Energy sector sees increase in cyber-attacks

WASHINGTON, Oct. 6, 2016 - The energy sector has seen a major increase in the number of successful cyber-attacks over the past year, the World Energy Council says in a new report. With its increasing interconnection and digitization, such as the emergence of smart grids and smart devices, the sector makes a “highly attractive target for cyber-attacks aimed at disrupting operations,” the Council says.

In a worst-case scenario these attacks could result in infrastructure shut-down, causing economic and financial disruptions, massive environmental damage or even loss of life, according to the report.

“What makes cyber threats so dangerous is that they can go unnoticed until the real damage is clear, from stolen data over power outages to destruction of physical assets and great financial loss,” says World Energy Council Secretary General Christoph Frei. “Over the coming years we expect cyber risks to increase further and change the way we think about integrated infrastructure and supply chain management.”

Case studies on past attacks in the U.S. and other countries are highlighted in the report, including the attack caused by the so-called “Slammer” malware in 2003 that targeted an Ohio nuclear power plant’s private network, disabling a safety monitoring system for five hours and affecting five other utilities.

“Cyber threats are among top issues keeping energy leaders awake at night in Europe and North America,” says Frei. “Over the past three years, we have seen a rapid change from zero awareness to headline presence. As a result, more than 30 countries have put in place ambitious cyber plans and strategies, considering cyber threats as a persistent risk to their economy.”

Effectively addressing cyber risk demands much higher public awareness, in governments and utilities, the Council says.

The report, The Road to Resilience: Managing Cyber Risks, examines how cyber risks can be managed, taking into account the changing nature of the energy industry and energy infrastructure.

“The energy sector must take a systemic approach and assess cyber risks across the entire energy supply chain, improve the protection of energy systems and limit any possible domino effects that might be caused by a failure in one element of the value chain,” says Jeroen van der Veer, executive chair, Financing Resilient Energy Infrastructure study, and former CEO of Royal Dutch Shell.

“Nevertheless, measures that require supply chain compliance or cross-border cooperation are more difficult to implement, and require increased cross-sector cooperation.”

Here are some key recommendations in the World Energy Council report:

•  Energy utilities must view cyber as a core business risk, increase awareness and build strong technical and human cyber resilience strategies;
• Technology companies must monitor the nature of cyber-attacks and embed security features into the products they are developing and delivering;
• Policymakers must stimulate the introduction of standards, regulation and support information sharing;
• The insurance sector must monitor cyber risks, manage newly arising and changing risks and develop cyber insurance products.

“Energy companies must get used to the fact that cyber now poses the same kind of risk to large infrastructures as a flood or a fire,” the World Energy Council says. “The nature and changing risk profile of the cyber threat, from economic espionage to disruption of production, demands a cross-sector based risk approach from businesses and governments around the world.”

The report, published by the Council in collaboration with Swiss Re Corporate Solutions and Marsh & McLennan Companies, is the third in a series of reports from the World Energy Council addressing the need for more investment and system change to increase resilience towards emerging risk in the energy sector.  To read the report, click here.

#30                 

For more news, go to: www.Agri-Pulse.com