Problem in Energy Sectors: The Cybersecurity Vulnerability
& Protections in Energy Industry

Despite of security software, computers and information stored are still susceptible to malware attacks via users’ reactions to corrupted emails, automatic network connections, access to low-level communication functions, etc. The security software is also vulnerable when it is busy—such as when (1) never detecting a new type of exploit, (2) lacking in network segmentation in energy grids, (3) taking a long lag time to update signatures, and (4) waiting for other processes or interacting with applications and sharing real-time operational data with heterogeneous computers over the intranet and/or internet.

Cybersecurity Vulnerability in Natural Gas Sectors

Different types of power plants and systems (e.g., natural-gas/nuclear/hydroelectric power plants, etc.) have been operating in energy grids. Demands of the power plants and systems rely on a few common factors (e.g., operational cost & economic value). For instance, global liquid natural gas (LNG) demand in 2020 was approximately 120 Bm3 or 3% decreased. However, strategists mentioned that this LNG demand changes was temporarily [1] and continuously grow after 2020. The operation cost of natural-gas power plants are affected accordingly. Another common factor (i.e., security) is vulnerability of the sectors against cyber-attacks because of (1) increasing number of attacks, (2) decentralized cybersecurity leadership, and (3) unique interdependencies between physical and cyber infrastructure electric-power and natural gas sectors, especially for the commandeering of operations technology (OT) systems [2].

Cyber-attacks in Industrial Control Systems (ICSs)

Cyber-attacks target gas power plants and aim other facilities (i.e., gas wells, utility companies etc.). The U.S. intelligence community alarmed the UglyGorilla attack on gas pipeline companies and breached the 300,000 mile-long pipelines. A security expert warned such attacks could result in large amount of time to recover or shut off the natural gas [3]. Another successful attack was reported by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). As per the report, a ransomware attack shuts down a gas compressor station for two days. This resulted in a loss of revenue and productivity. The sophisticate attack hacked the industrial control systems (ICSs) which assist to operate pipelines and power grids. Experts revealed that the compressor station attack initiated on the information technology (IT) side of a pipeline company during its operations and then propagated to the OT side because of a lack of system segmentation. More often malware attacks target the OT side. Security analysts alert that ICS networks become more vulnerable in the future [4].

Cyber-threats & Potential Preventions on ICS Networks: From IT to OT

More “ransomware” and “malware” were used to infect ICS systems and shut down operations at natural-gas pipeline compressor stations as CISA reported. Majority of data breaches (e.g., more than 90%) start with spear phishing attacks. Thus, the “ransomware” accesses the IT systems after successful spear phishing attacks. Then, the OT side becomes impacted assets. Finally, ICSs cannot access any real-time operational data. This attacking scenario is viable due to a lack of network segmentation. More specifically, operational impacts can be caused by a combination of insufficient segregation of IT and ICS environments and shared operating system infrastructure in the successful compressor station attacks. Thereby, overall pipeline operations ceased during restoration from backup operational data and configuration files. It makes sensible to “establish hard boundaries” between organizational IT and its OT environments for reducing the successful compressor station attack by ransomware. Thus, potential recommendations [5] include: monitoring of outbound communications from ICS networks to identify signs of infection events within OT sides; developing strong network defenses between the IT and OT networks; creating choke points to limit malware spread; and others.

Black Start: A Resilience Process after Unsuccessful Reactive Protections

As energy generation has been evolving, power plants are also diversified. However, prediction of power outage can be occurred random time and location. Thus, researchers and experts consent that “resiliency” of the power outage represents a new era in energy industry and R&D community. 
Recovery from power outage can rely on different scales of power plant outage and various types of power plants on the electric grid. A power plant under outage can restart if the plant is still connected to supply power for necessary systems, equipment, and others including a generating unit via the electric grid. However, a widespread outage (i.e., “blackout”) on the grid may hinder black start operations because of powerless situations. For the successful powering up black start plants, a sequence of the black start steps needs to be taken expeditiously and safely. Natural gas plants have positive and negative characteristics including (1) large scale, (2) prompt restart, (3) tolerances, (4) strong connections to the transmission network, (5) dependency on pressurized gas supply, etc.

More will be available