Cyber Attacks: A New Threat to the Energy Industry
The Network and Information Security (NIS) Directive has been adopted on July 6th, 2016 by the European Parliament, three years after the initial proposal by the European Commission. It paves the way for a much needed common cyber security strategy within the EU. This Edito explains the reasons why the energy industry is particularly vulnerable to cyber attacks, and what tools this new directive brings about to protect European critical infrastructures.
In about two decades, the energy industry has been deeply transformed by the digital revolution, which penetrated companies’ commercial, administrative and financial branches, but also their industrial systems. From the optimization of electric grids to the precision of oil drilling, information and communication technologies (ICT) are now essential to every stage of energy production, transport and distribution processes. Data mining and analysis are increasingly considered as the energy sector’s new “black gold”, and generate new activities just like the platform Predix, designed by General Electric to help energy companies (among others) collect and analyze industrial data.
This silent revolution offers countless economic opportunities and paves the way for a better resource distribution and use. But it also puts physical energy infrastructures at risk.
An Expanding Threat
The 23 December 2015 in Ukraine, a cyber-attack on several regional grid operators deprived more than 200 000 people of electricity for a few hours, and constrained operators to physically intervene at the substations to restore power. Since substations could no longer be remotely controlled, on-site interventions had to be maintained during several weeks after the event in order to ensure the electricity delivery. The use of common hacking methods such as phishing, combined with a very precise knowledge of Industrial Control Systems (ICS) dealing with electricity distribution, allowed attackers to remotely activate breakers in about 30 electric substations and cut the power off.
This was the first time a cyber-attack targeting the grid had physical consequences. Few attacks are likely to have such implications. All experts agree on the fact that the level of preparation and coordination, the degree of knowledge of ICS targeted and probable financial means invested in this operation are not within reach of any criminal group, or State. Moreover, an on-field study conducted by several Federal US agencies found that the Ukrainian operators’ ICS were particularly well protected.
Ukrainian authorities have been quick to point at Russia after the event, and even if very few elements can lead to the conclusion that Moscow was involved in the attack, this event might well have a geopolitical background. The only other known cyber-attack with serious consequences on an energy infrastructure goes back to the Stuxnet worm discovered in 2010, designed to slow the progression of the Iranian nuclear program. A thousand uranium enrichment centrifuges were damaged by this malware, which went unnoticed for more than a year. Here again, strategic interests and the presumed support of two nation-States (the USA and Israel) make this attack remarkable.
Energy companies are more and more targeted by this kind of threats, and the structure of their activity makes them particularly vulnerable, for several reasons...
Read the full text in PDF below.
Download the full analysis
This page contains only a summary of our work. If you would like to have access to all the information from our research on the subject, you can download the full version in PDF format.
Cyber Attacks: A New Threat to the Energy Industry
Related centers and programs
Discover our other research centers and programsFind out more
Discover all our analysesEurope’s Black Mass Evasion: From Black Box to Strategic Recycling
EV batteries recycling is a building block for boosting the European Union (EU)’s strategic autonomy in the field of critical raw minerals (CRM) value chains. Yet, recent evolutions in the European EV value chain, marked by cancellations or postponements of projects, are raising the alarm on the prospects of the battery recycling industry in Europe.
The New Geopolitics of Energy
Following the dramatic floods in Valencia, and as COP29 opens in Baku, climate change is forcing us to closely reexamine the pace—and the stumbling blocks—of the energy transition.
Can carbon markets make a breakthrough at COP29?
Voluntary carbon markets (VCMs) have a strong potential, notably to help bridge the climate finance gap, especially for Africa.
Taiwan's Energy Supply: The Achilles Heel of National Security
Making Taiwan a “dead island” through “a blockade” and “disruption of energy supplies” leading to an “economic collapse.” This is how Colonel Zhang Chi of the People’s Liberation Army and professor at the National Defense University in Beijing described the objective of the Chinese military exercises in May 2024, following the inauguration of Taiwan’s new president, Lai Ching-te. Similar to the exercises that took place after Nancy Pelosi’s visit to Taipei in August 2022, China designated exercise zones facing Taiwan’s main ports, effectively simulating a military embargo on Taiwan. These maneuvers illustrate Beijing’s growing pressure on the island, which it aims to conquer, and push Taiwan to question its resilience capacity.