Cyber Attacks on Energy Infrastructure

Policymakers are increasingly hearing concerns about the doomsday impacts of a coordinated “cyber Pearl Harbor” threat on U.S. soil (though some in the claim the threats are exaggerated).

But, what are the energy-sector cyber threat experiences so far?

On December 23, 2015, Ukrainian power companies experienced unscheduled power outages caused by a coordinated and synchronized cyber attack on three regional electric power distribution companies cutting off power to 225,000 customers. In addition to targeting remote infrastructure facilities, the company’s networks were also infected with malware delivered through spear phishing email, though it is unclear if the outages were connected to the malware infiltration.

Spear phishing is typically a fraudulent email appearing to be from a known entity that targets a specific individual or organization, seeking to obtain sensitive information or install malicious software.

Ransomware schemes usually involve insertion of a virus that encrypts files and locks up systems, and the virus developer demanding money in exchange for restoring the files or systems.

State-side, the threats are also very real.

U.S. Department of Homeland Security’s (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) tracks, assesses and responds to cyber incidents in the nation’s critical infrastructures, which includes energy and nuclear power assets.

In FY 2015, ICS-CERT responded to 295 cyber incidents, a 20 percent increase from FY 2014 with 97 incidents in the critical manufacturing sector, followed by 46 energy sector incidents and 25 water and waste water system incidents. Spear phishing represented 37 percent of total incidents reported to ICS-CERT, followed by network scanning and probing. For FY 2014, the energy sector topped DHS’ list of industrial sector cyber attacks with 79 of the 245 total reported incidents.

Tripwire, a digital security firm, commissioned a 2016 survey of 150 energy sector information technology (IT) professionals in the oil, natural gas and electricity sector, which found more than 75 percent has experienced at least one successful cyberattack in the past 12 month.

DHS believes low-level cyber-crime is the predominant activity against the energy sector, costing the sector billions in cybersecurity and insurance spending annually.  Some examples include:

On the other hand, there have been examples of hackers gaining control of critical (non-energy) U.S. infrastructure operating systems, keeping the energy sector fearful.

DHS intelligence assessment concludes the threat of a cyber attack that damages or disrupts critical energy infrastructure is low. Placing greater emphasis on what they label “cyber espionage”, such as insertion of malware (e.g. spear phishing and ransomware) to infiltrate systems and gain information that can be leveraged in the future.

Next up, I’ll be providing a brief look into U.S. efforts to combat these energy sector cyber threats.

Christina Simeone

Kleinman Center Senior Fellow
Christina Simeone is a senior fellow at the Kleinman Center for Energy Policy and a doctoral student in advanced energy systems at the Colorado School of Mines and the National Renewable Energy Laboratory, a joint program.