Cyber-related risks to the energy sector can be minimised by strategic intelligence gathering on potential threat actors
Debopama Bhattacharya
The US fuel pipeline operator, Colonial Pipeline, was hit by a cyber-attack on May 9 which led to the shutdown of supplies in states like Washington, Baltimore and Atlanta. The Federal Bureau of Investigation (FBI) on May 10 confirmed that the ‘DarkSide’ group of hackers was responsible for the attack.
While analysts pointed out that a prolonged shutdown of operations could lead to a further hike in fuel prices, Colonial Pipeline on May 15 announced that it had returned to its normal operations and was focussed on the safe and efficient restoration of its pipeline system.
The FBI has been investigating the DarkSide group since last October, after repetitive attacks on organisations using the same modus operandi. Reports notes that at least 90 utilities were impacted, including companies like Brookfield, OneDigital and Gyrodata, among others.
DarkSide brazenly maintains a list of all the companies it has hacked and the information on the data it has stolen, openly on its website on the dark web. The group of hackers had released a new software in March that can encrypt data even faster. The hackers work with ‘access brokers’ – cyber-criminal gangs who steal and sell personal data to the highest bidders on the dark web.
US President Joe Biden has vowed to raise the issue of the pipeline cyber-attack with President Vladimir Putin, although there is no evidence of state involvement. Biden signed an executive order (EO) on May 13 to encourage improvements in digital security standards across the private sector and better equip federal agencies with cybersecurity tools.
As per latest reports meanwhile, Colonial Pipelines paid a ransom amount of nearly $5 million to the hackers in cryptocurrency. Even as the hackers provided the decrypting tool for restoration of the networks after the payment, the company had to reportedly use its own backups since the decrypting tool was too slow. The FBI stated that paying ransom encourages cyber criminals to repeat their crimes on other organisations or more likely on the same organisation.
This incident has once again exposed the vulnerable nature of critical infrastructure to cyber-attacks. Given the geographically dispersed energy infrastructure, successful cyber-attacks on it have cascading, negative effects. Increased digitisation in recent times, undertaken to smoothen the complex operational and organisational requirements, have paradoxically opened up more opportunities for cyber criminals.
The various components used to monitor the flow of gases through the pipelines, for instance, like pressure sensors, valves, thermostats and pumps, are mostly controlled by centralised computers systems. Interconnected systems and networks are vulnerable to malicious attacks and in turn can affect the functioning of the pipelines.
According to a report by Siemens, 18 per cent of the global utilities sector use high technology like AI and big data analysis. Colonial Pipeline, for instance, also uses high technology inspection robots, controlled digitally, that check for anomalies if any. Such assets increase the number of potential entry points through which malicious attacks can take place.
In February 2021, an attempt was made by a hacker in Florida to tamper with the chemical levels in the drinking water supply of the city. The hacker had gained access to the water system through the control system of the water treatment plant using a remote access program. The hacker then tried to increase the levels of sodium hydroxide to dangerous levels. The attack was detected by a supervisor monitoring the computer system who reversed the chemical levels as soon the hack was detected, averting a crisis.
Data theft and ransomware are some of the most typical threats faced by the utilities in the critical infrastructure sector. Such attacks result in loss of productivity, revenue and disruption of utility services. The Spanish electric utility, Iberdola, Brazilian oil company, Petrobras, among others have been victims of ransomware in the past causing major disruptions in their services.
Ransomware poses risks to critical infrastructure beyond the energy infrastructure. In 2020, over 500 incidents of ransomware attacks in the US on healthcare facilities, for instance, were detected. These attacks took advantage of the prevailing pandemic situation, which makes victims more prone to extortion. The source of a ransomware attack is the hardest to trace since cyber criminals use automated attack tools and further demand the extortion amount in cryptocurrencies.
Cyber-related risks to the energy sector can be minimised by strategic intelligence gathering on potential threat actors, weaving of cyber security strategies into corporate decisions, industry-wide collaboration and sharing of intelligence data, investments in cybersecurity controls as well as periodic review of cybersecurity program budgets. Basic cyber security hygiene like multi-factor authentication, ready-to-implement response plans, and up-to-date backup systems can minimise the impact of cyber-attacks on critical infrastructure.
Debopama Bhattacharya is Project Assistant at Manohar Parrikar Institute for Defence Studies and Analyses
Views expressed are of the author and do not necessarily reflect the views of the Manohar Parrikar IDSA or of the Government of India.
This is the abridged version of the article which appeared first in the Comment section of the website (www.idsa.in) of Manohar Parrikar Institute for Defense Studies and Analyses, New Delhi on May 20, 2021