The modern era of global technologies creates a two-fold situation. On the one hand, new advanced digital technologies are emerging to automate energy production. On the other hand, this development generates opportunities for new cyber threats because people from distant regions may hack these systems. Researchers indicate that during 2013-2015 the energy sector was the industry that experienced the majority of cyber attacks (US Department of Energy, 2018). In 2021, hackers entered Colonial Pipeline’s networks, the largest American pipeline for refined oil products (Turton & Mehrotra, 2021). Nevertheless, it is instructive to return to the 2018 multi-year plan for energy sector cybersecurity published by the US Department of Energy (DOE). It will show what strategies were set as top priorities to combat cybersecurity threats. Before that, a detailed discussion of the major hackers’ threats will be summarized. DOE’s plan overwhelmingly addresses all the cybersecurity concerns, while contemporary world realities force the federal government to intensify its actions.
Status Quo of Cybersecurity Threats
Attacks on the operational technology environment are strikingly different from basic hacks of business IT systems. While cyberattack on IT systems may result in loss or leaking of information, interference in operational technology systems may cause real disruption of power and physically damage specialized equipment (US Department of Energy, 2018). The gradual increase of intersections between the operational environment, which in the past was mostly offline, and the IT system was the factor for the increase in cyberattacks. Another factor of increase is the sophistication of technologies and methods used by attackers (US Department of Energy, 2018). It results in the usage of cyber attacks on key industries as a geopolitical tool in the international arena.
Researchers emphasize the variety of groups that can attack the energy industry. US The Department of Energy (2018) identifies three divisions: terrorists, nation-states, and criminals. It is often the case when investigations of attacks’ roots direct to geopolitical competitors, such as Russia and China. In order to avoid direct accusations, states organize attacks not directly but through sponsoring hacker groups operating anonymously. For example, the 2021 attack on Colonial Pipeline was organized by DarkSide, an anonymous group of hackers based in Russia. They indicated that they were “apolitical”, emphasizing that “we do not participate in geopolitics” (Radio Free Europe, 2021). However, researchers note that under the guise of a desire to earn money, real intentions are often associated with encroachment on the country’s sovereignty (US Department of Energy, 2018). That is why the government needs to assist private businesses in their struggle to improve cyber security.
DOE’s Response to Cyber Threats
DOE’s strategy was to be proactive in dealing with any attack and build partnerships between the private and public sectors. The public sector must coordinate all the chain links to provide an organized response to hackers (US Department of Energy, 2018). Three department tasks follow these key ideas – firstly, it is necessary to constantly reduce risks through permanent readiness. Secondly, coordination between companies, sharing of information, and joint training should form the core of the strategy. Thirdly, collaboration with the state concerned will help develop better strategies through work with universities and government information.
The basis of the strategy’s vision is the conviction that the state does not have the right to deprive hundreds of thousands of people of energy. The public sector cannot sacrifice the well-being of American citizens and solve the problem of an attack after the fact when the attack was successfully carried out. Even if security technologies cannot cope with a hacker threat, you should build a system so that the provision of critical services occurs autonomously and uninterrupted.
In my opinion, security of the energy sector should stand at the center of the state’s national interests. The problem must be addressed at the federal level because hacking attacks on the operating systems of electricity is not a threat to individual states but to the whole idea of freedom that underlies the United States of America. Statistics show that this problem cannot be called overblown: a survey conducted in 2016 among 80 security professionals shows that 80% believe that a cyber attack would definitely cause physical damage to the infrastructure (US Department of Energy, 2018). As for the American population, it is in their interest to demand a higher level of security, especially in the era of high gasoline prices and Putin’s war in Ukraine (Patterson & Goldfarb, 2022). Therefore, I strongly agree with the report’s conclusions that cybersecurity should be the top priority for the government.
As for the plan’s content, it seems for me that it overwhelmingly covers the security needs. The report’s authors pay attention to various sides of the process: cost-efficiency, demand for security professionals, and tools for pre-detection of threats (US Department of Energy, 2018). Nevertheless, although the document does not discuss federal spending on cybersecurity, it seems that the federal government should secure a big budget to realize the program. The reason is that the current situation is complicated by the post-COVID-19 crisis and unstable relations with China and Russia. Even from a non-expert perspective, the 2021 attack by a hacker group from Russia shows that the American system is still vulnerable.
Patterson, S., & Goldfarb, S. (2022). Why are gasoline prices so high? Ukraine-Russia war sparks increases across U.S. Wall Street Journal.
Radio Free Europe. (2021). Biden says Russia has ‘some responsibility’ in pipeline ransomware attack.
Turton, W., & Mehrotra, K. (2021). Hackers breached Colonial Pipeline using compromised password. Bloomberg.
US Department of Energy. (2018). Multiyear plan for energy sector cybersecurity.