Part 2/3: Energy Under Siege : The Birth of the Invisible War
In the first article, we showed why energy infrastructure is vulnerable. This section explains how cyberattacks are already taking advantage of that weakness.
Energy infrastructure ensures the continuity of vital services and guarantees sovereignty on the international stage. In recent years, we have seen an increase in external threats to vulnerable sites highlighting a sensitive issue.
Energy infrastructure is becoming increasingly interconnected and digitized in order to improve performance and optimize operations. However, this digitization particularly with the deployment of technologies such as smart grids and SCADA systems, increases the risk of malicious interference aimed at disrupting internal systems or even destabilizing the international energy balance.
A McKinsey report published in 2023 indicated that 78% of companies in the energy sector had suffered at least one significant cyberattack in the past two years. These cyberattacks orchestrated by criminal groups states (the report Empowering Infrastructure Resilience, Evaluating Cyber Threats to Water and Electric Utilities asserts that nearly 60% of attacks originate from state-linked groups) or hacktivists have a specific goal.
The goal of these attacks is to access sensitive data on industrial networks and systems, either to prepare for future cyberattacks or to resell this information to criminal or state groups. Through such practices, malicious actors can gain access to confidential information about customers and partners, which can be resold on dark web platforms or simply used for blackmail. In most cases, this data is invaluable as it may relate to energy flows or information about contracts and pricing with partners. The ENISA report « Threat Landscape 2025 »(EU) and the ANSSI report « Cyber Threat Overview 2024 » highlight these issues. In reality, an attack targeting these critical sites is not only aimed at stealing data but also at destabilizing internal structures or the transport network.
In 2021, Colonial Pipeline fell victim to a ransomware group specializing in this field, which led to a data leak that suspended transportation for six days, causing a fuel shortage on the east coast of the United States. The solution required to restore the structures was the payment of a 4.4 million $ ransom. Earlier in 2017, the triton malware targeted a Saudi petrochemical facility by attempting to disable its safety systems an unprecedented move that exposed the risk of cyberattacks escalating into physical industrial disasters.
This scenario is not insignificant, but it left a lasting impression by demonstrating that energy infrastructure was vulnerable and that we needed to take precautions and invest heavily in security.
Part three is coming soon written by Hassley Adras !
To read part 1 written by Léane Gabellec : https://blog.bio-ressources.com/2026/02/03/energy-under-siege-the-birth-of-the-invisible-war/
Source :
The ENISA report « Threat Landscape 2025 » : https://www.enisa.europa.eu/sites/default/files/2025-10/ENISA%20Threat%20Landscape%202025_0.pdf
The ANSSI report « Cyber Threat Overview 2024 » : https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-CTI-004.pdf
Colonial Pipeline : https://en.wikipedia.org/wiki/Colonial_Pipeline_ransomware_attack and https://www.cisa.gov/news-events/news/attack-colonial-pipeline-what-weve-learned-what-weve-done-over-past-two-years
Triton Cyber attack in 2017 : https://en.wikipedia.org/wiki/Triton_(malware)
The report « Cyber Resilience in the Energy Sector » from McKinsey (2023)
