Russian cyber-attacks within the energy sector as an example of awareness raising
The increasing digitalisation of our energy systems, from power plants to end users, has significantly improved efficiency and flexibility, but at the same time increased vulnerability to cyber-attacks [2]. In the most severe cases, hackers can take down vital infrastructure, leading to loss of control over systems, physical damage, and large-scale service interruptions. The financial and operational consequences of such cyber-attacks are significant, with millions to billions of dollars of damage to power companies and society as a whole [3]. This article examines the emerging threat of cyber-attacks in the power sector and explores the reasons behind them. The explanation includes the economic importance, extensive infrastructure, digitalisation, and complexity of the decentralised sector. It also highlights the global shortage of cybersecurity expertise and the need for a holistic approach to strengthen cyber resilience.
A series of recent incidents have highlighted the vulnerability of the sector [2]. In 2015, a year after Russia’s annexation of Crimea, a successful cyber-attack was carried out on Ukraine’s power grid [3] [4]. The hacker group Sandworm took out 30 electrical substations, leaving more than two hundred thousand people without electricity for up to 6 hours [3] [4]. Beyond that, just before the start of the ground invasion in 2022, Russia had deployed malicious software that disrupted the Viasat satellite system, resulting in the temporary failure of more than thirty thousand internet connections across Europe and affecting five thousand wind turbines [5]. To this day, Ukraine’s defence is under siege from Sandworm [6]. Beyond that, not only Europe but also the United States has suffered from recent cyber-attacks. In 2021, Russian hacker group DarkSide launched a ransomware cyber-attack on the Colonial Pipeline in the US [1]. The oil and gas pipeline system plays a role in transporting refined petroleum products from Gulf Coast refineries to markets in the southern and eastern US. Within hours, they shut down the infrastructure, which is responsible for about half of the motor fuel consumed on the east coast of the US. The consequences were far-reaching, ranging from rising prices to panic buying at fuel stations and ultimately the payment of millions of dollars in Bitcoin as ransom [1].
These incidents highlight the growing threat of cyber-attacks and their profound economic impact on the energy industry and society as a whole [1]. According to the World Economic Forum’s 2020 Global Risk Report, cyber-attacks are among the top 10 global risks in terms of likelihood and impact [3]. For electricity systems, the threat from cyber-attacks is significant and growing. Figure 1 shows this growth, based on research by the International Energy Agency (IEA) [3].
Research on cyber security in the power sector
Det Norske Veritas (DNV) is a classification society and technical consultancy within the energy sector [1] [9]. The Norwegian organisation provides practical advice in more than 100 countries to various industries, such as maritime, oil and gas, renewable energy, and electrification. DNV identifies cyber risks, builds defences, recovers after attacks, and unites stakeholders in security programmes [1] [9].
Although DNV’s ambitions ensure safety and security, the Colonial Pipeline incident shows that their protocols are not foolproof [1]. With the aim of examining the strengths and weaknesses of their security technology and procedures, DNV releases their Cyber Priority report annually. Their report published in 2022 examined the global state of cybersecurity in the energy sector through interviews and surveys completed by 948 energy professionals, including leaders and security experts within the energy industry. The survey focuses on executives’ perceptions of the cyber threats facing their companies, and their strategies for managing this evolving threat. The results of this report are discussed below [1]. In addition, the International Energy Forum (IEF) and the International Energy Agency (IEA) provide additional explanations of energy sector vulnerabilities [7]. The IEF represents an international group of energy ministers from 72 countries. They act as impartial mediators and honest negotiators with the authority to address various energy-related issues [7]. The IEA and the IEF join forces by working together [8].
Why the energy sector is facing cyber attacks
First, vulnerability can be explained in the connectedness and widespread distribution of the energy sector [2]. The Colonial Pipeline incident showed that the energy sector is the backbone of economic activity: a single failure in energy infrastructure can lead to a cascade of economic disruptions [2]. Second, increasing digitalisation is pervasive [3]. An increasing number of connected devices and distributed energy resources increases the potential for cyberattacks on power systems. A successful attack on a well-defined part of a network will already relatively quickly translate into a cascade of damage to connected devices [3] [4]. In addition to this complex infrastructure, the industry is highly decentralised [2]. In other words, the industry is highly geographically spread out, which increases the affected area for cyberattacks [2]. Furthermore, logistics chains exhibit a higher degree of complexity, often involving third and fourth parties. The cyber security systems and processes of these actors are more difficult to assess, creating potential vulnerabilities [1].
In addition, there is a global shortage of implemented cyber security expertise [1]. With the advent of increasing digitalisation of industrial processes, companies began to see the benefits of integrating OT (operational technologies) and IT (information technologies). By connecting OT and IT, real-time data can be collected with the aim of managing and optimising industrial processes more efficiently at lower costs. The report shows that there is a shortage of experts who understand both the technical aspects of operational systems and information systems, which further complicates industry security. If specialists are on site, it usually proves no easy task to effectively convey awareness to decision-makers within the organisation. This can lead to a lack of proactive approach to cybersecurity by business leaders [1]. Finally, a holistic approach is required [3]. Policymakers, regulators, system operators and all external stakeholders across the electricity value chain all have important roles to play in alerting blind spots and strengthening cyber resilience. It is essential to integrate resilience technologies and protocols into the organisational culture rather than treating them as a separate, technical issue [3].
Conclusion
Cyberattacks are among the top 10 global risks in terms of both likelihood and impact, according to the World Economic Forum’s Global Risk Report 2020. The Sandworm cyberattacks, the Viasat satellite system incident and the Colonial Pipeline incident highlight the need for better cyber security. DNV, as a classification society and technical consultancy, plays a role in ensuring the security of the industry. DNV’s Cyber Priority report and research by the IEF and IEA identify weaknesses in security technologies and protocols. The energy sector is vulnerable because of its economic importance, digital connectivity, high degree of decentralisation, and the complexity of logistics chains. Furthermore, there is a global shortage of cybersecurity expertise, including specialists within IT as well as OT. A holistic approach appears necessary for a secure and sustainable energy supply. Indeed, awareness among all stakeholders throughout the chain is essential to create a secure and resilient energy infrastructure.