Cyber criminals are targeting the energy infrastructure in the U.S, including pipelines, refineries and power grids to attack their operations and supply chain systems, experts said.
Hackers have targeted oil and gas producers in the past, such as the attack of the Colonial Pipeline, the largest U.S. fuel pipeline that resulted in shortages along the East Coast in April 2021.
The cyber attackers demanded ransom via cryptocurrency since it is difficult to trace who the owners of an account are. Service from the pipeline did not begin again until May 12, 2021.
The company wound up paying the hackers, who were known as DarkSide, a $4.4 million ransom. The hackers, an affiliate of a Russia-linked cybercrime organization, also stole almost 100 gigabytes of data.
The hackers of Colonial Pipeline targeted the back-office systems and networks that most businesses use routinely, Jacob Ansari, security advocate and cyber trends analyst for Schellman, a Tampa, Florida-based security and privacy compliance assessor told TheStreet.
“[They] disrupted the company’s ability to perform its accounting and billing, put the company in a position where they shut down the pipeline until they could recover,” Ansari said.
Attacks Likely Retaliation For Import Bans
The decision by the Biden administration to ban the import of Russian oil and natural gas into the U.S. will likely have ripple effects at home and abroad, Austin Merritt, cyber threat intelligence analyst at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, told TheStreet.
“It is realistically possible that Russia could respond with retaliatory measures, such as a cyberattack,” he said. “Even though the U.S. has a robust domestic production of oil and gas, we are all too familiar with how a cyber attack on energy infrastructure can be incredibly disruptive.”
Russian state actors used a novel malware variant against Ukraine’s power grid in 2016, causing widespread blackouts across the country, Merritt said.
“Russia attempted to create conditions that would cause physical damage to an energy transmission station and disabled the transmission station’s computers, preventing the utility’s staff from monitoring any of the station’s digital systems,” he said.
While there is some skepticism since there has not been a “major” attack carried out by Russia, critical industries like the energy sector need to realize that the current stasis in cyber activity could change at a moment’s notice.
Karim Hijazi, chief executive officer of Prevailion, a Houston-based company that specializes in cyber intelligence by infiltrating hacker networks to spy on their activity and predict what they will target next, told TheStreet that new attacks could happen at any moment.
“We’re on the threshold of a really dangerous situation, where a dramatic escalation in cyber warfare by Russia could occur at any time,” he said.
This situation could quickly spiral out of control with Russia, carrying out significant attacks on our energy companies, said Hijazi, whose company has infiltrated numerous Russian hacking groups and monitored attempted breaches into critical U.S. infrastructure.
“Russia has its back against the wall,” he said.
Scroll to Continue
Hackers from other countries like China and Iran are going to take advantage of this situation, while everyone is distracted by Russia and will carry out their own cyber espionage operations in the U.S., Hijazi said.
Energy Assets That Will Be Targeted
Europe’s energy infrastructure will likely be Russia’s first target.
“That is where they can inflict the most pain, throw domestic politics into turmoil and have less risk of a retaliatory cyber attack than if they go head to head with the U.S.,” he said.
“That doesn’t mean the U.S. is off the hook. Russia has extensive cyber warfare capabilities, stockpiles of zero-days and advanced malware, and hackers who know how to hijack industrial control systems.”
Other attacks have focused on the energy infrastructure elements, but even LNG shipments to Europe could be targets.
Things that may be targeted will be controllers of power regulation like circuit breakers and substations.
Those are the computers that control the flow of energy, Josh Rickard, security solutions architect at Swimlane, a Boulder, Colo.-based provider of low-code security automation, told TheStreet.
Hackers could either slowly or immediately disable portions of the power or choose to disconnect from the power grid, which increases demand from other substations or generators.
“Multiply this by 10 or more and this could result in a catastrophic failure of a portion (or most) of a power grid,” he said.
Why the Energy Sector Is a Target
The US energy infrastructure has already been targeted and some have been compromised, Sounil Yu, chief information security officer at JupiterOne, a Morrisville, North Carolina-based provider of cyber asset management and governance solutions, told TheStreet.
The attacks would have the appearance of ransomware, “but no decryption keys will be provided if a ransom is paid,” he said. “The goal will be destruction, not revenue. Their goal is ruination, not remuneration.”
The traditional model of criminal and nation-state attacks is changing because of the Russian war in Ukraine, Brian Contos, chief security officer of Phosphorus Cybersecurity in Nashville, Tenn., that specializes in IoT/OT and other physical systems, told TheStreet.
“As both the Ukraine war and economic crisis worsens for Russia, there is a significant risk that Russia’s cyber teams will start acting out more aggressively in attacks on the U.S. and the West,” he said. “The energy industry would be a significant focus of those attacks.”
While many energy companies already claim their systems are “air gapped” from the main corporate network, that is always not completely true, Contos said.
“There are often still shared resources between the two that a sophisticated hacker could exploit,” he said. “Since energy companies have also been transitioning much of their network activity to cloud-based systems, that is another area that needs to be better protected.”
The impact from cyber disruptions to oil and gas production might not be instantaneous, Pan Kamal, head of product at BluBracket, a Palo Alto-based provider of code security solutions, told TheStreet.
“When the movement of oil or gas via pipelines, in and out of storage tanks to the retail outlets gets interrupted, as was the case with the Colonial Pipelines attack, it can wreak havoc with the entire energy supply chain,” he said.
Power generation and transmission or distribution systems are run by industrial control systems that are largely built on computer systems and software. This change has also created vulnerabilities due to the interconnected nature of these systems.
One example is the use of smart meters to automatically report power consumed by millions of residential users mesh networks without human intervention, Kamal said.
“A major concern is the breach of this network and the potential for an attacker to pivot to a larger segment of the grid for the purpose of taking out a major transmission substation,” he said.
The cyber attacks would likely be destructive in nature, John Bambenek, principal threat hunter at Netenrich, a San Jose, Calif.-based digital IT and security operations company, told TheStreet.
“There will be no ransoms offered in these attacks,” he said.
The hackers could simply knock out the front-office networks to disrupt operations without harming the industrial controls systems, Contos added.
Another option is to attack the control systems directly, causing physical machinery to malfunction or damage, and resulting in long-term and costly disruptions in the energy supply, from electric grid blackouts to disruptions in the supply of oil and gas, he said.
“They could also go after the shipping industry from the ports to the shipping freighters themselves or the communications/navigations systems they rely on to disrupt LNG shipments to Europe,” Contos said.