Atlantic Council GLOBAL ENERGY CENTER
ISSUE BRIEF DECEMBER 2021
Cybersecurity Concerns For The Energy Sector In The Maritime Domain DR. IAN RALBY ANDY BOCHMAN
The Scowcroft Center for Strategy and Security works to develop sustainable, nonpartisan strategies to address the most important security challenges facing the United States and the world. The Center honors General Brent Scowcroft’s legacy of service and embodies his ethos of nonpartisan commitment to the cause of security, support for US leadership in cooperation with allies and partners, and dedication to the mentorship of the next generation of leaders. The Cyber Statecraft Initiative works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology. This work extends through the competition of state and non-state actors, the security of the internet and computing systems, the safety of operational technology and physical systems, and the communities of cyberspace. The Initiative convenes a diverse network of passionate and knowledgeable contributors, bridging the gap among technical, policy, and user communities.
EXECUTIVE SUMMARY The world has seen a number of high-profile maritime disasters in recent months and years, and has felt the impact of them. Over that same period, the world has seen a number of high-profile cyberattacks and felt their impact, as well. Combined, the maritime and cyber incidents have likely affected the energy sector more than any other: fuel prices often spike or plummet, and access to energy resources can become an instant source of concern, tension, or even conflict. As a wide spectrum of energy companies continue to rely on the maritime domain or even increase that reliance, they must be mindful that traditional maritime threats—like piracy, theft, and weather events—are not the only threats they face today. Maritime cybersecurity concerns are among the most potentially disruptive to energy-sector interests, and yet are among the least understood and addressed. This paper identifies ten areas in which the energy-sector faces harmful cyber vulnerabilities in the maritime domain, and seeks to provide enough insight and examples to allow for actions to reduce the risk of harm from these various vulnerabilities. The paper develops the example of offshore wind energy to model how to assess cyber considerations more fully. Ultimately, it concludes with a series of ten recommendations that offer steps for policy makers, energy-sector actors, and security and law-enforcement professionals to minimize the exposure of the maritime energy sector to harmful cyberattacks. This analysis looks at a wide spectrum of maritime cyber concerns and how they could compromise the energy sector. These concerns include human error or hu-