Countries must raise their game in combatting cyber attacks on nuclear and other energy infrastructure or face economic damage and threats to public safety, a report has warned.
The frequency, sophistication and costs of data breaches are increasing, says the World Energy Council, and the world’s first publicly-acknowledged power outage caused by hackers has taken place in Ukraine.
Energy companies must now view cyber attack as a core business risk and governments should support information sharing across countries and sectors to improve cooperation.
An attack on a nuclear plant could lead to a core meltdown and dispersal of radioactivity, says the report, while attacks on other critical energy infrastructure could threaten a country’s economy, public safety and national defence.
Europe and North America, which have the highest concentration of ageing plants, were singled out as particularly at risk in the report, called The Road to Resilience: Managing and Financing Cyber Risks, released on 28 September.
A hack attack in Ukraine was held up as a prime example. There, on 23 December 2015, hackers entered the IT systems of the electricity distribution company Kyivoblenergo and disconnected seven 110 kV and twenty three 35 kV substations, causing a three-hour outage for around 80,000 customers. The council said this was the first publicly acknowledged cyber event impacting a country’s power supply.
In South Korea last year hackers targeted Korea Hydro and Nuclear Power Company, trying to cause nuclear reactors to malfunction. They failed but succeeded in leaking non-classified documents.
This year in Israel an employee of the Electricity Authority fell for a phishing attack, which infected a number of computers on the network with malware. The power grid was not affected, but it took two days for the Authority to resume normal operation.
Attacks are on the rise, says the World Energy Council, a London-headquartered international membership organisation. It says US Department of Homeland Security’s Cybersecurity Emergency Response Team responded to 295 cyber incidents in the energy sector in 2015, a 20% increase on 2014.
There is also a heightened perception of risk among operators, the report finds. In a survey of critical infrastructure organisations in the US, UK, France and Germany, 48% of respondents expressed that it would be likely for a cyber attack to take down critical infrastructure with the potential loss of life.
Cyber security is also an expanding industry. The report claimed that by 2018 oil and gas companies globally could face costs of up to $1.87bn in cyber security spending. And in Europe, cyber security consulting and testing services at utilities are expected to hit $564m in 2016.
See the report here.
Image: Nuclear power plant in Cattenom, France (Stefan KÃ¼hn/Wikimedia Commons)