Cyber Security Threats in the Energy Sector

Cyber Security Threats in the Energy Sector


Krutika Patil

While speaking at an informal briefing of the UN General Assembly, UN Secretary-General Antonio Guterres mentioned the 'Four Horsemen' in reference to the 'Book of Revelation' that symbolizes the evil that will lead to the end of the world. The fourth horseman or the fourth threat according to him is the dark side of the cyber world. As defined by Joseph S. Nye, the cyber domain “includes the Internet of all networked computers but also intranets, cellular technologies, fiber optic cables, and space-based communications. Cyberspace has a physical infrastructure layer that follows the economic laws of rival resources and political laws of sovereign justification and control.” An attack on the cyberspace is when there is a deliberate and malicious attempt to sabotage a computer network system that looks after critical infrastructure.

Cyberattack is seen as an 'asymmetric weapon' and hence the understanding of cybersecurity threats is difficult because of the blurred lines on who can be termed as perpetrators and what norms should apply to this space. The perpetrators can be state-sponsored entities, terrorist organizations, nationalist militants, insiders, or hackers who hide under the cloak of internet anonymity. This leads to a further complication of agreeing to common norms, rules, and definitions on what constitutes an offense, defense, and escalation in cyberspace.

New Age Knot of Technology and Energy Sector

One area that needs immediate attention of cybersecurity is the energy sector. With the rise of developing countries around the world, energy demand has increased exponentially. To satisfy this demand, ICT technologies are being integrated into the energy sector to yield efficiency. The energy sector’s critical infrastructure consists of electric grids, pipelines, production industries, nuclear facilities, and virtual power plants. The boom in the Internet of Things (IoT) has allowed the components of these critical energy infrastructures to be interconnected using ICT technologies. This has increased the risks of cyber attacks on these systems due to the complexity involved in dealing with the hardware and software interface that sometimes are vulnerable to DDoS and malware attacks that lead to actual physical damage to the system. According to a report from Symantec, the energy sector was the second most targeted sector in the cyber realm and a McAfee report of 2015 reported a loss of $15 billion in the energy sector due to cyber attacks.

Apart from the obvious physical and financial damage, the cyber threats on the energy sector are also politically motivated. It is difficult to define cyber-terrorism but the main agenda of terrorist activity is to instil fear while causing maximum damage and since energy is the lifeline of an economy, this type of cheap and safe attack is preferred. Even though terrorist organizations like Al-Qaida and ISIS are using the cyberattack as a tool to push their agenda, it is powerful states like the US, Russia, Israel, and China who dominate the cyberspace that have offense-defense capabilities.

Geostrategic Implications

To make sense of how cyber-attacks shape the energy sector, it is crucial to understand the role of various actors (state, non-state) in this space over the years. Energy-rich Middle East is at the core of using cyberattacks as a weapon to target critical energy infrastructure. It is particularly worrisome due to the integration of ICT capabilities with nuclear facilities. This interdependence if allowed to be exploited could lead to a global catastrophe. Recently, it was reported that an Israeli cyber group has allegedly carried out a cyberattack on Iran's nuclear facility 'Natanz’ that caused a fire leading to an explosion that harmed the uranium enriching capacity of the nuclear facility. This attack was in retaliation to Iran’s foiled cyber attack on Israel’s water infrastructure. Interestingly, in 2010, the Stuxnet virus which was a collaboration between the US and Israel infected the Natanz nuclear facility in Iran causing 1,000 centrifuges to spin out of control that caused severe physical damage and delayed the uranium enriching program by several months. After the 9/11 attack in the US, the power dynamics between great powers and Middle Eastern countries have established energy resources as strategically important resources.

Terrorist organizations and militant groups specifically attack energy infrastructure. Physical attacks like the 2006 attack on Syrian Nuclear facility by Israeli forces and 2019 drone attacks on Saudi Aramco’s oil processing facility by Houthi rebels along with cyber-attacks have left the energy sector vulnerable and the ripple effect of this can be observed worldwide especially in terms of fluctuating crude oil prices. Nefarious elements prefer cyber attacks over physical attacks because they are cheap, efficient and it is easier to dodge accountability. The 2012 cyber-attack on Saudi Aramco infected about 50,000 computers through the 'Shamoon’ virus that shut down all corporate operations for a week. It is reported that after the 2010 Stuxnet incident; Iran, Israel, Saudi Arabia, and the US were experiencing as much as 20,000 cyberattacks per day on their critical infrastructures. The US accused Venezuela and Iran of conspiring to plan attacks on American nuclear power plants in 2012. The same year Qatar’s natural gas company, ‘RasGas' faced a cyber attack that caused operational difficulty. The post 9/11 world shaped how cyberspace was conceptualized as a battlefield for not only states but also non-state actors especially in the Middle East.

The first instance of a ‘cyberwar' was the 2007 Russian DDoS attack on Estonia that interrupted access to various essential services to Estonians. In 2015, Russia gained access to some electric grids of Ukraine that led to power blackouts affecting thousands of civilians. There seems to be steady growth in attempts to penetrate power grids as gaining control of such critical infrastructure can cause serious damage. For example, hacking power grids on the day of election can impair the elections and cause chaos. Therefore, it becomes imperative to have a proper safety mechanism in place due to national security issues. Major powers like the US, Russia, and China have already employed cyber capabilities in warfare capabilities. North Korea has engaged in multiple instances on what can be called 'cyber terrorism' and has primarily attacked the critical energy infrastructure of South Korea.

Hacking organizations like Anonymous and DragonFly along with radical green agenda groups like Deep Green Resistance and Fertile Ground have engaged in cyberattacks on oil corporations that are hostile towards the environment. This is an example of how two drastically different schools of thoughts fight within the same sector for dominance and influence. More often cybersecurity threats in the energy sector are because of human error, for instance, in 2013 some power grids in Germany and Austria collapsed due to human error by inputs of wrong control commands that caused a blackout lasting for several hours. Viruses and malware like Stuxnet, Night Dragon, Dugu, Havex, and Wannacry latch on to unpatched systems that run on outdated software. They further infect command and control functions like Supervisory Control and Data Acquisition (SCADA) and Programmable Logic Control (PLC) that are paramount to the functioning of these integrated energy systems. The examples above are a testimony to how the energy sector remains extremely vulnerable and needs focus for its centralized needs.

The Need of the Hour

Even though the idea of perfect protection isn’t feasible, necessary steps can be taken to enhance deterrence capabilities. In terms of security for critical energy infrastructure, more emphasis is given to physical security rather than cybersecurity. This may be because of a lack of dialogue between the private and public sectors on the issue of cyber literacy. The industry, government, and academia need to work together to formulate a comprehensive strategy to tackle this issue. Transparency, training, innovation, and collaboration should drive the agenda for policy development in the energy sector's security. In India's case, the National Critical Information Infrastructure Protection Centre(NCIIPC) is the nodal agency to look into matters of critical energy infrastructure.

Apart from public-private collaboration in the domestic realm, international cooperation should also be given preference. The Wassenaar Agreement, the International Corporation for Assignment Names and Numbers (ICANN), and the UN's GGE report on cybersecurity work extensively in this domain on an international level. Some out of the box and creative strategies can also be engaged with to identify cyber-attacks (or attacks in general) in the energy sector. For example, Osama Bin Laden used insider information to buy stock in bulk in the energy and air transport sector before the 9/11 attack. Intelligence tactics can be used to keep an eye on suspicious spike in indicators in the stock market to predict possible attacks. The energy sector is getting increasingly vulnerable to cybersecurity threats as new technologies take center stage. Of course, these technologies can't be dismissed but should be utilized in a way that serves the 'demand' purpose while keeping the sector safe. It is only through continuous dialogue between all the stakeholders that these issues can be resolved if not completely terminated.

Krutika Patil is a Master’s student at the School of International Studies, Jawaharlal Nehru University, New Delhi