Energy Transition

Why the energy sector's latest cyberattack in Europe matters

Holding tanks are seen in an aerial photograph at Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland, U.S. A cyberattack occurred there in May 2021.

Holding tanks at Dorsey Junction Station of the Colonial Pipeline, which suffered a cyberattack in May 2021 Image: REUTERS/Drone Base

Alexander Klimburg
Filipe Beato
Lead, Centre for Cybersecurity, World Economic Forum
Maciej Kolaczkowski
Manager, Advanced Energy Solutions Industry, World Economic Forum
Our Impact
What's the World Economic Forum doing to accelerate action on Energy Transition?
The Big Picture
Explore and monitor how Energy Transition is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:

Energy Transition

Listen to the article

  • A cyberattack on Amsterdam-Rotterdam-Antwerp (ARA) may have reverberating consequences on business operation and the economy across Europe.
  • Ransomware attacks have risen 150% in the last year and are increasingly successful with conventional defenses often inadequate.
  • Increased information sharing, partnerships and collaboration is needed to build out cyber hygiene measures in the face of these increasing destructive cyberattacks.

A cyberattack on the major European oil refining hubs of Amsterdam-Rotterdam-Antwerp (ARA) has considerably disrupted the loading and unloading of refined product cargoes amid a continental energy crisis.

The disruption could see further cascading effects, with potentially larger societal and economic impacts across all European countries. This follows a similar attack on two German firms that led to minor disruption on petrol supplies in northern Germany.

Have you read?

Why does it matter?

Early reports indicate that a type of ransomware was use in the attacks in Germany. Ransomware attacks grew 150% in the past year and can cause considerable damage even in well-supplied and stable markets. The recent attack rings similar to the US Colonial Pipeline incident last year, when an American pipeline suffered a ransomware attack with considerable disruptions to supply in parts of the US East Coast.

The cyber attack on ARA initially appears to compound an already difficult situation for European energy markets. Oil and gas inventories are low and prices are at levels not seen for years. As a result, it will likely increase the level of stress in the system more so than its actual physical impact. Further, these attacks and the disruptions occur in a time of geopolitical crisis, increasing the chances of wider inadvertent political escalation.

The kinetic impact to society-at-large of having an infrastructure breakdown due to a cyberattack is also highlighted by the incident. These attacks were listed as one of the top three concerns of cyber leaders in the 2022 Global Cyber Outlook report.

Precedential attacks

The current attack is not the first vulnerability exposed by cyberattacks on critical energy infrastructure. For example, the US Colonial Pipeline ransomware attack in May 2021 led to the shutdown of 5,500 miles of pipeline carrying around 45% of fuel supplies on the East Coast.

Other recent cyberattacks, like those on a Florida water plant in February 2021 and a Solarwinds software provider in 2020, further emphasize that the success of these attacks depend on the shortcomings of defensive measures. There's also a clear need to secure legacy systems, inadequately protected due to rapid digitalization and their connection to the internet, despite such connectivity not being envisaged in their original design.

Profound impacts

These attacks can potentially disrupt critical infrastructures that deliver foundational support to current economies and functional societies. They could also drive government action on the importance of cybersecurity. For instance, after the US Colonial Pipeline affair, US President Joe Biden signed an executive order to strengthen cybersecurity across the federal government and critical infrastructures. The Cybersecurity and Infrastructure Security Agency recently circulated advance warnings on threats to critical infrastructure in the US, with concrete recommendations and suggestions.

As cyber threats become more sophisticated, the current digital transformation across the industry exposes critical infrastructure and the entire oil and gas supply chain to cyber risks with potential future safety and environmental impacts and disruptions to business operations.


Major trends

Protection against these cyber threats is increasingly challenging in the face of growing attack surfaces, the proliferation of offensive cyber capabilities, and shortfalls in international cooperation.

There are, therefore, three significant trends facing the industry:

– The expansion and convergence of the digital threat landscape between IT and OT (operational technology), with greater connectivity of the critical infrastructure and rapid adoption of emerging technologies to speed up the business model transformation.

– The rise and complication of supply chain attacks in securing global oil and gas operating environments with the highly interconnected environment of partners, joint ventures and suppliers where cyber hygiene is siloed and responsibility shared across diverse priorities.

– The escalation of cyber-attacks in the industry threatens business operations and public safety, as stressed by 80% of cyber leaders on the Cybersecurity Outlook report.

What can we do?

The industry should act now to mitigate future disruptions caused by cyber-attacks similar to the ARA incident.

To help in this effort, the World Economic Forum’s Cyber Resilience in the Oil and Gas Community conveys 60+ cyber leaders from the industry to help strengthen the cyber resilience of the oil and gas sector. The community has developed and shaped the following guiding principles, providing the first step to help senior leaders take action on cyber resilience:

– Establish a comprehensive cybersecurity governance model.

– Promote security and resilience-by design culture.

– Increase the visibility of third parties' risk posture and consider broader ecosystem impact.

– Implement holistic risk management and defence mechanisms with effective preventive, monitoring, response and recovery capabilities.

– Prepare and test a resilience plan based on a list of predefined scenarios to mitigate the impact of an attack.

– Strengthen international public-private collaboration between all stakeholders in the industry.

To find out more, you can read about the Centre for Cybersecurity's project on Cyber Resilience in Oil and Gas and about the Partnership against Cyber-Crime. For further insights, check out the recent Global Cybersecurity Outlook report.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Related topics:
Energy TransitionCybersecurity
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Critical minerals demand has doubled in the past five years – here are some solutions to the supply crunch

Emma Charlton

May 16, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum