Operation Epic Fury Exposes Critical OT Security Gaps in U.S. Oil and Gas Sector

The cybersecurity landscape for the U.S. oil and gas sector has faced intensified scrutiny following Operation Epic Fury. An independent survey has unveiled a significant gap between the confidence of operators in their cybersecurity measures and the actual capabilities of their operational technology (OT) security systems. Despite a surge in cybersecurity investments since the operation’s launch on February 28, many organizations appear to lack the necessary tools to effectively identify real-time cyber threats targeting OT environments.

Survey Insights: Confidence vs. Capability

Conducted on behalf of Tosi, the independent survey gathered insights from OT decision-makers across U.S. oil and gas operators. The findings revealed that while a majority of respondents believe they can detect an active OT cyber breach within 24 hours, they also acknowledged a heavy reliance on systems not specifically designed for monitoring OT infrastructure.

The survey data indicated that 87 percent of operators rated their confidence in detecting an OT breach within a day as high, giving themselves scores of four or five on a five-point scale. However, 51 percent of these operators admitted that their detection capabilities primarily depend on IT security tools, which offer limited visibility into OT-specific network traffic.

Furthermore, 27 percent of respondents indicated they would rely on field operators or technicians to manually identify irregularities, while only 16 percent reported using continuous OT monitoring as their primary method for cyber threat detection. Sakari Suhonen, CEO of Tosi U.S., highlighted this disconnect as a significant vulnerability for the energy sector in the aftermath of Operation Epic Fury.

“This is the most consequential blind spot in U.S. energy infrastructure right now,” Suhonen stated. “The sector has the budget, the executive attention, and the will to act. What it does not yet have is detection that actually sees OT. After Operation Epic Fury, that distinction is the difference between catching an intrusion in hours and finding out about it from a production outage.”

Rapid Increase in OT Security Investments

The independent survey was conducted in April 2026, roughly six weeks after the initiation of Operation Epic Fury. Researchers noted that the sector’s response has been unusually aggressive compared to previous cybersecurity cycles.

One of the most notable trends identified by OT decision-makers was a shift in perceptions regarding cyber risk. Sixty-three percent of surveyed operators stated that cyber risk is now higher than it was before February 28, with 13 percent describing the increase as significant. Key factors contributing to this heightened risk include the growing convergence of IT and OT systems, increased targeting of energy infrastructure by state-sponsored cyber actors, and an expanding reliance on third-party remote access technologies.

The survey also indicated that emergency cybersecurity funding is being deployed at a rapid pace. Ninety-four percent of operators reported either approving or actively reviewing unplanned OT security spending linked to the post-Operation Epic Fury threat landscape. Among the OT decision-makers surveyed, 95 percent expect OT cybersecurity budgets to increase over the next year, with one in four anticipating budget growth exceeding 20 percent.

Prioritizing Detection and Visibility

The survey findings suggest that OT decision-makers are increasingly prioritizing visibility and detection capabilities over traditional perimeter security tools. When asked to identify the most critical OT security capability to improve in the coming year, 22 percent selected continuous monitoring and anomaly detection, while another 20 percent pointed to OT-specific incident detection and response solutions.

Other priorities included asset discovery at 15 percent and OT-specific secure remote access at 14 percent. Collectively, detection, visibility, and remote access technologies accounted for 71 percent of all named priorities among surveyed OT decision-makers.

Despite these priorities, operational disruptions linked to cybersecurity incidents are widespread throughout the sector. According to the survey, 99 out of 100 operators reported experiencing at least one category of cyber incident since February 28. Ransomware affecting OT-connected systems impacted 48 percent of surveyed operators, while another 48 percent reported precautionary OT shutdowns triggered by incidents originating from the IT side of operations.

Human Challenges Hindering Progress

Even with the increase in cybersecurity spending following Operation Epic Fury, many organizations continue to grapple with internal operational barriers. The survey found that 45 percent of operators consider the cultural divide between IT and OT teams to be the most significant obstacle to faster cybersecurity improvements. Respondents noted that IT security personnel often lack the specialized expertise required to secure OT environments effectively.

Operational risk aversion ranked as the second-largest barrier at 28 percent. In contrast, only 11 percent of respondents identified budget constraints as a major challenge, marking a notable shift from previous industry research where financial limitations consistently ranked as the top concern for OT decision-makers.

These findings come amid ongoing warnings from federal authorities regarding Iran-aligned cyber activity targeting Western critical infrastructure following Operation Epic Fury. On April 7, six U.S. federal agencies—including the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Energy—issued a joint advisory confirming that Iranian-affiliated threat actors were actively disrupting programmable logic controllers across U.S. energy, water, and government sectors, leading to operational disruptions and financial losses.

The Railroad Commission of Texas subsequently issued a parallel warning to operators on April 10. According to Tosi, the independent survey represents the first dataset quantifying how the oil and gas sector is responding to the cybersecurity environment created by Operation Epic Fury.

Suhonen emphasized that the industry’s forthcoming decisions regarding OT security investments will be pivotal in determining whether organizations can close existing detection gaps or continue to reinforce systems that remain ineffective for OT environments.

“The next twelve months will see oil and gas spend more on OT security than in the previous several years combined,” Suhonen stated. “That spend will land in one of two places. It will close the detection gap with OT-native monitoring, asset visibility, and purpose-built secure remote access. Or it will deepen the IT-tool stack that operators have already told us they cannot see what they need it to see. The data is unambiguous about which path the market needs to take.”

Source: thecyberexpress.com

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.