Cyber attacks on the global energy industry have increased in recent years; between 2020 and 2022, the number of weekly cyberattacks more than doubled from 499 to 1101. And an attack on this sector can have far-reaching effects, perhaps more than any other industry. In most parts of the developed world, we take access to electricity for granted, however as almost everything we do requires power, when it disappears it can cause major disruption. 

Why is the energy sector a target?

As with most industries targeted by cybercriminals, data access is a key driver. However, unlike other sectors, energy attracts several different kinds of threat actors. In addition to your typical cybercriminals, nation-state actors have been known to target the energy infrastructure of other countries in an attempt to destabilise their security and economy. In addition, the sector is also vulnerable to hacktivists who want to promote their agenda or seek to oppose new utilities projects.

Not only are there several motives for targeting this sector, but the nature of the industry can leave it vulnerable. For example, decentralised locations and global supply networks offer a much bigger attack surface. Plus, there are gaps between operating infrastructure and IT networks which increase the risk of attack. 

Examples of attacks in this sector

There have been a few cyberattacks on this sector over the last few years, but the most high profile – and the largest on an oil infrastructure in US history – is the attack on the Colonial Pipeline. In May 2021, a pipeline system in the US that carries gasoline and jet fuel suffered a ransomware attack which impacted the computer-controlled equipment that managed the pipeline. The company halted operations to contain the attack, and paid the ransom of 75 bitcoin (USD 4.4m) within a few hours. 

Whilst they received the key, it took a long time to restore the system. This resulted in a shortage of fuel in many places and the issuing of a regional emergency declaration for 17 states to keep fuel supply lines open. Ultimately, the US government was able to recover around 84% of the original bitcoin payment, although its value in USD had decreased dramatically.

How should the energy sector protect itself?

Firstly, having the right people in place is crucial. Whilst companies are investing in cybersecurity – around 8% of their IT budgets – there aren’t enough skilled staff to support it. Across the global cybersecurity industry there are 3.4 million unfilled cybersecurity jobs. Tackling this skills gap could help. 

In addition to this, taking a more proactive (rather than reactive) approach to cybersecurity is key, so continuously gathering strategic intelligence on potential threats is important. Companies should also have an organisation-wide culture of security and there should be more industry-wide collaboration, particularly in sectors where there is a convergence of physical and digital threats, such as the energy sector.