Cyber threats targeting the energy sector are evolving, posing a significant risk to national infrastructure in the UK and US. According to research by Darktrace, these threats come in various forms, including state-sponsored attacks, profit-driven cybercriminal activity, and malicious insider actions. The impact of successful attacks can be devastating, potentially disrupting energy supplies and leading to severe economic and social damages.
Email remains the primary conduit for such cyber threats, with 55% of incidents in both the US and UK involving phishing attacks aimed at harvesting credentials. Often, these attacks are executed through seemingly legitimate emails that compromise cloud-based services, such as Microsoft 365. Ransomware attacks have also surged, accounting for 18% of incidents, with notorious groups like ALPHV/BlackCat and Fog leading the charge.
Incidents are on the rise, particularly in Europe, the Middle East, and Africa (EMEA), where renewable energy producers have faced heightened scrutiny from adversarial actors. Notable examples include targeted espionage campaigns against major companies like Honeywell and Schneider Electric, apparently linked to the APT28 group from 2019 to 2022. Furthermore, infamous hacking groups such as Sandworm have been implicated in attacks on Ukraine’s electrical infrastructure, highlighting the critical vulnerabilities within the sector’s operational technology.
The advent of artificial intelligence (AI) in the energy sector presents both opportunities and challenges. While AI promises efficiency, experts warn that without adequate training, its implementation could introduce new vulnerabilities. Mark Bristow of the Cyber Infrastructure Protection Innovation Center at MITRE noted that while theories abound about AI disrupting power grids, the technology remains underdeveloped for such tasks at present.
Moreover, the energy sector’s reliance on a limited pool of critical vendors exacerbates these risks. As highlighted by the Royal United Services Institute (RUSI), this over-reliance poses a formidable threat, as a single successful attack could have cascading effects on national infrastructure. Energy companies are now increasingly considering cloud hosting for operational technology devices, despite the new vulnerabilities this approach could introduce. With an increasing trend of outsourcing among energy firms, understanding the security posture of vendor software has become ever more critical.