber threats, particularly from Iranian-affiliated actors targeting critical infrastructure. The survey was conducted in April 2026, shortly after the February 28 launch of Operation Epic Fury, which has led to increased cybersecurity spending and urgency among operators. Ninety-four percent of operators are either approving or reviewing unplanned OT security funding, with expectations of budget increases over the next year. The findings underscore a pressing need for enhanced detection capabilities tailored to OT environments. Key Points: • 87% of oil and gas operators believe they can detect cyberattacks within 24 hours. • Only 16% of operators have the necessary continuous OT monitoring to support their confidence. • 94% of operators are increasing cybersecurity budgets in response to heightened threats.

Key Entities

• Data Breach (attack_type)
• Ransomware (attack_type)
• Operation Epic Fury (campaign)
• Finland (country)
• Iran (country)
• tosi.net (domain)
• Energy (industry)
• Government (industry)
• T1021 - Remote Services (mitre_attack)
• T1486 - Data Encrypted for Impact (mitre_attack)