Share this
Could an Attack Like Colonial Pipeline Hit the Power Grid?
by Gaby Flores
Cybersecurity Risk, a Growing Concern in the Energy Industry
Data volume is exploding, regardless of the industry, and with increased data comes increased cybersecurity risk. The attack on the Colonial Pipeline last week has highlighted the particular risk that the energy industry faces when it comes to security threats.
Let’s talk about what happened with the Colonial Pipeline, the concern about the power grid, what ransomware is, and why the energy industry may be particularly vulnerable to ransomware attacks, plus a couple of steps you can take to prevent attacks like this.
The Colonial Pipeline
Last week, the ransomware firm DarkSide attacked the Colonial Pipeline. The Colonial Pipeline is the largest refined products pipeline in the United States, spanning 8,850 kilometers. The cyberattack is now the largest ever on United States energy infrastructure in history. Unfortunately, the event is not an anomaly, it simply highlights a growing concern regarding the risk posed to the United States’ energy infrastructure by cyberattacks.
The Power Grid - a Serious Concern
Last week’s attack focused on a fuels pipeline, and in the end, it was not particularly disruptive. At least in comparison to what the result of a similar attack on the country’s grid infrastructure could do. As we learned from the ERCOT fiasco in February, blackouts are incredibly disruptive to the economy and the functioning of society. Concerningly, if a Ransomware company similar to DarkSide were to attack the United States power grid, the result could be a whole lot worse than the controlled outages which ERCOT experienced this year. Due to the fragility of our power grid infrastructure, if one were to hack the Western Interconnect it could potentially knock power out for the entire Western US - from Eastern Colorado to California. In an uncontrolled event like that, cascading outages would be likely and it could take weeks to restore power after an event like that. Clearly, the risk to the power sector is a legitimate concern that must be addressed.
Ransomware
Ransomware is a type of cyber attack where the perpetrators hijack computer systems and encrypt data, holding it hostage until it’s victims pay for release. Ransomware attackers will also make copies of data, threatening to publish it unless additional payment is received. Ransomware has increased rapidly, it is the number one cybercriminal activity today. The latest trend is ransomware as a service, where companies basically offer ransomware services to other parties for a fee. While the FBI recommends that victims not pay up, one of the problems with ransomware attacks is that it is often cheaper for the victim to pay their attackers than to rectify the situation and recover their data independently. This makes ransomware attacks lucrative for the attackers, thus increasing their frequency.
Why the Energy Industry Is a Target
Although DarkSide released a statement claiming that they did not want to disrupt society, but only to make money, the situation is likely more complex and less simplistic than that. Because the Colonial Pipeline is a part of the country’s energy infrastructure, it is considered critical. Industries critical to the functioning of society (like the energy industry) are more likely to pay ransomware in order to resolve the situation as quickly as possible, this makes them perfect targets.
There are a few other reasons why even prior to this attack there has been growing concern over the risk that cybersecurity threats pose to the energy industry. Of primary concern, is that for attackers who are setting out to inflict damage to society the energy industry represents a perfect target. While we tend to take electricity for granted, the winter storms in Texas proved that electricity can be a life or death matter.
Unfortunately, utilities are often vulnerable because they are not air-gapped, meaning that attackers are able to move between IT and OT. In addition, most utilities still use legacy assets with more modern digital technologies layered on top, making them even more vulnerable. Covid-19 has also worsened the situation. Most ransomware attackers get into systems through phishing emails. With more and more employees working from home, hackers have gained more entry points into critical systems. Additionally, the data and information most valuable to renewable and asset developers can also be utilized by attackers to inform their ransomware and cyber-attack strategy. So what’s to be done?
Prevention and Risk Mitigation Methods
Ransomware and cybersecurity are a concern regardless of what industry you’re in, however, the Colonial Pipeline attack has highlighted the particular risks facing the energy industry. If avoiding a ransomware attack is top of mind, here are a couple of things you can do to mitigate your risk.
-
Train your staff, regularly. As mentioned above, most ransomware attackers get in through phishing emails and individual employees. If you and your business aren’t educating your staff on best practices and cybersecurity, start now.
-
Be smart in your preparation. Utilizing multi-factor authentication, testing incident response plans, and performing off-site data backups can all save you a lot of heartache, time, and money down the line. Backing up your data is particularly important so that you’re not quite as constrained by ransomware attackers.
The FBI and Cybersecurity and Infrastructure Security Agency released an alert Tuesday with a more detailed summary of the result and best risk mitigation practices. We highly recommend reading the report and implementing as many of the suggestions in your organization as possible.
Further resources
Share this
- Industry News & Trends (98)
- Power Traders (70)
- Data, Digital Transformation & Data Journey (44)
- Asset Managers (40)
- Market Events (30)
- Asset Developers (29)
- Market Driver Alerts - Live Power (25)
- Utilities (25)
- ERCOT (24)
- ISO Changes & Expansion (22)
- Renewable Energy (22)
- Infrastructure Insights Dataset (20)
- PowerSignals (20)
- Energy Storage / Battery Technology (17)
- Live Power (17)
- Risk Management (17)
- DataSignals (16)
- Yes Energy Demand Forecasts (16)
- Data Scientists (14)
- CAISO (12)
- PJM (10)
- Power Markets 101 (9)
- QuickSignals (9)
- EnCompass (8)
- MISO (8)
- Position Management (8)
- SPP (8)
- Financial Transmission Rights (7)
- Snowflake (6)
- Submission Services (6)
- Powered by Yes Energy (5)
- Asset Developers/Managers (4)
- Data Centers (4)
- FTR Positions Dataset (4)
- Geo Data (4)
- Solutions Developers (4)
- Commercial Vendors (3)
- Battery Operators (2)
- Independent Power Producers (2)
- PeopleOps (2)
- data quality (2)
- AI and Machine Learning (1)
- Crypto Mining (1)
- Europe (1)
- FERC (1)
- ISO-NE (1)
- Japanese Power Markets (1)
- NYISO (1)
- Natural Gas (1)
- Western Markets (1)
- hydro storage (1)
- nuclear power (1)
- December 2024 (1)
- November 2024 (7)
- October 2024 (6)
- September 2024 (5)
- August 2024 (7)
- July 2024 (9)
- June 2024 (5)
- May 2024 (7)
- April 2024 (8)
- March 2024 (6)
- February 2024 (9)
- January 2024 (7)
- December 2023 (4)
- November 2023 (5)
- October 2023 (6)
- September 2023 (2)
- August 2023 (6)
- July 2023 (3)
- May 2023 (4)
- April 2023 (2)
- March 2023 (2)
- February 2023 (2)
- January 2023 (5)
- December 2022 (2)
- November 2022 (1)
- October 2022 (3)
- September 2022 (5)
- August 2022 (5)
- July 2022 (3)
- June 2022 (3)
- May 2022 (1)
- April 2022 (3)
- March 2022 (3)
- February 2022 (6)
- January 2022 (3)
- December 2021 (2)
- November 2021 (4)
- October 2021 (4)
- September 2021 (3)
- August 2021 (2)
- July 2021 (4)
- June 2021 (5)
- May 2021 (3)
- April 2021 (3)
- March 2021 (4)
- February 2021 (3)
- December 2020 (3)
- November 2020 (4)
- October 2020 (2)
- September 2020 (5)
- August 2020 (2)
- July 2020 (2)
- June 2020 (1)
- May 2020 (9)
- November 2019 (1)
- August 2019 (2)
- June 2019 (2)
- May 2019 (2)
- January 2019 (1)