Disturbing Trends in Adversarial Cyber Tradecraft Used to Exploit the Energy Sector

The frequency of cyber threats on the United States energy sector is increasing in number and sophistication. As the country moves towards the adoption of smart grid technology in its utilities this opens it up to adversarial cyber espionage and attack. To date, there have been sporadic cyberattacks carried out against entities in the U.S. energy industry without long term damage. Despite no permanent impairment, the intensity of these attacks and growing cyber tradecraft trends are cause for great alarm.

Trend #1 Hackers are exploiting basic vulnerabilities

For cybercriminals, tradecraft involves identifying and evaluating the assets within the energy sector and determining vulnerabilities that can be exploited. Unfortunately for the U.S. energy industry little has been done to patch up these weaknesses.

According to a joint report published by the Ponemon Institute and Siemens in October 2019, Caught in the Crosshairs: Are Utilities Keeping Up with the Industrial Cyber Threat?, the U.S. energy industry is not as ready as it should be in the event that highly skilled threat vectors make a determined attempt to gain hold of industrial control systems.

Earlier in the year, the Department of Homeland Security issued an alert following a ransomware attack carried out by amateurs on an unnamed natural-gas pipeline operator. The spearphishing attack resulted in systems being infected with commodity, off-the-shelf ransomware disrupting operations for two days.

What concerned a lot of cyber experts was the fact that the company did not have a counterplan to respond to cyberattacks despite this not even being a sophisticated attack because of the lack of customized malware in the attack.

Trend #2 Hackers realize energy sector has lax IT infrastructure

The energy sector is notorious for having poor IT and OT infrastructure. And when these energy entities are attacked, even forensic evidence can’t help because many energy companies have no network detection and monitoring systems, a point that was highlighted in the Cyber Threat and Vulnerability Analysis of the US Electric Sector.

To add on there is a massive shortfall and lack of skilled personnel who have both an understanding of IT infrastructure and industrial systems. 56% of respondents in the Ponemon Institute report cited difficulty in securing personnel with the right skillset as their biggest obstacle in OT security.

Trend #3 Hackers exploit the fact that the U.S. power grid isn’t centralized

The U.S. power grid inclusive of pipelines, power lines, and power stations is a vast entity that has no central command center.  What’s more, this fragmented organism extends into Canada as it is interconnected with its grid system. The numerous operators in the chain greatly exacerbate the problem of developing a full-proof national cybersecurity plan making it easy for hackers to target those energy companies that have the least resistance and poor IT infrastructure.

Worried about a potential cyberattack?

Protect yourself from cyberattacks. Cybeta provides you with pre-emptive powerful cybersecurity resources that can assist in mitigating risks. Solutions include Threat Beta, Threat Alpha, and Cybeta Overwatch systems all developed by U.S. Intelligence-trained experts. Contact us for a consultation.