According to German security experts, the cyber threat level is higher than ever. Especially companies and institutions from the energy industry are becoming targets of cyber criminals. 

DDoS attacks are experiencing a real boom. In this type of attack, servers, online services or entire networks are flooded with a large number of requests, which can lead to the complete failure of IT systems. But how dangerous is DDoS for the energy sector?

2022 shows vulnerability of energy systems

To anticipate, the severity of attacks will increase noticeably in 2022/23. It is precisely the constant digitalization thrust in all areas of life and the economy that opens up more and more attack surfaces for cyber criminals.

At the World Economic Forum, the participants came to the conclusion that a real “cyber storm” is brewing. Consequently, the current “Global Cybersecurity Outlook” also shows that 91 percent of internationally surveyed executives expect far-reaching and catastrophic cyber incidents in the coming years. According to a study published in the summer of 2022, the damage to the German economy alone is 203 billion euros.

Attacks on the Nord Stream pipelines in September 2022, as well as the Lithuanian energy company Ignitis Group, have brought the vulnerability of critical energy-focused infrastructure to the attention of a broad public. Almost all EU and NATO countries are affected and will continue to be the preferred target of cyber attackers in 2023.

The reason? Companies in Ukraine’s supporter countries are increasingly being attacked by pro-Russian hackers as “retaliation” for tank deliveries, soldier training and financial aid. The quality of the attacks is increasing and the methods used are becoming more professional.

DDoS attacks reach a new quality

Distributed denial of service is a cyber attack that attempts to overload a website or network resource by flooding it with malicious traffic so that it can no longer be operated.

The DDoS attacks averted according to Link11 data were shorter on average in 2022 than in the previous year, and at the same time their intensity increased – and with it the challenge for the companies or organizations attacked.

An analysis of the attacks registered in 2022 shows that the critical load in DDoS attacks was reached on average just 55 seconds after the attack began. In comparison, attacks in 2021 took an average of 184 seconds to reach their peak.

These “turbo attacks” already bring the network to its knees before defensive measures take effect. Moreover, these attacks and the methods used are constantly changing. Instead of randomly attacking businesses in the hope of success, highly targeted advanced and sophisticated DDoS attacks are now being used.

The DDoS threat level is growing. This is especially true for companies and institutions that belong to the critical infrastructure. While vaccination portals and hospitals were targeted in pandemic times, the attackers’ attention is shifting in parallel to other, more sensitive institutions such as companies within the energy sector:

Solar and wind parks, nuclear power plants, large electricity suppliers, gas suppliers or municipal utilities do not always have sufficient protection at the same time and are therefore predestined targets for hackers.

Energy supply is of central importance for the functioning of society and the economy. Increased and in some cases transnational networking of electricity grids, but also the use of smart grid technologies, create new attack vectors for cyber criminals today.

A successful attack on the energy supply can lead to significant disruptions in the power grid and, in the worst case, to a nationwide blackout. In 2015, this is exactly what happened in Ukraine.

Energy industry must complete its digital security tasks now

In their own interest, potential targets should therefore quickly develop the necessary digital resilience. Supply chains are also an important aspect within the energy sector in this context.

Many energy suppliers procure important components and services from third parties, such as software and hardware providers, engineering service providers or subcontractors. This can lead to vulnerabilities in the supply chain being exploited to penetrate the system. Cybersecurity must also be effective here.

In addition, outdated IT systems and insufficient cyber awareness among employees play a role. In addition to the installation of far-reaching protective mechanisms, it is also important to ensure the necessary awareness of digital attacks among employees. Even in particularly well-protected companies, a combination of inadequate protection mechanisms and insufficient awareness could lead to a DDoS attack with serious consequences that paralyses the energy supply.

About the author

Lisa Fröhlich is company spokesperson at Link11.