• A cyberattack on Amsterdam-Rotterdam-Antwerp (ARA) may have reverberating consequences on business operation and the economy across Europe.
  • Ransomware attacks have risen 150% in the last year and are increasingly successful with conventional defenses often inadequate.
  • Increased information sharing, partnerships and collaboration is needed to build out cyber hygiene measures in the face of these increasing destructive cyberattacks.

A cyberattack on the major European oil refining hubs of Amsterdam-Rotterdam-Antwerp (ARA) has considerably disrupted the loading and unloading of refined product cargoes amid a continental energy crisis.

The disruption could see further cascading effects, with potentially larger societal and economic impacts across all European countries. This follows a similar attack on two German firms that led to minor disruption on petrol supplies in northern Germany.

Why does it matter?

Early reports indicate that a type of ransomware was use in the attacks in Germany. Ransomware attacks grew 150% in the past year and can cause considerable damage even in well-supplied and stable markets. The recent attack rings similar to the US Colonial Pipeline incident last year, when an American pipeline suffered a ransomware attack with considerable disruptions to supply in parts of the US East Coast.

The cyber attack on ARA initially appears to compound an already difficult situation for European energy markets. Oil and gas inventories are low and prices are at levels not seen for years. As a result, it will likely increase the level of stress in the system more so than its actual physical impact. Further, these attacks and the disruptions occur in a time of geopolitical crisis, increasing the chances of wider inadvertent political escalation.

The kinetic impact to society-at-large of having an infrastructure breakdown due to a cyberattack is also highlighted by the incident. These attacks were listed as one of the top three concerns of cyber leaders in the 2022 Global Cyber Outlook report.

Precedential attacks

The current attack is not the first vulnerability exposed by cyberattacks on critical energy infrastructure. For example, the US Colonial Pipeline ransomware attack in May 2021 led to the shutdown of 5,500 miles of pipeline carrying around 45% of fuel supplies on the East Coast.

Other recent cyberattacks, like those on a Florida water plant in February 2021 and a Solarwinds software provider in 2020, further emphasize that the success of these attacks depend on the shortcomings of defensive measures. There's also a clear need to secure legacy systems, inadequately protected due to rapid digitalization and their connection to the internet, despite such connectivity not being envisaged in their original design.

Profound impacts

These attacks can potentially disrupt critical infrastructures that deliver foundational support to current economies and functional societies. They could also drive government action on the importance of cybersecurity. For instance, after the US Colonial Pipeline affair, US President Joe Biden signed an executive order to strengthen cybersecurity across the federal government and critical infrastructures. The Cybersecurity and Infrastructure Security Agency recently circulated advance warnings on threats to critical infrastructure in the US, with concrete recommendations and suggestions.

As cyber threats become more sophisticated, the current digital transformation across the industry exposes critical infrastructure and the entire oil and gas supply chain to cyber risks with potential future safety and environmental impacts and disruptions to business operations.

Protection against these cyber threats is increasingly challenging in the face of growing attack surfaces, the proliferation of offensive cyber capabilities, and shortfalls in international cooperation.

There are, therefore, three significant trends facing the industry:

– The expansion and convergence of the digital threat landscape between IT and OT (operational technology), with greater connectivity of the critical infrastructure and rapid adoption of emerging technologies to speed up the business model transformation.

– The rise and complication of supply chain attacks in securing global oil and gas operating environments with the highly interconnected environment of partners, joint ventures and suppliers where cyber hygiene is siloed and responsibility shared across diverse priorities.

– The escalation of cyber-attacks in the industry threatens business operations and public safety, as stressed by 80% of cyber leaders on the Cybersecurity Outlook report.

What can we do?

The industry should act now to mitigate future disruptions caused by cyber-attacks similar to the ARA incident.

To help in this effort, the World Economic Forum’s Cyber Resilience in the Oil and Gas Community conveys 60+ cyber leaders from the industry to help strengthen the cyber resilience of the oil and gas sector. The community has developed and shaped the following guiding principles, providing the first step to help senior leaders take action on cyber resilience:

– Establish a comprehensive cybersecurity governance model.

– Promote security and resilience-by design culture.

– Increase the visibility of third parties' risk posture and consider broader ecosystem impact.

– Implement holistic risk management and defence mechanisms with effective preventive, monitoring, response and recovery capabilities.

– Prepare and test a resilience plan based on a list of predefined scenarios to mitigate the impact of an attack.

– Strengthen international public-private collaboration between all stakeholders in the industry.

To find out more, you can read about the Centre for Cybersecurity's project on Cyber Resilience in Oil and Gas and about the Partnership against Cyber-Crime. For further insights, check out the recent Global Cybersecurity Outlook report.