Cyber-Attacks on Energy Infrastructure—A Literature Overview and Perspectives on the Current Situation

Advanced Persistent Threats (APT) are stealthy multi-step attacks, often executed over an extensive time period and tailored for a specific attack target. APTs represent a “low and slow” type of cyberattack, meaning that they most often remain undetected until the consequence of the attack becomes evident. Energy infrastructure, including power grids, oil and gas infrastructure, offshore wind installations, etc., form the basis of a modern digital nation. In addition to loss of power, financial systems, banking systems, digital national services, etc., become non-operational without electricity. Loss of power from an APT cyberattack could result in loss of life and the possibility of creating digital chaos. Digital payments becomes unavailable, digital identification is affected, and even POS terminals need to run on emergency power, which is limited in time, resulting in challenges in paying for food and beverages. Examples of Advanced Persistent Threats (APTs) targeting energy infrastructures include Triton, which in 2017 aimed to manipulate the safety systems of a petrochemical plant in Saudi Arabia, potentially leading to catastrophic physical consequences. Another significant incident is the Industroyer2 malware attack in 2022, which targeted a Ukrainian energy provider in an attempt to disrupt operations. The paper combines APT knowledge with energy infrastructure domain expertise, focusing on technical aspects while at the same time providing perspectives on societal consequences that could result from APTs.