The Peril of The Undercurrents: Energy Infrastructure’s Shocking Vulnerabilities

What crises unravel the fabric of society to convey its ugly realities? A behemoth implosion of the financial markets? An overnight Coup-d'etat? What about the severance and weaponization of electricity, gas, and water across all energy sources?

One pillar of society is often both relegated and misconstrued in its sheer importance to a functioning civilization: the presence of adequate energy and utility infrastructure. In the absence of reliable connectivity to support robust power, gas, electricity and or water, even the most advanced societies crumble and descend into sheer pandemonium. 

It is unequivocal that the most grave cybersecurity dilemma facing the world are the multifaceted threats that energy infrastructure is extremely vulnerable to. Succinctly speaking, the reasons for this are as such: energy infrastructure is sorely outdated; energy infrastructure operates on many levels that can be infiltrated, and energy infrastructure is cemented as a centralized actor albeit a geographically far-reaching one that can be manipulated.

Eminent Western countries in particular are quick to scapegoat when circuit breakers snap, thus making for an electrical blackout, or an extreme weather event causes an outage, blaming bloated bureaucracy and underfunded departments for not acting more cautiously. The issue is larger than this: power and grid infrastructure in countries like the U.S. is antiquated and rusty. The software required for today’s utilities to operate was developed 20-30 years ago, and, bereft of major investment or rehaul, has been unable to simply cope with basic challenges, such as those that anticipated heatwaves, tropical storms, and blizzards present. The worrying level of fragility poses a question: how will the underlying grid software cope with unanticipated affronts, sabotages and hacks if its software and hardware operates at such an elementary security level? After all, the Colonial Pipeline system, which transports over 100 million gallons of fuel daily to dozens of states in the U.S., collapsed in May of this year due to a ransomware attack made possible because the Pipeline only had single-factor authentication security -- i.e.,one password required. Groups like perpetrators DarkSide are, and will be, fully cognizant of the many other all-too-easy methods of infiltrating these systems.

Energy infrastructure is also a tantalizing target for cyber-threats because it operates on multiple levels. Hackers can launch attacks on various segments of a particular energy system that affect the physical or digital realms, with drastic implications for both For example, a group may launch a cyber-assault on the “generation” aspect of energy, targeting the machinery that is responsible for creating and safely compressing gas, causing mass cutoffs in inventory and service. They could direct their efforts toward the “network” aspect, which leads to the theft of customer identities, their payment information for services; or the “distribution” segment -- the actual reliability systems in place to connect the generators to the transmitters. Cyber-criminals have a buffet of options -- in both digital and physical domains -- to attack when examining energy infrastructure.

As primarily independent agencies and actors, energy authorities, utilities and institutions occupy a unique vantage point in society from which cyber-criminals can launch an attack. In infiltrating a utility, for example, cyber-criminals can leverage access to dozens of states, cities and counties. If leading utility Xcel Energy’s hardware and software located at company headquarters in Minneapolis, Minnesota were to be sabotaged, then those implications are not limited to Minnesota: Xcel provides services to eight other states across the country. Consequently, nine states are now under digital siege, suffocated from supply and scattered, affecting millions. Scores of utilities operate analogously. Eerily, precedents have been set for the weaponization of severing energy supply -- Russia on more than one occasion has cut off gas pipelines to its neighbor Ukraine over political disputes (Pifer). What is to stop cyber-criminals from carrying out politically motivated energy-severance attacks on utilities in states whose policies they don’t agree with?

Energy infrastructure is a crucial, necessary pillar of a functioning society, and plays an omniscient role. Due to antiquated design and engineering, the multiple angles from which it can be sabotaged, and its unique role as a centripetal yet far-reaching authority, It is also the single most vulnerable set of institutions that need utmost protection from strategic attacks launched from a domain we are still acclimating to. Massive overhauls in energy infrastructure to both the physical mechanisms and its accompanying digital systems are in order if populations across the United States and the western world are to be protected from sinister, overarching threats that will cause suffering and mass disarray.