Cybersecurity in the Energy Sector

The Issue of Cyberattacks on the Energy Sector

Cybersecurity is a critical topic in the global energy supply network because cyberattacks pose significant damage to various domains of modern life. Cybersecurity can be defined as protecting cyberspace, the infrastructure that stores and transfers information, from malicious cyberattacks (Leszczyna, 2019). Methods of cyberattacks include phishing, attacking exposed servers, social engineering, piggybacking the virtual private network, overcoming firewalls, and compromising domain controllers (Ani et al., 2017). Malicious attacks to this sector can be aimed at disrupting or changing the smart grid resources and non-specific attacks that extract data without altering it, active and passive, respectively (Massel & Gaskova, 2018; Mengidis et al., 2019). Moreover, the complexity and interconnectedness of the current infrastructure in the U.S. make it vulnerable even to minor attacks because the disruption of one element can lead to the disturbance of the entire system (United States Government Accountability Office, 2021). For example, an accidental power disruption on a chemical plant in Plaquemine, LA, in 2016 caused chlorine release into the environment (McGreight, 2018). Intentionally caused blackouts on such plants by cyberattacks can lead to catastrophic outcomes for citizens, putting the normal functioning of American society at risk.

Power interruption can threaten the national security of the country, communications, transportations, and healthcare. Indeed, the energy sector is at greater risk of active attacks, including hybrid attacks, coordinated attacks, and Advanced Persistent Threats (Leszczyna, 2019). Examples of potential cyber threats for power grids are unauthorized access to electricity consumption measurements, altering the schedule of the power-generating unit, and electricity market attacks (Dagoumas, 2019). However, the most significant danger is imposed on Industrial Automation and Control Systems (IACS), the core element of the smart grid that controls operations between a center and distant site (Leszczyna, 2019). The weaknesses of IACS include the use of hardcoded passwords, ladder logic, and the absence of authentication, which make the smart grid components vulnerable to cyber-invasion (Leszczyna, 2019). The dimensions of the U.S. energy sector are vast, consisting of 7,000 power plants and millions of small electricity distributions lines, making it the potential target for future attacks (Smith, 2021). Therefore, examples from other countries should be analyzed to develop a coordinated response and prevent similar situations in the American energy sector.

Examples of Cyberattacks in the U.S. and Globally

Organizations and governments worldwide are concerned with the cybersecurity issue in the energy sector. Although mass casualty incidents such as shootings and explosions are threatening and can cause thousands of lives to be lost, cyberattacks are equally damaging for people (Hodgson, 2021). For example, according to the Center for Strategic and International Studies (CSIS) (n.d.), North Korean malware was detected in Indian power plants in October 2019. Another example is the espionage campaign against Vietnamese energy and defense sectors reported by researchers in September 2019 (CSIS, n.d.). Eastern European hackers were found to breach the security of energy sectors in several developed countries in July 2014 (CSIS, n.d.). Moreover, more than 200,000 Ukrainians were left without electricity because of the 2015 cyberattack on three power grids (De Peralta et al., 2020). Moreover, a technical alert was released by the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS) in March 2018 about Russian cyberattacks against American energy, aviation, water, manufacturing, and nuclear sectors (CSIS, n.d.). The FBI released a similar warning one year prior, demonstrating that various American industries are at high risk of external attacks in cyberspace.

One of the cyberattacks violated the integrity and confidentiality of several Norwegian companies. Specifically, Norway announced that ten of its energy corporations were subjected to hacker attacks in 2011, resulting in the leak of confidential information (CSIS, n.d.). According to CSIS (n.d.), the cyberattacks employed an email phishing scheme to gain access to internal usernames and passwords, industrial data, and private documents. Although the exact motivation and responsible parties for these accidents were not identified, this event showed the unpreparedness of the Norwegian defense system for cyberattacks. The incidence of these attacks will likely increase because the advancement of technologies resulted in the rapid development of cyberthreats, expanding the possibilities for hackers to retrieve confidential information for malicious purposes.