A cyber-attack targeting the major European oil refining hubs of Amsterdam-Rotterdam-Antwerp (ARA) in February 2022 has considerably disrupted the loading and unloading of refined product cargoes while the energy crisis is affecting all households and businesses. The disruption could see further cascading effects, with potentially larger societal and economic impacts across all European countries. This attack follows a similar incident on two German firms that led to minor disruption on petrol supplies in northern Germany.

The Top Four Cyber-Attacks

These attacks were not the only ones targeting the energy sector and will certainly not be the last ones. The sector has a long history of cyber-attacks. For example, in 2015, Russian hackers attacked the power grid in Ukraine, leaving 225,000 people in the dark. However, 2021 was the year that attackers increasingly targeted energy organizations around the world.

Colonial Pipeline, US

On May 6, 2021, Colonial Pipeline was hit with a ransomware attack by the Russian-based group DarkSide. DarkSide attacked Colonial Pipeline’s billing system, not its operational technology. But as a precaution, the company shut down its entire pipeline, which supplies 45% of all the gasoline and jet fuel consumed on the East Coast of the United States.

This shutdown had an immediate, direct, and far-reaching impact on the day-to-day lives of millions of people. Shortages at gas stations popped up across Alabama, Florida, Georgia, North and South Carolina, and Virginia. Gas prices climbed up; panic buying occurred. Airports and airlines were also affected. Colonial Pipeline paid the $5 million ransom, and the pipeline was turned back on. But one ransomware attack, directed at one company, had far-reaching consequences to a whole nation, its people, and its national security.

Volue ASA, Norway

The ransomware attack on Volue ASA occurred just before the Colonial Pipeline attack. In their case, the Norwegian energy company was targeted by Ryuk ransomware. The attack on Volue ASA was interesting in that it focused on encryption of files, databases, and applications only. This stands in contrast to the usual tactic of double extortion. According to Volue, no ransom was paid, and operations were restored after some time.

COPEL and Electrobras, Brazil

COPEL and Electrobras are state-owned Brazilian utility companies. In February 2021 DarkSide, the same ransomware gang responsible for the Colonial Pipeline attack extracted 1,000 GB of data from COPEL’s systems. At the same time, an unidentified ransomware gang struck at Electrobras. This led to both electricity providers disconnecting from National Interconnected System which helps to route electricity throughout the country.

Port of Houston, US

The Port of Houston is the biggest hub – commerce and energy – in the Gulf of Mexico. In August 2021, the Port “successfully defended itself” against an attempted cyber-attack. Attackers exploited a previously unknown vulnerability in password management software to break into one of the port’s web servers. If the compromise had not been detected, the attacker would have had unrestricted remote access to the Port’s network. With this unrestricted access, the attacker would have had numerous options to deliver further effects that could impact port operations.

Why do these attacks matter?

Ransomware attacks grew 150% in the past year and can cause considerable damage even in well-supplied and stable markets. In the energy sector, in particular, assets of critical infrastructure are becoming increasingly interconnected and increasingly vulnerable to a cyber-attack of widespread consequences. Just as every organ of the human body depends on a healthy heart, all the other sectors of critical infrastructure depend on the energy sector. These attacks can potentially disrupt critical infrastructures that deliver foundational support to current economies and functional societies.

Looking at the wider impact of a cyber-attack against an energy organization, should these attacks and the disruptions occur in a time of geopolitical crisis, they are increasing the chances of wider inadvertent political escalation. It is no wonder that these attacks were listed as one of the top three concerns of cyber leaders in the World Economic Forum 2022 Global Cyber Outlook report.

As cyber threats become more sophisticated, the current digital transformation across the industry exposes critical infrastructure and the entire energy supply chain to cyber risks with potential future safety and environmental impacts and disruptions to business operations. There is a clear need to secure legacy systems, inadequately protected due to rapid digitalization and their connection to the internet, despite such connectivity not being envisaged in their original design.

What can we learn from precedential attacks?

Protection against these cyber threats is increasingly challenging considering the growing attack surfaces, the sophisticated offensive cyber capabilities, and shortfalls in international cooperation. The energy sector faces three significant challenges:

  • The expansion and convergence of the digital threat landscape between IT and OT.
  • The rise and complication of supply chain attacks in securing global energy operating environments, where cyber hygiene is siloed, and responsibility is shared across diverse priorities.
  • The escalation of cyber-attacks in the industry threatens business operations and public safety, as stressed by 80% of cyber leaders on the Global Cyber Outlook report.

The industry should act now to mitigate future disruptions caused by cyber-attacks. The following guiding principles provide the first step to help energy leaders act on cyber resilience:

  • Establish a comprehensive cybersecurity governance model.
  • Promote security and resilience culture.
  • Increase the visibility of third parties’ risk posture and consider broader ecosystem impact.
  • Implement holistic risk management and defense mechanisms with effective preventive, monitoring, response, and recovery capabilities.
  • Prepare and test a resilience plan based on a list of predefined scenarios to mitigate the impact of an attack.
  • Strengthen international public-private collaboration between all stakeholders in the industry.

Be it for geopolitical or personal reasons, the attacks on power plants have gone up drastically in the past years. Don’t ignore the signs, make sure you are ahead of the curve to minimize the risk of you becoming a target. By establishing a key set of necessary tasks and developing a model where organizations can select services to meet their specific need and budget, ITEGRITI can provide ongoing compliance and cybersecurity advisory. To find out how, contact our experts.