Energy industry faces unprecedented cyber threats almost daily
Washington — Every day the energy sector faces a barrage of cyber attacks, and just about once a day an attack is novel, something the industry has not seen before but must defend against.
“The problem is there are an infinite number of ways that you can create malware, that you can attempt intrusions,” John Bryk, a cyber and physical threat intelligence analyst with the Downstream Natural Gas-Information Sharing and Analysis Center, said in a recent interview. “There’s always going to be something new.”
The center, launched by natural gas utilities in 2014 to help them prepare for and better understand threats, aggregates cyber risk data to spot trends and communicate back to companies.
Cyber attacks that could cause physical damage are becoming more common. Although an attack is unlikely to bring down the entire grid, the risks have caused some sleepless nights for energy executives.
“The implications of something going wrong is no longer loss of property, it’s loss of life,” Jed Young, chief information security officer at refining giant Andeavor, recently told a Houston conference.
One of the biggest power and natural gas companies in the world, Dominion Energy, is facing more unique threats than ever before, and its director of information technology risk management said the attacks have escalated most intensely within the past 18 months.
“It’s really gotten our attention on what are our levels of defense,” Dominion’s Tom Arruda said. “How do we protect at each level? And how do we ensure that, if anything were to happen, it would be limited in the scope of what it can do?”
There are two kinds of digital utility systems that can come under attack: information technology and operation technology. The IT side includes digital communication, data and other material that is connected to the internet in some capacity. Under the OT umbrella reside the systems that manage the movement of electrons through the grid and molecules through pipelines.
Attacks on these two kinds of systems generally are carried out by distinct actors with different motivations, according to Kimberly Denbow, American Gas Association senior director of security, operations and engineering services.
Entities seeking to steal data or to hold companies ransom typically target the IT side of the business, while OT systems are more often targeted by nation states trying to gather information, possibly with the goal of penetrating and controlling the infrastructure, Denbow said. Sam Ellis, Southwest Power Pool director of cybersecurity, offered that those targeting critical energy infrastructure are “just a small piece of the pie.”
Attacks on the power grid are “very rare,” he said, as most hackers “are usually in it for some kind of financial motive.” A recent trend, for instance, has been to breach networks, not to damage them but to gain computing power to mine cryptocurrency for cash or to fund other endeavors, Ellis said.
Still, Russia, China, Iran and North Korea pose the greatest cyber threats to the US as they work to use hacking operations to achieve strategic objectives, Dan Coats, US director of national intelligence, told Congress in testimony on the intelligence community’s 2018 assessment of threats to US national security.