Cybersecurity has been at the forefront of the news for several years. Coverage of the space usually focuses on a breach at a consumer-facing company, resulting in people’s credit cards, bank and personal records being stolen. As bad as these kinds of incidents are, however, we have thus far avoided cybersecurity threats that pose far larger and scarier problems. It’s cyber attacks on the energy space, not the consumer credit space, that could cripple the United States — or any country — as well as bring about a collapse of order and society that most of us associate with apocalyptical scenarios.
Hollywood has picked up on this theme, producing a film earlier this year, Blackhat, which Wired called “the best hacker movie ever made.” The movie’s premise centers on the meltdown of a Hong Kong nuclear plant as a result of targeting by hackers. It takes much of its inspiration from Stuxnet, a malicious computer worm that the United States used to destroy a fifth of Iran’s uranium-enriching centrifuges. But the threat currently facing the world isn’t one dreamed up by Hollywood; it’s real. A congressional commission estimated that a large-scale blackout, if prolonged, could lead to 90% of the United States’ population perishing from disease, lack of food and general societal breakdown.
My team and I recently detailed these threats in an article for The Legal Intelligencer. The analysis of the piece runs quite deep, delving into some arcane aspects of state-level and federal-level legislation that look to address the threat from cyber attacks on the energy sector. Our examination in The Legal Intelligencer provides for some critical takeaways. Along with my Blank Rome co-authors on the paper, Margaret Anne Hill and Tom Duncan, I have closely studied the kind of domino effects yielded by particularly potent attacks on the information systems of our energy infrastructure. The conclusions we put forth should give all of us pause.
One very interesting tidbit:
According to a Wall Street Journal report, a survey of 625 IT executives in the U.S., U.K., France, and Germany found that 48 percent said they think it is likely there will be a cyber-attack on critical infrastructure, including energy infrastructure, in the next three years that will result in the loss of life. The costs of cybersecurity are also increasing at an alarming rate. For example, JPMorgan Chase’s annual cybersecurity expenditures are expected to double to $500 million within the next five years.
What continues to be clear through all of this — be it our examination or even the movie Blackhat, whose plot isn’t as hyperbolic as some might think — is that putting controls and measures in place to ensure the cybersecurity of our energy infrastructure should be a task of paramount importance.
The United States used to worry about the Soviets approaching with their ballistic missiles and bombers from the top of the world, flying over the North Pole. While the Soviet threat has faded, the Russians now sport a potent capacity to attack silently via the Web with malicious code. Theirs is just one of the many state-sponsored and now terrorist-sponsored cells who can execute a debilitating cyber attack. Just as we used to meet the Soviets with our own national ingenuity and will (and fighter jets), we need to meet this newer threat with equal vigilance.
Michael L. Krancer is Partner & Energy, Petrochemical and Natural Resources Practice Group Leader at Blank Rome LLP and a former secretary of the Pennsylvania Department of Environmental Protection. His blog,Energy Trends Watch, follows developments in energy, petrochemical and natural resources.