Cyberattacks on energy and commodities infrastructure rose sharply in the third quarter of 2022, with a record high of major incidents already recorded so far this year, the latest update of S&P Global Energy Security Sentinel showed.
Five cyberattacks targeting the energy market occurred in Q3 this year compared to only two in the previous quarter. These incidents were focused more on the power, gas and nuclear sectors than oil.
Lithuania’s state-owned energy group Ignitis, Ukraine’s state nuclear power company Energoatom, Greece’s largest natural gas supplier DESFA, Australian mining company Lynas Rare Earths, and UK utility infrastructure and provider Fulcrum were all hit by cyber security incidents over this period.
Cyberattacks have emerged as a growing threat to commodity supply chains and companies are starting to prioritize cybersecurity.
Cyber systems for energy assets are on high alert with a rise in cyber threats from Russian actors as the West tightens sanctions on Russia over the invasion of Ukraine.
Record highs in 2022
So far, a total of 45 cybersecurity incidents targeting energy and commodities infrastructure have taken place since 2017, according to the Energy Security Sentinel. Thirteen of these have taken place so far this year, the highest annual level over the last six years.
Oil assets and infrastructure were the biggest targets for hackers, accounting for a third of all incidents since 2017.
Electricity networks were the next most vulnerable, making up over quarter of all incidents, data showed. Gas and shipping were the two other sectors that experienced a moderate amount of cyberattacks.
Commodities, energy and resources assets in the US have been targeted more than any other nation, accounting for almost a quarter of all cyberattacks since 2017, according to the updated Energy Security Sentinel. Eleven of these attacks were also focused on Europe-based companies, data showed.
One of the biggest cyber incidents was earlier this year, when a cyberattack targeted loading facilities in Germany and spread to key terminals in the Amsterdam-Rotterdam-Antwerp network. A total of 17 terminals (11 in Germany and six in the Amsterdam-Rotterdam-Antwerp hub) were affected.
Last year, incidents included a ransomware attack by hackers on Saudi Aramco, the world’s largest single exporter of crude, which involved a data leak and an attempt to extort $50 million from the state-controlled oil producer.
Cybersecurity has emerged as a major threat to commodities industries and markets over the last decade, with hackers seeking to steal data and paralyze the flow of resources. In 2020, petroleum product prices in the US were hit when the Colonial Pipeline, which supplies around 45% of fuel to the East Coast, was hit by a ransomware attack.
Energy security and supply concerns in Europe took a front seat in the third quarter of 2022 as the fallout from Russia’s invasion of Ukraine gathered pace, but heightened tensions there were somewhat offset by a drop in recorded attacks on oil facilities, pipelines and tankers in the Middle East, the Energy Security Sentinel showed.
