The future of U.S. energy security will be centered around a broad and varied supply of energy sources. And as the energy industry undergoes rapid modernization, with many companies adopting a wide range of digital technologies, from automated robotic platform equipment to AI and machine learning technologies, this opens the sector up to a new wave of cyber threats. The acceleration of the green transition means that thousands of new renewable energy projects are being developed across the country from a plethora of energy companies and start-ups.
These projects vary in size, management, and style, meaning that each one can face different security threats. Further, America’s aging grid system is not well-prepared to combat the skills and expertise of advanced hackers. So, just what should the government and private sector do to enhance U.S. energy cybersecurity?
The Good and the Bad of Digitalization
The International Energy Agency (IEA) views the adoption of digital technologies as vital to the future of the energy industry. When used to deliver electricity, they can help enhance efficiency, reduce costs, and decrease outage times. The digitalization of energy operations can also help accelerate the green transition. However, as devices become more interconnected, the threat of a cyberattack must be taken more seriously.
Enhanced automation exposes companies to the threat of a cyberattack, which could interfere with the function of a wide range of equipment, affecting both energy companies and consumers. As well as causing power outages, the knock-on effect of cyberattacks on businesses could be severe, with the potential for countries to lose millions or billions of dollars due to business disruption, equipment damage, and revenue loss.
According to the World Economic Forum’s Cyberattacks Global Risk Report 2020, cyberattacks were among the top ten global risks in terms of likelihood and impact. The threat is especially high due to the unpredictability of attacks. The risk of cyberattacks is difficult to measure and track, mainly due to the lack of available data on cybersecurity events. Incidents often go unreported or undetected. Further, the lack of a cohesive international definition of what constitutes a cyberattack means that these events are often overlooked.
Recent Incidents or “Cyberattacks”
Recent studies have shown that cyberattacks have been on the rise in recent years. There were around 38% more cases of cyberattacks in 2022 compared to 2021. And the adoption of cloud-based solutions and other digital technologies has made companies more vulnerable to these types of incidents, demonstrating the need for better cybersecurity.
One famous cyberattack was that of the Colonial Pipeline in 2021. Colonial transports around 2.5 million bpd of fuel and accounts for around 45% of the East Coast’s supply. The fuel pipeline is the largest in the U.S. and the ransomware attack led to a loss of $.4.4 million, in the form of a ransom payment to the criminal gang. The attack was aimed at tarnishing the company’s image. The disruption led to gasoline shortages, the shutting down of services, panic buying among consumers, and increased gas prices.
To avoid the threat of cyberattacks many energy companies, as well as the Federal government, are paying ethical hackers to assess the weaknesses in their systems. A 2022 Hacker-Powered Security Report stated that ethical hackers found more than 65,000 vulnerabilities in 2022, around 21% more than those in 2021. While data loss is the biggest concern, there is also a threat to the safe and steady running of energy and industry operations.
The Need to Prioritize
As companies modernize operations through digitalization, many are failing to introduce the appropriate cybersecurity measures required to mitigate the risk of an attack. This can be due to a lack of understanding of the threat or an unwillingness to invest in extra security measures. A 2022 GlobalData report explained, “The digitalization wave in the oil and gas industry is creating new access points in industrial networks for hackers to exploit,” and “As technology develops, from mobile to the cloud to IoT [internet of things], the level of complexity needed for organizations to maintain a cyber-aware stance also increases.”
However, at present, cybersecurity is not viewed as a priority by many state governments and private companies. Francesca Gregory, an analyst at GlobalData, stated “Oil and gas companies are realizing the benefits of integrating technologies into workflows, with the pandemic undoubtedly playing an instrumental role in boosting the momentum of the industry’s digitalization… However, the wider industry is largely underprepared to handle its risks.”
In a 2022 survey, 38% of the respondents from the power transmission and supply and the oil and gas sectors felt confident that they were prepared to respond to a potential cyberattack, while just 20% of the respondents in the renewable energy industry felt the same. This suggests that many companies across the energy industry are, on average, highly unprepared for an attack on their network.
A Possible Shift
This is slowly changing, with spending on cybersecurity expected to reach $10 billion by 2025. But several companies are only just beginning to digitize operations and are still learning about the potential threats, which limits their ability to act to mitigate these threats. The government could support U.S. companies by developing federal guidelines on the implementation of cybersecurity measures in the energy industry. In addition, better coordination between federal agencies and the private sector could further enhance the security of critical infrastructure.
Relevant News for Tomorrow’s Energy
At Shale Magazine, we keep ahead of new developments like cybersecurity concerns in U.S. energy to keep our readers informed – not influenced. Follow our fact-based reporting by checking out our latest issues, tuning into the latest podcast, or coming out to the next networking event for energy professionals.