Secure Energy and Natural Resources from cyberattacks

Stop account takeovers, drive compliance, and go passwordless
Read the solution brief >
electrical lines

Modern, phishing-resistant authentication at scale
for energy, utilities, oil and gas

The YubiKey provides modern, phishing-resistant authentication at scale across legacy and modern Informational Technology (IT) and Operational Technology (OT) environments. Energy, utilities, and oil and gas entities can implement robust, easy-to-use authentication with the YubiKey, that secures critical applications, data, and infrastructure against ransomware attacks and other cyber threats that cause operational disruption to critical infrastructure.

Webinar: Modernizing authentication across energy and natural resources to stop modern cyber threats

Learn best practices to modernize cybersecurity across your critical IT and OT environments with Yubico solutions, to stop modern cyber threats and drive cyber insurance hygiene.

Watch now >
energy workers
Secure IT and OT environments with phishing-resistant MFA

With critical systems and applications located across corporate environments, field environments, and remote locations, you need a cohesive and effective way to ensure your entire IT and OT environment is protected against unauthorized access. Legacy authentication such as usernames and passwords and mobile-based authenticators are highly susceptible to modern cyber threats.

YubiKeys offer phishing-resistant two-factor, multi-factor, and passwordless authentication and work across legacy and modern IT and OT environments with multi-protocol support for OTP, Smartcard, FIDO U2F, FIDO2/WebAuthn, and OpenPGP. Secrets are stored in the secure element on the hardware security key and cannot be exfiltrated, unlike legacy MFA approaches. YubiKeys integrate seamlessly with existing IAM solutions such as Microsoft, Okta, Duo and Ping, while providing secure authentication for hundreds of applications and services.

High durability for shared workstations, mobile-restricted environments and isolated networks

In addition to offering low security, legacy authentication methods such as mobile-based authenticators aren’t suitable for mobile-restricted environments or isolated networks (air-gapped, SCADA), and are burdensome for field workers to carry in OT environments and remote locations such as plants, off-shore rigs, and remote vessels.

Yubikeys come in an ultra portable USB form factor, offering a portable root of trust for field workers and employees in mobile-restricted and shared workstation environments. YubiKeys provide robust security across OT environments—they don’t require a battery or cellular connectivity, and are highly durable (IP68 certified)— dust proof, crush resistant, and water resistant. YubiKeys with NFC capability are ideal for use in ‘no spark’ or low voltage device environments.

Securing energy and natural resources against modern cyber threats

Learn the critical need for phishing-resistant multi-factor authentication (MFA) to safeguard this critical infrastructure.

Read now >
energy white paper image
“One of the most common attack vectors in the power sector is phishing, or attacks launched via email asking users to click on a link that then injects malware into their systems, or via email asking for personal data to enable unauthorized network access.”
Drive compliance to industry regulations

The 2021 Colonial Pipeline hack led to an evolving compliance landscape including the White House Cybersecurity Executive Order #14028 mandating Zero Trust and impersonation-resistant MFA, and the TSA Security Directives 2021-01 and 2021-02 for Pipeline owners and operators, to implement special mitigation measures to protect against ransomware and other cyber threats.


The FIPS 140-2 validated YubiKey is impersonation resistant and highly suitable for regulated environments. It meets NIST SP 800-63B Authenticator Assurance Level (AAL) 3 requirements, enabling energy, utilities, and oil and gas entities to comply with EO #14028, the TSA Security Directives, and other government regulations like Sarbanes-Oxley (SOX), the Federal Energy Regulation Commission (FERC), and North American Electric Reliability Commission (NERC) Critical Infrastructure Protection Standards.

Secure your supply chain

Reliance on supply chain vendors and outsourced partners require critical IP handoffs that can result in major vulnerabilities if your supply chain doesn’t follow the same Zero Trust and strong MFA approach. Weak links in the chain can lead to costly consequences such as disruption to normal operation, and national and regional critical infrastructure outages.

Ensuring that your supply chain vendors and partners deploy strong MFA helps minimize your cyber risk, liability, and damage to your brand reputation. The YubiKey offers secure, convenient, and scalable security making it easy for you and your supply chain vendors to deploy strong authentication. With YubiEnterprise Delivery from Yubico, it’s easy for your supply chain to get security keys directly into the hands of their users.

supply chain wp

Protecting the supply chain with highest-assurance security

Learn authentication best practices in securing supply chain integrity.

Read now >

Case in point:

Securing critical infrastructure at an Asia-Pacific energy company

Situation:

As a leader in electricity distribution, retail and energy services they serve millions of customers within a major developed nation. Much of the responsibility for protecting operations from cybersecurity attacks falls to the Operational Technology (OT) Security Specialist, who faces different challenges to those who protect typical IT environments.

YubiKey Solution:

The OT Security Specialist was most attracted by how YubiKeys balanced security and usability while also not requiring the cost of additional software. YubiKeys secure all users who access the operational environment whether they are in the office or remote. Utilizing YubiEnterprise Subscription helped maximize their value by offering a simplified and flexible way to adopt strong phishing-resistant MFA quickly and smoothly.

Result:

  • Strong security to protect the OT environment 
  • Easily integrates with existing infrastructure, without requiring additional software
  • User-friendly solution for users 
  • Future-proofing authentication for regulations

*Due to the sensitive nature of cybersecurity, they have requested their name be withheld.

Read the case study
“My personal opinion is that they’re more convenient to use than a token off your phone, especially when your YubiKey is next to you. I don’t like having to grab my phone and look for an app to get a token out of it or unlock it to approve a request. It’s a lot quicker to just hit a button on the USB stick.”
OT Security SpecialistAnonymous State-Owned Energy Company

Risk reduction, business growth, and efficiency enabled by YubiKeys

Read the Forrester Consulting study commissioned by Yubico and see how a composite  organization reduced risk by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.

Read now
TEI Forrester report

YubiEnterprise Subscription: peace of mind and flexibility for less than a cup of coffee per user/month

YubiEnterprise Subscription simplifies purchase and support while also providing financial benefits. Estimate your potential savings as compared to one-time perpetual purchasing model

Learn more about the YubiKey

Bridge to passwordless: separating fact from fiction
Download white paper >
lock on keyboard in color
Securing critical assets in an ever-changing regulatory environment
Read ebook >

Accelerate your Zero Trust strategy
Download white paper >
array of logos

Get started

YubiKey 5 series

Find the right YubiKey

Contact our sales team for a personalized assessment of your company’s needs.

Contact sales
Get protected today

Browse our online store today and buy the right YubiKey for you.

Buy now