Skip to main content

Cybercriminals, state sponsors target energy industry

By December 23, 2019March 30th, 2023computer forensics

A cyberattack in April on a shared data network forced four U.S. natural-gas pipeline operators to temporarily shut down computer communications with customers. It was one of the latest displays of the vulnerability of America’s power grid and energy industry to criminal hackers and rogue states.

Probably the loudest international wake-up call came in 2015, with Russia testing its cyberattacking capabilities on the Ukrainian capital of Kiev. Using new cyberweapons, such as CrashOverride and BlackEnergy 3, Russian hackers were able to disrupt the electric power grid and black out the homes and businesses of 225,000 people in the Ukraine.

U.S. federal agencies earlier this year issued a report blaming Russian government-supported hackers for targeting U.S. energy and other industries in a new wave of attacks launched since 2016.

Last year, Federal Bureau of Investigation and Department of Homeland Security officials reported that Russian hackers were behind cyberintrusions into the U.S. energy power grid. The intrusion further demonstrated the threat hackers pose to the nation’s critical industries — energy, finance, health care, manufacturing and transportation.

There is a wide range of motivations behind these cyberattacks. Holding companies hostage with ransomware and the opportunities for outright theft are profitable endeavors for criminal hackers and their state sponsors.

The attack on natural-gas pipeline operators may have been in retaliation for the expulsion of 60 Russians from the U.S., an effort to intimidate and reveal U.S. vulnerabilities or a means to gather competitive information.

The House Committee on Science, Space and Technology released a staff report in April concluding Russian-backed cyberattacks were efforts to influence American energy markets and energy policy in response to the increased exports of U.S. liquefied natural gas, which challenges Russian dominance in European markets.

Increasingly, cyberattacks are becoming so effective that an office within the U.S. Department of Energy is being established to shore up cybersecurity for such critical facilities as nuclear power plants, refineries and pipelines.

But companies big and small cannot wait for “the government” to save them from these attacks. Understanding the attacks, identifying company vulnerabilities and maintaining vigilance to defend against new threats are critical steps companies must take.

No doubt, increasing cyberattacks are intended to gain access and test responses. Hackers and their state sponsors are playing a long-game — setting up strategies that include extortion, the shutdown of systems, explosions, spills, and fires that result in the loss of human life and property, and degradation of the environment.

Nearly 2.5 million miles of oil, gas and chemical pipelines crisscross the U.S. Many hundreds of miles are in Kern County, alone.

Hackers are using a big bag of tricks to gain entry into the U.S. energy system. Most common, they fall into two categories: “spear phishing,” where customized emails trick recipients into opening malware that is embedded into a system, and “water-hole attacks,” where familiar and trusted websites are infiltrated or cloned to include malicious code.

And while hackers’ main targets are large energy companies and facilities, the strategy is to start small. By targeting vendors, service companies, suppliers, trade publications and industry websites, hackers can worm their way into the main targets. Often, smaller companies along the “supply chain” are not as focused on cybersecurity as are the larger companies.

It is important that any company doing business in today’s energy industry must be vigilant, regardless of its size.

Some steps that can be taken:

• Form industry coalitions. Work together to share threat information.

• Constantly audit company security measures. Identify intrusions and attempted intrusions. Insure that company security measures are updated and enforced.

• Train and retrain staff to identify and combat evolving threats.

• Limit regular user computer access. Develop a need-to-know and use system.

• Require complex passwords for all users and require passwords to be regularly changed.

• Adopt multifactor authentication to prevent stolen logins and passwords from being used.

• Dedicate staff to cybersecurity or hire competent, trusted cybersecurity consultants.

Alphonso Rivera is the founder and CEO of Advanced Micro Resource Digital Forensics, a Bakersfield-based company that specializes in digital audits involving cell phone and computer evidence for attorneys, private investigators, human resources consultants and companies.