Cyber Warfare Is the New Oil Embargo


The most chilling horror movie I ever saw — the one that really stays with me — is a low-budget, mid-1980s effort by the BBC about nuclear war called “Threads.” The title refers to all the delicate linkages upon which modern society relies, ranging from power lines to respect for the law to common speech, which collapse after the unthinkable happens.

Almost 40 years on, our interconnectedness is even more pronounced, but you don’t need the Bomb to unravel vital networks. The proverbial 400-pound hacker tapping away in bed is our post-modern ICBM. This weekend’s shutdown of the Colonial Pipeline, a major oil artery linking the Gulf Coast to East Coast markets, doesn’t spell Armageddon, of course. Provided the situation is resolved quickly, disruption to energy markets should be as minimal as when shutdowns occurred in 2016. Certainly, cars were not lining up to stockpile gas in my corner of New York on Saturday.

One wonders if there would have been more alarm if, instead of “major pipeline shut down by cyberattack,” the headline instead was “OPEC+ announces oil embargo against U.S.” We still tend to think about energy security in that way: bogeymen blocking foreign fuel supplies best countered by pursuing  “independence” or even “dominance.” But no amount of Permian oil helps drivers in New York if the pipeline between them is held hostage by ransomware. While there are more questions than answers at this point about what happened to Colonial, this is the first observation: Having your own energy supply provides some security, but if your thinking stops there, you’re stuck in the 1970s. Texas’ recent energy crisis didn’t reflect a lack of energy per se but a complex (and sometimes self-reinforcing) cascade of breakdowns in the network of equipment providing it.

Even with the benefit of higher domestic oil and gas production, the importance — and vulnerability — of energy networks is becoming more of a crucial issue in the 21st century. If all we cared about was making sure each molecule or electron came with a “Made in U.S.A.” sticker, we would burn as much coal as we could. Economics and pollution, including carbon dioxide, get in the way.

In transitioning to a low- or zero-carbon energy system, the primary issue is cost: Fuel and climate savings come after the upfront investment in new equipment. And just as the pioneers of our electricity grid discovered a century ago, the best way to minimize that cost is to maximize the use of every power plant and other piece of equipment by linking them together with as many customers as possible. In short, there can be no energy transition without denser, smarter networks. That doesn’t just mean more high-voltage transmission lines but also more esoteric novelties such as vehicle-to-grid charging — amplifying the return on investment but also magnifying our vulnerability to web-borne attacks.

That security angle might conceivably provide a means for President Joe Biden to win over some skeptics. We may argue about what exactly constitutes “infrastructure,” but the need to protect whatever we build against attack is just common sense. The need for investment in protecting pipeline systems and charging networks alike against cyberattack could provide scope for agreement. On the other hand, there is at least as much potential for any prolonged Colonial outage, and associated pump-price increases, to reinforce positions fixated on expanding fossil-fuel supply on one side and those advocating renewables — especially distributed assets — on the other. Apart from anything else, infrastructure is outrage.

Possibly the only thing that would suppress this natural urge to blame the other side of the aisle would be the emergence of credible evidence that a foreign state was behind the attack. If so, it would represent a significant escalation. Americans can apparently live with bad actors messing with our election systems, but woe betide the foreign agent tying a knot in the gas pump. The situation is a little like the old paradigm of mutually assured destruction that “Threads” dramatized. Every major power knows there is the potential to knock out an adversary’s power grid or some other vital network, but the consequences of such an attack — ranging from inconvenience to mass fatalities — keep such impulses in check.

If some other state actor has crossed that line, the U.S. reaction is likely to be significant, risking further escalation when the president is already framing his infrastructure and climate policies in terms of great-power competition. As of now, it seems as if Colonial is the victim of a ransomware attack. But while that suggests some private criminal enterprise at work, the lines between mere cybercrime and outright cyber warfare are very fuzzy in terms of who is carrying out work for whom and how information gets shared, with North Korea being a prime example. Meanwhile, the latest threat assessment from the Office of the Director of National Intelligence, published a month ago, warns specifically that “Russia continues to target critical infrastructure,” with its cyber capabilities, including “industrial control systems.” 

The best-case scenario is that some online crook has overreached. Even then, the implication of what’s possible should generate a ton of fallout.

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

Liam Denning is a Bloomberg Opinion columnist covering energy, mining and commodities. He previously was editor of the Wall Street Journal's Heard on the Street column and wrote for the Financial Times' Lex column. He was also an investment banker.

©2021 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.