Why the energy sector’s latest cyberattack in Europe matters

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Alexander Klimburg, Head, Centre for Cybersecurity, Member of the Executive committee, World Economic Forum, Filipe Beato, Lead, Centre for Cybersecurity, World Economic Forum & Maciej Kolaczkowski, Manager Oil and Gas Industry – Energy, Materials, Infrastructure Platform, World Economic Forum Geneva

• A cyberattack on Amsterdam-Rotterdam-Antwerp (ARA) will likely have reverberating consequences on business operation and the economy across Europe.
• Ransomware attacks have risen 150% in the last year and are easy to conduct with defence mechanisms largely inadequate.
• Information sharing, partnerships and collaboration can help develop an affront to rising cyberattacks.

A cyberattack on the major European oil refining hubs of Amsterdam-Rotterdam-Antwerp (ARA) has hugely disrupted the loading and unloading of refined product cargoes amid a continental energy crisis. The disruption could see further cascading effects on existing business and operational disruption in Germany and Belgium, with potentially larger societal and economic impacts across all European countries.

The attack rings similar to the US Colonial Pipeline incident last year when an American pipeline suffered a ransomware attack. This follows on similar attack on two German oil logistics firms that led to minor disruption on petrol supplies in northern Germany

Why does it matter?

Early reports indicate that a type of ransomware was use in the attacks in Germany. Ransomware attacks grew 150% in the past year and can cause considerable damage even in well-supplied and stable markets.

However, the attack on ARA initially appears intentional to compound an already difficult situation for European energy markets. Oil and gas inventories are low and prices are at levels not seen for years. As a result, it will likely increase the level of stress in the system more so than its actual physical impact.

The kinetic impact to society-at-large of having an infrastructure breakdown due to a cyber-attack is also laid bare, one of the top three concerns of cyber leaders as per the 2022 Global Cyber Outlook report.

Further, it disrupts energy markets and increases tensions around the already difficult political situation in Europe.

Precedential attacks

The current attack is not the first vulnerability exposed by cyberattacks on critical energy infrastructure. For example, the US Colonial Pipeline ransomware attack in May 2021 led to the shutdown of 5,500 miles of pipeline carrying around 45% of fuel supplies on the East Coast.

Other recent cyber-attacks, like those on a Florida water plant in February 2021 and a Solarwinds software provider in 2020, further emphasize that such attacks depend on the shortcomings of mitigation measures. There’s also a clear need to secure legacy systems, inadequately protected due to rapid digitalization and their connection to the internet, despite such online connection not being envisaged in their original design.

Profound impacts

These attacks can potentially disrupt critical infrastructures that deliver foundational support to current economies and functional societies. They could also drive government action on the importance of cybersecurity. For instance, after the US Colonial Pipeline affair, US President Joe Biden signed an executive order to strengthen cybersecurity and the Cybersecurity and Infrastructure Security Agency recently released steps to protect against potential critical threats.

As cyber threats become more sophisticated, the current digital transformation across the industry exposes critical infrastructure and the entire oil and gas supply chain to cyber risks with potential future safety and environmental impacts and disruptions to business operations.

Major trends

Protection against these threats gets harder as cyber-attacks become less costly and materialize more easily each year.

There are, therefore, three significant trends facing the industry:

– The expansion and convergence of the digital threat landscape between IT and OT (operational technology), with greater connectivity of the critical infrastructure and rapid adoption of emerging technologies to speed up the business model transformation.

– The rise and complication of supply chain attacks in securing global oil and gas operating environments with the highly interconnected environment of partners, joint ventures and suppliers where cyber hygiene is siloed and responsibility shared across diverse priorities.

– The escalation of cyber-attacks in the industry threatens business operations and public safety, as stressed by 80% of cyber leaders on the Cybersecurity Outlook report.

What can we do?

The industry should act now to mitigate future disruptions caused by cyber-attacks similar to the ARA incident.

To help in this effort, the World Economic Forum’s Cyber Resilience in the Oil and Gas Community conveys 60+ cyber leaders from the industry to help strengthen the cyber resilience of the oil and gas sector. The community has developed and shaped the following guiding principles, providing the first step to help senior leaders take action on cyber resilience:

– Establish a comprehensive cybersecurity governance model.

– Promote security and resilience-by design culture.

– Increase the visibility of third parties’ risk posture and consider broader ecosystem impact.

– Implement holistic risk management and defence mechanisms with effective preventive, monitoring, response and recovery capabilities.

– Prepare and test a resilience plan based on a list of predefined scenarios to mitigate the impact of an attack.

– Strengthen international public-private collaboration between all stakeholders in the industry.

To find out more, you can read about the Centre for Cybersecurity’s project on Cyber Resilience in Oil and Gas and about the Partnership against Cyber-Crime. For further insights, check out the recent Global Cybersecurity Outlook report.