The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
War, economic instability, external threats, and global politics affect the energy sector of a country or region. In addition, cyberattacks on critical infrastructure can cripple the strained energy market.
Europe is facing a severe energy crisis, and European governments are getting prepared for this winter by managing the demands and keeping energy reserves. The EU (European Union) also accelerated the work to improve critical infrastructure defence and resilience. This energy crisis is the outcome of Russia’s war in Ukraine (attacks on pipelines to disrupt the supply chain) and strict Russian policies towards European countries.
Cyberattacks on the energy sector
In addition to the physical challenges, the growing cyberattacks on the energy sector could worsen the energy crisis. According to Energy Security Sentinel, thirteen cyberattacks targeted energy infrastructure this year, making it the highest number of annual attacks over the last six years. Oil and electricity were the most vulnerable infrastructure, followed by gas and shipping.
The cyberattacks don’t only target critical European infrastructure. In 2021, the Colonial Pipeline in the United States was affected by the ransomware attack, which caused authorities to declare a regional emergency in 17 states and Washington, D.C.
The same year, Saudi Aramco – Saudi Arabia’s state oil giant, came under cyberattack. In that case, the hackers asked for $50m extortion money.
Why is the energy sector is a target for cyberattacks?
The energy sector is a lucrative target for financially motivated cybercriminals; they know the companies tend to be financially sound and can pay the heavy ransom to keep their operations running.
The economic activities of a country also rely on the energy sector; thus, a disruption can cause substantial damage. For example, a six-hour winter black-out in France could result in damages totalling over €1.5 billion ($.1.7 billion). It motivates state-sponsored hackers to target the opponent’s critical infrastructure to achieve political outcomes.
Despite the critical nature of the industry, the energy infrastructure is particularly vulnerable for three primary reasons:
- Large attack surface
- Lack of skilled professionals
- Digitalization and integration
Large attack surface
Attack surface refers to all the possible entry points into any system. The energy sector has a broad attack surface. Their attack surface includes distribution networks, supply chains, partners, powerlines, smart meters and so on. Generally, organizations don’t have the capability to monitor or tag their assets, which increases the risk and can leave unprotected doors of entry.
Lack of skilled professionals
People working in critical infrastructure are typically not equipped with the skills required to protect the infrastructure from cyberattacks. Even organizations investing in security products and solutions face the human resource problem, which makes them vulnerable.
Interestingly, the public and private sectors are joining forces to overcome the skilled professional supply problem. ENCS in Europe shares information and knowledge and is owned by grid operators. Similarly, the US House of Representatives passed a bill named “Industrial Control Systems Cybersecurity Training Act”, intending to give free ICS training to IT professionals.
Digitalization and integration
Though digitalization and IT integration facilitate critical infrastructure management and operations, they introduce several security risks. IT/OT convergence arguably raises security risks, such as unauthorized system changes and logic could put human life in danger. The security risk can be minimized by actively monitoring the systems, managing patching carefully and having skilled people protecting the network.
What to do?
The inevitable nature of digitalization could introduce more risks, and cyberattacks could become more frequent and organized. This in turn could worsen the energy crisis. Thus, leaders in the energy sector must build their systems to be cyber resilient and implement a business continuity plan.
Energy organizations must also consider a security by design approach while initiating any energy project, and they must also include cybersecurity leaders and experts on the project.
To achieve economic stability, protecting the energy sector from cyberattacks is vital. This requires organizations and governments to work closely in protecting the energy sector.