• Secure Energy and Natural Resources from cyberattacks

    Stop account takeovers, drive compliance, and go passwordless
    Home » Industries » YubiKey for Energy and Natural Resources

    Modern, phishing-resistant authentication at scale
    for energy, utilities, oil and gas

    The YubiKey provides modern, phishing-resistant authentication at scale across legacy and modern Informational Technology (IT) and Operational Technology (OT) environments. Energy, utilities, and oil and gas entities can implement robust, easy-to-use authentication with the YubiKey, that secures critical applications, data, and infrastructure against ransomware attacks and other cyber threats that cause operational disruption to critical infrastructure.

    Webinar: Modernizing authentication across energy and natural resources to stop modern cyber threats

    Learn best practices to modernize cybersecurity across your critical IT and OT environments with Yubico solutions, to stop modern cyber threats and drive cyber insurance hygiene.

    energy workers

    Webinar: The role of modern authentication

    In honor of Earth Day, join Yubico and our esteemed panelists from Solvatten and Grist to discuss the incredible work that they are doing for society, along with how technology and cybersecurity enables them to act out their mission.

    Secure IT and OT environments with phishing-resistant MFA

    With critical systems and applications located across corporate environments, field environments, and remote locations, you need a cohesive and effective way to ensure your entire IT and OT environment is protected against unauthorized access. Legacy authentication such as usernames and passwords and mobile-based authenticators are highly susceptible to modern cyber threats.

    YubiKeys offer phishing-resistant two-factor, multi-factor, and passwordless authentication and work across legacy and modern IT and OT environments with multi-protocol support for OTP, Smartcard, FIDO U2F, FIDO2/WebAuthn, and OpenPGP. Secrets are stored in the secure element on the hardware security key and cannot be exfiltrated, unlike legacy MFA approaches. YubiKeys integrate seamlessly with existing IAM solutions such as Microsoft, Okta, Duo and Ping, while providing secure authentication for hundreds of applications and services.

    High durability for shared workstations, mobile-restricted environments and isolated networks

    In addition to offering low security, legacy authentication methods such as mobile-based authenticators aren’t suitable for mobile-restricted environments or isolated networks (air-gapped, SCADA), and are burdensome for field workers to carry in OT environments and remote locations such as plants, off-shore rigs, and remote vessels.

    Yubikeys come in an ultra portable USB form factor, offering a portable root of trust for field workers and employees in mobile-restricted and shared workstation environments. YubiKeys provide robust security across OT environments—they don’t require a battery or cellular connectivity, and are highly durable (IP68 certified)— dust proof, crush resistant, and water resistant. YubiKeys with NFC capability are ideal for use in ‘no spark’ or low voltage device environments.

    Securing energy and natural resources against modern cyber threats

    Learn the critical need for phishing-resistant multi-factor authentication (MFA) to safeguard this critical infrastructure.

    energy white paper image

    “One of the most common attack vectors in the power sector is phishing, or attacks launched via email asking users to click on a link that then injects malware into their systems, or via email asking for personal data to enable unauthorized network access.”

    Drive compliance to industry regulations

    The 2021 Colonial Pipeline hack led to an evolving compliance landscape including the White House Cybersecurity Executive Order #14028 mandating Zero Trust and impersonation-resistant MFA, and the TSA Security Directives 2021-01 and 2021-02 for Pipeline owners and operators, to implement special mitigation measures to protect against ransomware and other cyber threats.

    The FIPS 140-2 validated YubiKey is impersonation resistant and highly suitable for regulated environments. It meets NIST SP 800-63B Authenticator Assurance Level (AAL) 3 requirements, enabling energy, utilities, and oil and gas entities to comply with EO #14028, the TSA Security Directives, and other government regulations like Sarbanes-Oxley (SOX), the Federal Energy Regulation Commission (FERC), and North American Electric Reliability Commission (NERC) Critical Infrastructure Protection Standards.

    Secure your supply chain

    Reliance on supply chain vendors and outsourced partners require critical IP handoffs that can result in major vulnerabilities if your supply chain doesn’t follow the same Zero Trust and strong MFA approach. Weak links in the chain can lead to costly consequences such as disruption to normal operation, and national and regional critical infrastructure outages.

    Ensuring that your supply chain vendors and partners deploy strong MFA helps minimize your cyber risk, liability, and damage to your brand reputation. The YubiKey offers secure, convenient, and scalable security making it easy for you and your supply chain vendors to deploy strong authentication. With YubiEnterprise Delivery from Yubico, it’s easy for your supply chain to get security keys directly into the hands of their users.

    supply chain wp

    Protecting the supply chain with highest-assurance security

    Learn authentication best practices in securing supply chain integrity.

    YubiKeys as a Service enable faster and wider rollouts of modern MFA in 2023

    Watch this webinar to learn about how to procure YubiKeys as a Service with the new and expanded YubiEnterprise Subscription offering for greater business agility and predictability.

    Case in point:

    Securing critical infrastructure at an Asia-Pacific energy company


    As a leader in electricity distribution, retail and energy services they serve millions of customers within a major developed nation. Much of the responsibility for protecting operations from cybersecurity attacks falls to the Operational Technology (OT) Security Specialist, who faces different challenges to those who protect typical IT environments.

    YubiKey Solution:

    The OT Security Specialist was most attracted by how YubiKeys balanced security and usability while also not requiring the cost of additional software. YubiKeys secure all users who access the operational environment whether they are in the office or remote. Utilizing YubiEnterprise Subscription helped maximize their value by offering a simplified and flexible way to adopt strong phishing-resistant MFA quickly and smoothly.


    • Strong security to protect the OT environment 
    • Easily integrates with existing infrastructure, without requiring additional software
    • User-friendly solution for users 
    • Future-proofing authentication for regulations

    *Due to the sensitive nature of cybersecurity, they have requested their name be withheld.

    “My personal opinion is that they’re more convenient to use than a token off your phone, especially when your YubiKey is next to you. I don’t like having to grab my phone and look for an app to get a token out of it or unlock it to approve a request. It’s a lot quicker to just hit a button on the USB stick.”
    OT Security SpecialistAnonymous State-Owned Energy Company

    Risk reduction, business growth, and efficiency enabled by YubiKeys

    A recent Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Yubico found that a composite organization representative of interviewed customers who use YubiKeys reduced risk of successful phishing and credential theft attacks by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.

    BUT…. all organizations are different. Enter your own company data to create a custom Dynamic TEI study and instantly see how Yubico’s solutions can help your organization!

    TEI Forrester report

    YubiEnterprise Subscription: peace of mind and flexibility for less than a cup of coffee per user/month

    YubiEnterprise Subscription simplifies purchase and support while also providing financial benefits. Estimate your potential savings as compared to one-time perpetual purchasing model

    Learn more about the YubiKey

    Bridge to passwordless: separating fact from fiction
    lock on keyboard in color
    Securing critical assets in an ever-changing regulatory environment

    Accelerate your Zero Trust strategy

    array of logos

    Get started

    YubiKey 5 series

    Find the right YubiKey

    Contact our sales team for a personalized assessment of your company’s needs.

    Get protected today

    Browse our online store today and buy the right YubiKey for you.