When Hackers Take Down Critical Energy Infrastructure

The Plug #19 | On Cyber Security

“The Internet and reliance on complex information-technology systems have created a whole new set of vulnerabilities for energy and electric power infrastructure around the world by creating entry paths for those who wish to disrupt those systems.” – Daniel Yergin (The New Map)


Over the past two decades, the growth in global internet access has brought with it a litany of incredible benefits. But it’s also worth highlighting the darker flip side to our increasingly interconnected, virtual world.

As our lives and our data have moved online, new opportunities have emerged for criminality and conflict.

With black market retailers now selling easy access to off-the-shelf ransomware technology, anybody with stable internet access and basic computing knowledge can hack into unsecured IT networks anywhere in the world.

It would seem as though ransomware is the modern, geographically agnostic form of kidnapping. Never in history has it been easier to extort ransom payments from unsuspecting victims. Those targeted include both companies and individuals alike.

Earlier this year, the Colonial Pipeline came face to face with that threat.

A ransomware attack launched by someone from somewhere in Eastern Europe resulted in the pipeline’s complete shutdown; a first in its 57-year history. The incident highlighted how devastating cybersecurity attacks could be when targeted at critical energy infrastructure.

It also served as a reminder of how unprepared we are to deal with cyber-attacks.

This week’s edition has three sections:

  • 📈The Rising Cost of Virtual Kidnapping

  • 🩸 No Blood, No Foul in The Virtual World

  • 💻 What the Future Will Hold


📈 The Rising Cost of Virtual Kidnapping

A recent episode of John Oliver’s Last Week Tonight dove deep into the world of ransomware.

One of the things I appreciate most about John Oliver is his ability to produce entertaining and well-researched insight on sensitive, complicated topics.

His commentary on cybercrime is an excellent example of that.

The estimated cost of ransomware attacks globally has grown by 300% since 2017 to ~$20 billion in 2021. And, according to Statista, ~51% of companies in the U.S. were targeted by ransomware attacks in the last 12 months. In India, that number is even higher at ~68%.

Both stats make it pretty clear that cybercrime is becoming an increasingly significant pain in the ass for both individuals and companies.

Unfortunately, I don’t see any reason to believe that this trend will change course in the years to come. If anything, it’s only set to accelerate.

As more of the world’s population gain internet access, and we become increasingly dependent on IT systems in our personal and professional lives, the opportunity for cybercriminals to reap ill-gotten internet gains will only continue to increase.

Absent strong cybersecurity, the cost of ransomware and other cyberattacks will rise in tandem. Maybe this is our reminder to invest in some Norton Antivirus software?

Jokes aside, the threat of future cyber-attacks looms large for the energy system on which we are so heavily reliant.

The recent attack on Colonial Pipeline might only be the tip of the iceberg.


🩸 No Blood, No Foul in The Virtual World

For those unfamiliar with Colonial Pipeline or the ransomware attack that took place earlier this year, here’s a quick rundown of what you need to know:

The Ransomware Attack

  • In May-’21, an apolitical cybercriminal group known as “DarkSide” gained access to Colonial’s IT network using a compromised employee password

  • Darkside stole ~100 gigabytes of data and threatened to release it publicly unless Colonial paid them a ransom

.

The Colonial Pipeline (CP)

  • CP is the largest refined products pipeline in the U.S., moving several oil byproducts, including diesel, gasoline, aviation fuel, and home heating oil

  • In response to the cyber-attack, employees at the company made the decision to shut down the pipeline entirely; creating a major disruption in U.S energy supply chains

  • The pipelines shutdown led to long lines at gas stations, sporadic fuel outages, and higher gasoline prices across the U.S. Northeast for several weeks

  • The company ultimately paid ~$4.4mm in Bitcoin as a ransom… But, 64 of Colonial’s 75 Bitcoins were later recovered by the U.S. DOJ.

Following the attack, Amy Myers Jaffe shared this thought:

“This is as close as you can get to the jugular of infrastructure in the United States. It’s not a major pipeline. It’s the pipeline.”

But all things considered, the attack itself was relatively benign.

For a multi-billion-dollar company, a couple of million bucks in ransom payment is merely a speeding ticket. The black eye and bruised ego that accompanied the related public backlash were also undoubtedly uncomfortable. However, the pipeline itself incurred no physical damage from the attack.

This time around, Colonial Pipeline escaped the incident relatively unscathed.

While the attack itself wasn’t particularly damaging, it served as a reminder that our energy system will continue to face similar threats from now until the end of time. Because it’s that energy system that facilitates the lives we live daily; by powering much of our transportation system and keeping our lights on.

It should come as no surprise that cybercriminals will continue targeting the energy; the bedrock of our economy and an industry that plays a critical role in ensuring our national security.

For U.S. policymakers, the pipeline’s security breach reawakened the debate around what to do to shore up America’s cyber defence around critical infrastructure. U.S. Senator Ed Markey (D-MA) had this to say:

“The federal inability to prevent and effectively respond to cyberattacks turns our pipeline system into a risk for communities and an increasingly vulnerable component of our electricity system,”

Thanks for stating the obvious, Ed!


💻 What the Future Will Hold

In 2017, the WSJ released an article documenting the history of cyberattacks launched by Russian-affiliated entities targeting U.S. electrical utilities. I found this line to be particularly troubling:

“For example, many experts fear that a skilled technician could use unfettered access to change some equipment’s settings. That could make them unreliable in unexpected ways, causing utility engineers to do things that would result in extensive damage and potentially lengthy blackouts.

In the future, as our energy system continues to become more technically complex, the opportunities to take advantage of it will continue to rise.

It isn’t a stretch to imagine that foreign entities could use system vulnerabilities to damage critical infrastructure instead of simply seeking ransom payments. In doing so, the repercussions for our energy system could be much more significant.

It will be interesting to see how cybercrime evolves in the years to come. And how policymakers and regulators address the ongoing challenge of cyber security.

But hey, on the bright side, at least stable internet access has facilitated the world’s ability to work from home!