Why the UK’s energy sector is fragile and ripe to cyber attacks
For the first time in a generation, the UK is in the middle of an unprecedented supply chain crisis, and in recent weeks, we have seen very clearly the immediate and far-reaching impacts of it. Whether it’s the shortage of truck drivers prompting panic-buying at fuel stations that required military intervention, or the ramp up of materials and goods stockpiling UK businesses are doing to cope with shortages during the festive season, never has the UK’s supply chain system been stretched so thin. There are real fears this could rip through an economy that has only just started recovering from COVID-19.
It only takes one component to suffer for the entire chain to be knocked out, triggering a ripple effect on our everyday lives. If we’re experiencing problems now, can you imagine how devastating a full-scale cyber attack on our supply chain would be, particularly at a time when our systems are already at a tipping poin
One sector that I believe is ripe and particularly susceptible to cyber attacks currently is the UK’s energy sector. Impacted by a surge in demand for energy by countries across the northern hemisphere, the supply chain that services the UK’s critical need for gas and electricity is currently grappling with a widespread energy crisis as we head into winter. The global gas crunch and a string of recent problems in the UK’s electricity system already means many ageing nuclear power plants are starting to take unplanned outages for maintenance, while the ongoing energy shortages are set to lead to further industry shut down. In recent weeks, we have seen several energy suppliers fold as gas prices rise exponentially. In just one week at the end of November, both Orbit Energy and Entice Energy ceased trading and Bulb was placed in “special administration” – bringing the total number of companies to go bust this year to 28 (25 since August).
It’s these “lights out” and pressure moments on the system that provide opportunities for threat actors to access our critical infrastructure. Important enterprise computer systems will be even more susceptible to attacks and, if infiltrated, could lead to much more serious and long-term disruption. These risks are not theoretical– we only have to look at some of the recent supply chain attacks that have caused widespread disruption: Kaseya, Colonial Pipeline, the May 2021 ransomware attack against the Health Service Executive (HSE).
The National Cyber Security Centre (NCSC) recently revealing that it has defended the UK from a record number of cyber attacks in the last year, including those targeted at supply chains, has made it clear just how vulnerable the UK’s energy sector is likely to be at this moment in time, and why it’s imperative that the industry pays attention and invests in its cybersecurity operations.
Instead of waiting for an attack to happen, IT teams operating in this sector must prioritize bolstering their cybersecurity technologies to ensure their firewall is secure and any legacy, archaic computer systems and software they have been using are properly protected. Now is the time to make meaningful cybersecurity investment.
A positive place for organizations across our supply chain to start is to fundamentally assess the state of their cybersecurity operations holistically, and look at where they need to make positive, impactful changes. Instead of just investing in another tool, a large part of reducing the risk and impact boils down to how fast you can react to an incident. How quickly can you pivot from investigation to containment, and how well do you know your environment and what runs within it.
For example, alert fatigue can be eliminated using modern threat detection and response technology, which gives security teams the ability to embrace a “quality not quantity” approach to their day-to-day investigations, implement more tailored risk management processes and equip their non-security colleagues with the knowledge they need to spot attacks. They can even take it one step further and use data science to model scenarios to highlight any potential weaknesses in their systems. Being on the front foot with cybersecurity operations and increasing your chances of spotting an attack before it happens can be the difference between survival or total system collapse.
With cybercrime actors continuing to target critical industries, companies can also benefit from information sharing within their sector to mitigate risks and help thwart active threat campaigns. The fact that additional pipeline companies weren’t hit following the Colonial Pipeline breach signals this type of backchannel information sharing that exists within certain sectors. When competitive advantage is a factor in whether to share information, companies can lean on European Energy Information Sharing & Analysis Centers (EE-ISACs) to anonymously share information within their spheres without disclosing trade secrets. Sharing cybersecurity intel in this manner is a critical component to staying protected from new and emerging threats.
Of course, cybercriminals won’t just give up and go home. Once these investments have been made, keeping these robust response plans in place over the long-term is going to be key to sustained and consistent protection for the energy sector and every other area of our supply chain. When the inevitable happens, it’s crucial a response is battle-tested regularly to minimize impact and disruption on operations. Ultimately, if these step changes can be implemented efficiently and properly, our critical infrastructure will be in a much better position to combat an evolving threat landscape that is progressively becoming more complex and complicated.