Cyber risk must be managed, says World Energy Council

05 October 2016

Cyber risk presents a "unique concern" in the energy sector because an attack on energy infrastructure has the potential "to cross from the cyber realm to the physical world", says a new report by The World Energy Council. The report - titled The road to resilience: Managing cyber risks - says a cyber-attack could cause, for instance, a "massive operational failure of an energy asset".

"Large centralised infrastructures are especially at risk due to the potential 'domino effect' damage that an attack on a nuclear, coal, or oil plant could cause," according to the report.

It gives two examples of cyber-attacks on the nuclear power industry - 'Slammer' in the USA in 2003 and hacking in South Korea in 2014-2015.

The fastest computer worm in history, Slammer infected the computer systems at the Davis-Besse nuclear power plant near Oak Harbor, Ohio, disabling a safety monitoring system for five hours. The reactor had been offline for nearly a year before its Slammer infection.

Korea Hydro and Nuclear Power Company suffered a series of hacking attacks aimed at causing nuclear reactors to malfunction, the report says. The attacks only succeeded in leaking non-classified documents, it added.

The report in the third in a series about Financing Resilient Energy Infrastructure and investigates how cyber risks can best be managed, "taking into account the changing nature of the energy industry and energy infrastructure".

Actions are recommended for decision makers and stakeholders to improve the sector's response to rising cyber threats, as part of a wider move toward greater resilience.

"Increased digitisation leads to more efficiency and opportunities for grid and pipeline management and exploration and production activities. Yet, at the same time energy assets become more vulnerable to cyber-attacks, in particular due to the automation of Industrial Control Systems (ICS)," the report says. "Attacks on ICSs could lead to loss of control of key equipment, with potential machinery breakdown, fire, explosion or injuries."

The World Energy Council describes itself as "the principal impartial network of leaders and practitioners promoting an affordable, stable and environmentally sensitive energy system for the greatest benefit of all". Formed in 1923, it is the UN-accredited global energy body, with more than 3000 member organisations in over 90 countries and drawn from governments, private and state corporations, academia, NGOs and energy-related stakeholders.

Ali Akbar Salehi, Iranian vice-president and chairman of the Atomic Energy Organization of Iran, told delegates at the International Atomic Energy Agency's 60th General Conference in Vienna last week that cyber-attack is "one of the most wretched instances of nuclear sabotage". He said the 'Stuxnet' virus attacks against nuclear and other civil facilities in Iran had been a "vivid example" of this.

Researched and written
by World Nuclear News