Javvad Malik, Lead Security Awareness Advocate, KnowBe4, raises awareness about cyber attacks on critical national infrastructure, a growing geopolitical threat to the midstream sector.
The rise of cyberattacks against critical national infrastructure (CNI) has grown exponentially around the world, creating serious threats to national stability, economy and security. While the types of threats against CNI vary, including data breaches and ransomware attacks, they focus on gaining access to control systems with the intent of causing serious disruption, industrial or national espionage or for financial gain. Certainly, all CNI sectors are now prime targets for cybercriminals and both state and non-state actors are using these attacks as strategic weapons in geopolitical conflicts, fundamentally altering the dynamics of global power. Europe’s power grid is under a ‘cyberattack deluge’, inundated by thousands of attacks, according to Leonard Birnbaum, Chief Executive of E.ON, one of Europe’s largest utilities, who said in 2023 that “the crooks are becoming better by the day,” adding “I am worried now and I will be even more worried in the future.”
If disrupted or shut down, sectors that are integral to a nation’s functionality like utilities (oil, gas, water, energy), transportation and telecommunications, will bring serious disruption and raise safety concerns to citizens. This trend is expected to grow, given that these industries – particularly in developed nations – are increasingly integrated with digital technologies, which can often introduce new vulnerabilities. The potential fallout from such attacks is catastrophic, making them a valuable tool for geopolitical rivals in their digital warfare strategies.
Where CNI disruption can lead
As mentioned, disrupting just one CNI sector can paralyse large portions of society. For instance, a failure in transportation could prevent air traffic controllers from communicating with planes, while freezing port operations and shipping lanes would severely disrupt the flow of goods, leading to economic chaos. A power grid outage could leave millions without electricity, severing communication lines, blocking access to bank accounts, and closing hospitals. Any of these situations could easily spark widespread social unrest.
Widespread outages can interrupt essential services such as healthcare, emergency response, and government operations on a global level. Many hospitals may face difficulties accessing critical data, causing delays in appointments and surgeries. Cybercriminals are quick to take advantage of these situations, setting up phishing domains and posing as support personnel. As infrastructure sectors in developed countries have become more integrated with digital technologies, these advancements have boosted capacity and efficiency, but they have also introduced new vulnerabilities to cyberattacks.
Recognising the potentially devastating consequences of an attack on these critical targets, geopolitical adversaries are positioning themselves to exploit vulnerabilities in the sector, making cyberattacks on infrastructure a powerful addition to their digital arsenals. One of the most alarming threats is an attack on the energy sector, which encompasses power generation, water treatment, electricity supply, and other interconnected systems. Such an attack could plunge communities into chaos; for instance, a sudden power outage could cripple the operations of hospitals, emergency responders, and military bases. This scenario is more realistic than we might hope.
A global issue
Cyberattacks have been well documented in the world news and the statistics surrounding the number of attacks against CNIs are concerning. A report from the International Energy Agency (IEA) revealed that the average number of weekly cyberattacks on utilities more than doubled globally between 2020 and 2022. By 2023, that number had doubled again.
For instance, in April 2024, the North American Electric Reliability Corporation (NERC) reported that vulnerabilities in the US power grid were increasing at a rate of approximately 60 points per day. In 2022, the number of vulnerable points rose from 21 000 to 22 000, and it now stands between 23 000 and 24 000. One of the most high-profile CNI attacks in recent years was against the US’s largest pipeline, Colonial Oil, which was hit in 2021 with a massive targeted ransomware attack. The pipeline, which supplied more than 45% of the gas, diesel, and jet fuel for the American East Coast, was forced to shut down and was offline for 11 days after paying US$5 million in ransom. The attack, which left 11 000 gas stations out of gas, caused states of emergency to be declared in four states, and spiked the cost of fuel to its highest in six years, was perpetrated by the Russian hacker group DarkSide.
In Europe, similar CNI attacks have been documented. In 2023, Denmark’s energy infrastructure was hit by a coordinated attack, where hackers successfully breached the industrial control systems of several companies. “The attackers knew exactly who to target and hit the mark every time,” the organisation reported. While Polish Deputy Energy Minister Ireneusz Zyska, recalled a visit to Poland’s grid operations centre, located three stories underground for protection against nuclear threats. “I was watching thousands of live attacks on our energy grid. It’s clear these attacks originate from the East – from Russia and other non-democratic nations,” he noted, adding that these countries “have established dedicated teams focused on cyberattacks against EU democracies to create chaos.”
In the UK, research has revealed that 45% of energy companies admitted that they have suffered disruption to their operations as a direct result of a cyberattack. According to the report, the energy sector is struggling to react quickly to cyber-incidents and mitigate the damage they cause.
The sheer numbers of attacks are accelerating every year. Between January 2023 and January 2024, global critical infrastructure faced over 420 million cyberattacks, with varying levels of severity, according to Forescout Research – Vedere Labs. This equates to 13 attacks per second, marking a 30% increase compared to 2022. These attacks have affected 163 countries, with the US being the most frequently targeted, followed by the United Kingdom, Germany, India, and Japan. China is home to the largest concentration of threat actors behind these attacks, followed by Russia and Iran.
To access the full version of this article and get a free trial subscription to World Pipelines, sign up here!