Cybersecurity in the utility space isn't just about keeping the lights on, it's about saving lives.
Russia’s invasion of Ukraine in February 2022 signaled many things to the Western world, but perhaps one of the biggest warnings was how precarious energy security really was as oil and gas prices skyrocketed following the start of the war.
As Europe entered winter and the demand for energy increased, it highlighted just how vicious the cycle can be as cyber attacks on critical infrastructure and operation technology increased.
There was a time before the Ukraine war when those attacks might just have been an inconvenience, but the seriousness and ripple effects of those attacks are now even more far-reaching, presenting a major threat to lives and livelihoods -- especially among the most vulnerable in society. This is why it is critical for governments and businesses to do everything they can to protect their critical infrastructure and improve the security of their operational technology.
The cyber energy crisis
The energy crisis highlighted the significant rise in nation-state-sponsored cyber attacks, with utilities becoming one of the main targets. The sector was already victim to 10.7 percent of attacks globally in 2022 and it is expected to increase even more in 2023 and the foreseeable future.
The consequences of such an attack being successful can be catastrophic, with potential loss of life, property damage, and economic disruption. An estimated 7.5 million households in the UK already live in fuel poverty, and living in freezing cold homes poses threats to lives, particularly among the elderly. Just last month, the UK government warned that Russian hackers affiliated with the paramilitary Wagner group were seeking "to disrupt or destroy" parts of the UK’s critical national infrastructure.
UK Cabinet Office minister Oliver Dowden issued a national alert to key businesses amid increasing concerns that Russia might search for new ways to target and threaten the West as it continues to struggle on the battlefield in Ukraine. Dowden added that while the hackers lacked the capacity at this stage to do widespread damage, the threat was rapidly growing.
"I don’t think we are yet doing enough to protect our infrastructure from the cyber threats emerging from Russia-aligning groups," Lindy Cameron, the head of the UK’s National Cyber Security Centre, said at the time.
The rise of the threat of cyber attacks on critical infrastructure in the West is such that over a third of organizations in the UK said they anticipated an increase in cyber attacks, with a number of high-profile businesses already falling victim to these attacks in 2023 alone.
"Cybercriminals worldwide are becoming increasingly resilient, resourceful, and stealthy in their pursuit of critical data," said Laurance Dine, Global Partner for IBM’s X-Force Incident Response team.
"In Europe, we saw adversaries overwhelmingly exploiting unpatched vulnerabilities to infiltrate victim environments in 2021, highlighting the importance of adopting a Zero Trust approach to security. Businesses must start operating under the assumption of compromise, putting the proper controls in place to defend their environment and protect critical data," he said. "In the UK, critical industries such as energy, manufacturing and finance are key targets for cybercriminals, underlining the importance of the government’s National Cyber Security Strategy to ensure the economy remains resilient in our fast-moving digital world."
It is therefore essential that utility professionals prioritize cybersecurity as a critical aspect of their operational technology and cybersecurity protocols. This means investing in robust security measures to protect their infrastructure, which includes regular risk assessments, continuous attack surface monitoring and management, ongoing monitoring of networks, and a comprehensive incident response plan in the event of an attack. It is also crucial that utility professionals work closely with cybersecurity experts to ensure that they have the latest knowledge and tools to defend against evolving cyber threats. This includes staying up-to-date on the latest cybercrime trends, as well as investing in training and development to improve cybersecurity awareness among staff.
While the digitization of the world has undoubtedly created more opportunities, it has also created more risks such as unauthorized system and configuration changes. Despite the increase in these risks, there are several things businesses can do to minimize the risk while actively monitoring their systems and putting in place skilled people to ensure infrastructure and networks are protected.
Although cyber attacks could become more frequent and organized in our increasingly digitized world and as a result worsen the energy crisis, it also presents an opportunity for businesses and leaders to build their systems to be cyber resilient and implement a business continuity plan.
Image credit: [email protected]/depositphotos.com
Mark Clark is VP Sales EMEA North, Onapsis