US pipeline hacking signals growing cyber-security risk for energy system, Tech News News & Top Stories

WASHINGTON (NYTIMES) – The audacious ransomware attack that shut down a major fuel pipeline and sent Americans scrambling for petrol in the south-east last week was not the first time that hackers have disrupted the United States’ ageing, vulnerable energy infrastructure. And it is unlikely to be the last.

Across the globe, cyber attackers are increasingly taking aim at the energy systems that underpin modern society.

A February report from IBM found that the energy industry was the third-most targeted sector for such attacks last year, behind only finance and manufacturing. That was up from ninth place in 2019.

“This should be a wake-up call,” said Mr Jonathon Monken, a principal at energy consulting firm Converge Strategies.

“When you look at what’s most likely to cause disruptions to energy companies today, I think you have to put cyber-security risks at the top.”

Despite years of warnings, America’s vast network of pipelines, electric grids and power plants remains acutely vulnerable to cyber attacks with the potential to disrupt energy supplies for millions of people.

Dealing with those risks, analysts said, will pose a major challenge for the Biden administration as it seeks hundreds of billions of dollars to modernise the nation’s energy infrastructure and transition to cleaner sources of energy to address climate change.

Regulators are increasingly poised to step in.

Last week, Mr Richard Glick, the chairman of the Federal Energy Regulatory Commission, said it was time to establish mandatory cyber-security standards for the nation’s nearly 4.8 million km of oil and gas pipelines, similar to those currently found in the electricity sector.

“Simply encouraging pipelines to voluntarily adopt best practices is an inadequate response to the ever increasing number and sophistication of malevolent cyber actors,” Mr Glick said in a statement.

The risks to the nation’s energy systems are widespread and varied. Many oil and gas pipelines, for instance, rely on decades-old control systems that are not well defended against more sophisticated cyber attacks and cannot be easily updated.

And it is not just pipelines. As electric grid operators harness a growing array of digital…